Backdoor plugin hijacks WordPress sites with admin access, stealth reinfection, and JS ad fraud—active since Jan 2025.
Category: security
Unmanned aerial vehicles (UAVs), commonly known as drones, have already proved to be valuable tools for a wide range of applications, ranging from film and entertainment production to defense and security, agriculture, logistics, construction and environmental monitoring. While these technologies are already widely used in many countries worldwide, engineers have been trying to enhance their capabilities further so that they can be used to tackle even more complex problems.
Researchers at Pohang University of Science and Technology and the Agency for Defense Development (ADD)’s AI Autonomy Technology Center in South Korea recently developed a drone with foldable wings that could be more maneuverable than conventional drones. Their drone draws inspiration from the winged flying squirrel, a type of squirrel that uses loose flaps of skin attached from their wrists to their ankles to glide from tree to tree.
“The flying squirrel drone is inspired by the movements of flying squirrels, particularly their ability to rapidly decelerate by spreading their wings just before landing on trees,” Dohyeon Lee, Jun-Gill Kang and Soohee Han, co-authors of the paper, told Tech Xplore. “We initiated this research with the belief that, like flying squirrels, drones could expand their dynamic capabilities by utilizing aerodynamic drag.”
75 zero-days exploited in 2024, with 44% hitting enterprise tools and 34 tied to threat groups.
WhatsApp launches Private Processing using CVM and OHTTP, ensuring AI-driven message privacy and auditable security.
Multiple AI jailbreaks and tool poisoning flaws expose GenAI systems like GPT-4.1 and MCP to critical security risks.
Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures.
The announcement comes after OffSec lost the old repo signing key (ED444FF07D8D0BF6) and was forced to create a new one (ED65462EC8D5E4C5) signed by Kali Linux developers using signatures available on the Ubuntu OpenPGP key server. However, since the key was not compromised, the old one was not removed from the keyring.
When trying to get the list of latest software packages on systems still using the old key, users will see “Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature” errors.
ARMO shows io_uring-based rootkits evade Falco, Tetragon, and Defender, risking Linux runtime security.
In a new Nature Communications study, researchers have developed an in-memory ferroelectric differentiator capable of performing calculations directly in the memory without requiring a separate processor.
The proposed differentiator promises energy efficiency, especially for edge devices like smartphones, autonomous vehicles, and security cameras.
Traditional approaches to tasks like image processing and motion detection involve multi-step energy-intensive processes. This begins with recording data, which is transmitted to a memory unit, which further transmits the data to a microcontroller unit to perform differential operations.
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it’s also in the process of migrating the Entra ID signing service as well.
The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to generate, store, and automatically rotate access token signing keys using the Azure Managed Hardware Security Module (HSM) service.
“Each of these improvements helps mitigate the attack vectors that we suspect the actor used in the 2023 Storm-0558 attack on Microsoft,” Charlie Bell, Executive Vice President for Microsoft Security, said in a post shared with The Hacker News ahead of publication.
Microsoft has released the optional KB5055612 preview cumulative update for Windows 10 22H2 with two changes, including a fix for a GPU paravirtualization bug in Windows Subsystem for Linux 2 (WSL2).
The KB5055612 cumulative update preview is part of Microsoft’s “optional non-security preview updates” schedule, typically released at the end of every month. This update allows Windows admins to test upcoming fixes and features that will be released in the upcoming May Patch Tuesday.
Unlike Patch Tuesday cumulative updates, this preview update does not include security updates.