Lucene search
+L
ThnMost viewed

20919 matches found

The Hacker News
The Hacker News
added 2014/06/07 12:29 a.m.84 views

Linux Kernel Vulnerable to Privilege Escalation and DoS Attack

Multiple flaws have been identified in Linux Kernel and related software could allow hackers to hack your Linux machines, shared hosting and websites hosted on them. PRIVILEGE ESCALATION VULNERABILITY IN LINUX KERNEL A privilege escalation vulnerability has been identified in the widely used Linu...

7.2CVSS8AI score0.37233EPSS
Exploits23
The Hacker News
The Hacker News
added 2025/02/18 3:34 p.m.83 views

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle MitM and a denial-of-service DoS attack, respectively, under certain conditions. The vulnerabilities, detailed by the...

8.1CVSS8.1AI score0.99506EPSS
Exploits74
The Hacker News
The Hacker News
added 2024/04/28 1:52 p.m.83 views

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Identity and access management IAM services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential pro...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/16 1:39 p.m.83 views

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by...

9.3CVSS8.2AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2024/02/09 4:32 p.m.83 views

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the...

8.4CVSS7.9AI score0.78376EPSS
Exploits32
The Hacker News
The Hacker News
added 2023/10/10 5:52 a.m.83 views

Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month, said adversaries exploited "CVE-2023-3519 to attack unpatched NetScaler Gateways to...

10CVSS8.5AI score0.99445EPSS
Exploits18
The Hacker News
The Hacker News
added 2023/08/17 2:26 p.m.83 views

New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode

Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/27 8:20 a.m.83 views

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

9.8CVSS8.9AI score0.99999EPSS
Exploits37
The Hacker News
The Hacker News
added 2023/04/18 7:10 a.m.83 views

LockBit Ransomware Now Targeting Apple macOS Devices

Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple's macOS operating system. The development, which was reported by the MalwareHunterTeam over the weekend, appears to be the first time a big-game ransomware crew has...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/19 4:30 a.m.83 views

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products

Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782, are both rated 9 out of 10 on the CVSS vulnerability scoring system...

9.8CVSS3.7AI score0.99077EPSS
Exploits27
The Hacker News
The Hacker News
added 2022/09/14 2:4 p.m.83 views

Lorenz Ransomware Exploit Mitel VoIP Systems to Breach Business Networks

The operators behind the Lornenz ransomware operation have been observed exploiting a now-patched critical security flaw in Mitel MiVoice Connect to obtain a foothold into target environments for follow-on malicious activities. "Initial malicious activity originated from a Mitel appliance sitting...

10CVSS1.4AI score0.56556EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/02/18 8:37 a.m.83 views

New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager

Multiple security vulnerabilities have been disclosed in Canonical's Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating syste...

8.8CVSS1.5AI score0.01561EPSS
Exploits8
The Hacker News
The Hacker News
added 2022/01/10 2:35 p.m.83 views

Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries

A study of 16 different Uniform Resource Locator URL parsing libraries has unearthed inconsistencies and confusions that could be exploited to bypass validations and open the door to a wide range of attack vectors. In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Snyk,...

7.6CVSS7.3AI score0.06053EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/10/20 8:16 a.m.83 views

OWASP's 2021 List Shuffle: A New Battle Plan and Primary Foe

Code injection attacks, the infamous king of vulnerabilities, have lost the top spot to broken access control as the worst of the worst, and developers need to take notice. In this increasingly chaotic world, there have always been a few constants that people could reliably count on: The sun will...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/18 4:0 p.m.83 views

Why Database Patching Best Practice Just Doesn't Work and How to Fix It

Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions. But anyone who's spent any amount of time maintaining systems will know that patchin...

10CVSS8.8AI score0.6773EPSS
Exploits17
The Hacker News
The Hacker News
added 2021/07/17 12:33 p.m.83 views

Instagram Launches 'Security Checkup' to Help Users Recover Hacked Accounts

Instagram earlier this week introduced a new "Security Checkup" feature that aims to keep accounts safe and help users—whose accounts may have been compromised—to recover them. In order to gain access to accounts, users will be prompted to perform a series of steps, which include checking recent...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/10 10:51 a.m.83 views

Emerging Ransomware Targets Dozens of Businesses Worldwide

An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomwar...

