Hatty AI

DeepSeek is a Chinese artificial intelligence startup that has seen a meteoric increase in popularity over the past few days. However, one of its databases was left exposed on the Internet, which could have given malicious actors access to sensitive information. Wiz security researcher Gal says that the ClickHouse database allows “full control over database […]

The job of an SOC analyst was never easy. Analysts (and sometimes IT teams that double as SecOps), who are faced with an overwhelming daily flood of alerts, must triage thousands of alerts – often false positives – just to identify a few real threats. This 24/7 work can lead to alert fatigue, desensitization and

Researchers in cybersecurity have revealed a critical flaw that could have led to remote code execution if exploited. Noma, an application security firm, said that the vulnerability, which has a CVSS rating of 9.4, allows “attackers to potentially run arbitrary commands as root” by exploiting a URL parameter hidden in the URL.

A law enforcement operation conducted internationally has dismantled domains linked to various online platforms that are linked to cybercrime, such as Cracked Nulled Sellix and StarkRDP. The effort, which took between January 28 and 30 2025, focused on the following domains: www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io These websites now greet visitors with a

Google’s artificial intelligence (AI), powered by 57 distinct threat actors, including those with ties to China Iran North Korea and Russia, has been observed to be used to enhance their malicious cyber- and information operations. Google Threat

Broadcom has released five security updates that address vulnerabilities in VMware Aria Operations, Aria Operations for Logs and Aria Operations. Customers are warned that attackers may exploit these flaws to gain elevated access to the system or obtain sensitive data. Below is a list of known flaws that affect versions 8.x and earlier of the

Google has announced that it will block over 2.36 millions Android apps that violate its policies from being published on the Google Play app store in 2024. It also banned more than 158,000 bad developers accounts who attempted to publish these harmful apps. The tech giant noted that it also prevented 1.3 millions apps from

Cybersecurity researchers have drawn attention to an attack on the software supply chain that targets the Go ecosystem. The malicious package can grant the adversary remote control of infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) has been published to

Cybersecurity researchers have revealed details of a vulnerability that has been patched in the Microsoft SharePoint connector for Power Platform. If exploited successfully, it could allow threat actors access to a user’s credentials, and then launch further attacks. This could manifest as post-exploitation actions, which allow the attackers to send requests to SharePoint API on