The Hacker News

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.

Education system under threat? Questions raised over CBSE marking system after glitch found

Cybersecurity researcher Nisarga Adhikary, 19, claimed a CBSE test portal had a master password that bypassed OTPs, letting users alter student marks. CBSE denied any main system breach, stating the ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open ...

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

Did 19-year-old Nisarga Adhikary hack CBSE OSM portal? Claims, counterclaims explained

Nisarga Adhikary claimed he had hacked the CBSE website and identified serious lapses in the agency's On Screen Marking (OSM) ...

'Anyone Could Edit Marks': 19-Year-Old Ethical Hacker Alleges Major Security Flaws In CBSE ...

Amid mounting student complaints over CBSE’s new On-Screen Marking system, a Class 12 student and cybersecurity researcher ...

CBSE OSM Portal Had Critical Vulnerabilities, Ethical Hacker Tells NDTV

Adhikari claimed that by combining these flaws, an attacker could potentially take over examiner accounts, view assigned answer scripts, modify marks, and interfere with the evaluation process.
The Hacker News

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.