7.5CVSS1AI score0.99906EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/04/24 8:9 a.m.83 views

Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs

Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/09 8:5 a.m.83 views

Microsoft Exchange Hackers Also Breached European Banking Authority

The European Banking Authority EBA on Sunday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to temporarily take its email systems offline as a precautionary measure. "As the vulnerability is related to the EBA's email servers, access to personal da...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/17 10:28 a.m.83 views

Software Supply-Chain Attack Hits Vietnam Government Certification Authority

Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority VGCA that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, t...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/25 7:14 a.m.83 views

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication 2FA protection on an account. The issue, tracked as "SEC-575" and discovered...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/12/16 1:11 p.m.83 views

5 Reasons Why Programmers Should Think like Hackers

Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It's a meticulous process that cannot be completed without going through all the essential points. In all of these,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/11/19 1:35 p.m.83 views

Louisiana State Government Hit by Ransomware Attack Forcing Server Shutdowns

Targeted ransomware attacks on banking and finance, government, healthcare, and critical infrastructure are on the rise, with the latest victim being the state government of Louisiana. The state government of Louisiana was hit by a large-scale coordinated ransomware attack yesterday, which forced...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/09/17 12:5 p.m.83 views

Thousands of Google Calendars Possibly Leaking Private Information Online

"Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?" Remember this security warning? No? If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/09/11 7:41 a.m.83 views

Mozilla Launches 'Firefox Private Network' VPN Service as a Browser Extension

Mozilla has officially launched a new privacy-focused VPN service, called Firefox Private Network, as a browser extension that aims to encrypt your online activity and limit what websites and advertisers know about you. Firefox Private Network service is currently in beta and available only to...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/06/19 9:0 p.m.83 views

Gain the Trust of Your Business Customers With SOC 2 Compliance

In today's business environment, data is what matters most. It matters to organizations that monetize it into operational insights and optimisations, and it matters the threat actors that relentlessly seek to achieve similar monetisation by compromising it. In the very common scenario in which...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/04/01 3:7 p.m.83 views

How Endpoint Management Can Keep Workplace IT Secure

Workplaces have become highly connected. Even a small business could have dozens of devices in the form of desktops, mobile devices, routers, and even smart appliances as part of its IT infrastructure. Unfortunately, each of these endpoints can now be a weak link that hackers could exploit. Hacke...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/13 9:57 a.m.83 views

Researchers Implant "Protected" Malware On Intel SGX Enclaves

Cybersecurity researchers have discovered a way to hide malicious code in Intel SGX enclaves, a hardware-based memory encryption feature in modern processors that isolates sensitive code and data to protect it from disclosure or modification. In other words, the technique allows attackers to...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/19 6:47 p.m.83 views

Over 20 Million Users Installed Malicious Ad Blockers From Chrome Store

If you have installed any of the below-mentioned Ad blocker extension in your Chrome browser, you could have been hacked. A security researcher has spotted five malicious ad blockers extension in the Google Chrome Store that had already been installed by at least 20 million users. Unfortunately,...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2017/06/19 8:49 p.m.83 views

A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered

Update: Find working Exploits and Proof-of-Concepts at the bottom of this article. Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to...

6.2CVSS8.7AI score0.05186EPSS
Exploits3
The Hacker News
The Hacker News
added 2016/06/05 10:11 p.m.83 views

VK.com HACKED! 100 Million Clear Text Passwords Leaked Online

Another day, another Data Breach! Now, Russia's biggest social networking site VK.com is the latest in the line of historical data breaches targeting social networking websites. The same hacker who previously sold data dumps from MySpace, Tumblr, LinkedIn, and Fling.com, is now selling more than...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/02/05 3:45 a.m.82 views

New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw

The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report...

8.8CVSS9.4AI score0.88196EPSS
Exploits2
The Hacker News
The Hacker News
added 2023/10/18 12:27 p.m.82 views

Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms

Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 CVSS score: 9.4, the vulnerability impacts the following supported versions - NetScaler ADC and...

9.4CVSS8.1AI score0.99999EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/10/12 4:39 a.m.82 views

Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released

--- Image Source: JFrog Security Research Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows - CVE-2023-38545 CVSS score: 7.5 - SOCKS5 heap-based...

9.7AI score0.78483EPSS
Exploits6
The Hacker News
The Hacker News
added 2023/09/13 2:5 p.m.82 views

Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints

Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact...

8.2AI score0.11668EPSS
Exploits2
The Hacker News
The Hacker News
added 2023/08/24 11:12 a.m.82 views

WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders

A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch...

6.9AI score0.97798EPSS
Exploits50
The Hacker News
The Hacker News
added 2023/07/14 7:5 a.m.82 views

Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced," the...

9.1CVSS7AI score0.60034EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/05/27 8:10 a.m.82 views

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. "It has the potential to expand to other platforms as Bandit Stealer was developed using the Go...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/26 4:4 a.m.82 views

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway ESG appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection...

6.8AI score0.86956EPSS
Exploits3
The Hacker News
The Hacker News
added 2023/05/12 5:43 a.m.82 views

New Flaw in WordPress Plugin Used by Over a Million Sites Under Active Exploitation

A security vulnerability has been disclosed in the popular WordPress plugin Essential Addons for Elementor that could be potentially exploited to achieve elevated privileges on affected sites. The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2 that...

7.5AI score0.75531EPSS
Exploits8
The Hacker News
The Hacker News
added 2023/03/21 11:41 a.m.82 views

New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers

Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of a malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLa...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/14 5:34 p.m.82 views

Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month

Details have emerged about a now-patched security flaw in Windows Common Log File System CLFS that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 CVSS score: 7.8, the issue was addressed by Microsoft as part of its Patch Tuesday...

7.8CVSS0.2AI score0.28483EPSS
Exploits5
The Hacker News
The Hacker News
added 2022/08/03 4:49 a.m.82 views

VMware Releases Patches for Several New Flaws Affecting Multiple Products

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The issues, tracked from CVE-2022-31656 through CVE-2022-31665 CVSS scores: 4.7 - 9.8, impact...

1.2AI score0.18994EPSS
Exploits6
The Hacker News
The Hacker News
added 2022/07/29 3:19 a.m.82 views

Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation

A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild. The bug in question is CVE-2022-26138, which concerns the use of a...

1AI score0.9817EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/09/01 7:11 a.m.82 views

QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices

Network-attached storage NAS appliance maker QNAP said it's currently investigating two recently patched security flaws in OpenSSL to determine their potential impact, adding it will release security updates should its products turn out to be vulnerable. Tracked as CVE-2021-3711 CVSS score: 7.5 a...

9.8CVSS8.9AI score0.87816EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/06/04 1:3 p.m.82 views

10 Critical Flaws Found in CODESYS Industrial Automation Software

Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to achieve remote code execution on programmable logic controllers PLCs. "To exploit the vulnerabilities, an attacker does not need a username or...

9.8CVSS1.8AI score0.07356EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/03/27 9:14 a.m.82 views

Watch Out! That Android System Update May Contain A Powerful Spyware

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/03/06 8:43 p.m.82 views

This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. The vulnerability,...

7.1CVSS0.1AI score0.00362EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/06/06 12:34 p.m.82 views

Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers

Are you using Komodo's Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also unauthorisedly transferred overnight to a new address? If yes, don't worry, it's probably safe, and if you are lucky, you will get your funds back. Here's what exactly happened… Komodo, a...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/03/26 2:14 p.m.82 views

New Settings Let Hackers Easily Pentest Facebook, Instagram Mobile Apps

Facebook has introduced a new feature in its platform that has been designed to make it easier for bug bounty hunters to find security flaws in Facebook, Messenger, and Instagram Android applications. Since almost all Facebook-owned apps by default use security mechanisms such as Certificate...

0.5AI score
Exploits0
Total number of security vulnerabilities5000