Lucene search
+L
ThnMost viewed

20917 matches found

The Hacker News
The Hacker News
added 2018/08/23 9:41 a.m.82 views

New Android Malware Framework Turns Apps Into Powerful Spyware

Security researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities—as part of what seems to be a targeted espionage campaign. Legitimate Android applications when bundled...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2018/07/05 10:28 a.m.82 views

Password-Guessing Was Used to Hack Gentoo Linux Github Account

Maintainers of the Gentoo Linux distribution have now revealed the impact and "root cause" of the attack that saw unknown hackers taking control of its GitHub account last week and modifying the content of its repositories and pages. The hackers not only managed to change the content in compromis...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2016/11/09 6:12 a.m.82 views

Microsoft Patches Windows Zero-Day Flaw Disclosed by Google

Microsoft was very upset with Google last week when its Threat Analysis Group publically disclosed a critical Windows kernel vulnerability CVE-2016-7255 that had yet to be patched. The company criticized Google's move, claiming that the disclosure of the vulnerability, which was being exploited i...

7.2CVSS7.7AI score0.80968EPSS
Exploits24
The Hacker News
The Hacker News
added 2013/03/20 3:30 a.m.82 views

HDFC Bank website vulnerable to ID Theft and Account Blockade

Indian Security Researcher Jiten Jain from Xebia Architects today revealed that one of the Largest Private Banks in India, HDFC Bank’s e-Banking website could be easy target of Unique type of Denial of Service Attack which could result in blocking of e-banking accounts of all its customers. Here ...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/10 5:35 a.m.81 views

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 CVSS score: 7.5, has been described as a spoofing flaw that affects the...

9.1CVSS6.3AI score0.19534EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/08/06 6:12 a.m.81 views

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-3697...

8.8CVSS8AI score0.73185EPSS
Exploits7
The Hacker News
The Hacker News
added 2024/02/26 4:57 a.m.81 views

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown

The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TO...

9.8CVSS9.4AI score0.08003EPSS
Exploits3
The Hacker News
The Hacker News
added 2024/01/10 5:26 a.m.82 views

Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities

Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at...

8.8CVSS9.7AI score0.17168EPSS
Exploits3
The Hacker News
The Hacker News
added 2023/04/24 6:5 a.m.81 views

Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers

Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature ...

7.9AI score0.99999EPSS
Exploits24
The Hacker News
The Hacker News
added 2023/04/06 9:1 a.m.81 views

FBI Cracks Down on Genesis Market: 119 Arrested in Cybercrime Operation

A joint international law enforcement operation has dismantled Genesis Market, an illegal online marketplace that specialized in the sale of stolen credentials associated with email, bank accounts, and social media platforms. Coinciding with the infrastructure seizure, the major crackdown, which...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/14 1:3 p.m.81 views

New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders

Entities located in East and Southeast Asia as well as Ukraine have been targeted at least since 2020 by a previously undocumented subgroup of APT41, a prolific Chinese advanced persistent threat APT. Cybersecurity firm Trend Micro, which christened the espionage crew Earth Longzhi, said the...

7.8CVSS0.1AI score0.18188EPSS
Exploits5
The Hacker News
The Hacker News
added 2022/06/10 7:3 a.m.81 views

Researchers Disclose Critical Flaws in Industrial Access Controllers from HID Mercury

As many as four zero-day security vulnerabilities have been disclosed in the HID Mercury access controller system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and loc...

10CVSS0.5AI score0.02323EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/04/07 5:49 a.m.81 views

VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products

VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from CVE-2022-22954 to CVE-2022-22961 CVSS scores: 5.3 - 9.8, the issues impact VMware Workspace ONE Access, VMware Identity...

10CVSS1.3AI score0.99997EPSS
Exploits39
The Hacker News
The Hacker News
added 2022/03/10 2:29 p.m.81 views

New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs

Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to bre...

5.6CVSS1.3AI score0.74041EPSS
Exploits9
The Hacker News
The Hacker News
added 2021/07/03 7:37 a.m.81 views

Learn to Code — Get 2021 Master Bundle of 13 Online Courses @ 99% OFF

Whether you are looking to turn into a full-time developer or simply increasing your earnings in your current niche, learning to code can be a smart move. It is a well-known fact that recruiters strive to recruit people with technical skills, and these skills are a great way to build your own...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/30 7:10 a.m.81 views

GitHub Launches 'Copilot' — AI-Powered Code Completion Tool

GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot, as the code synthesizer is called, has been...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/07 4:24 a.m.81 views

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/04/09 10:17 a.m.81 views

7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic

In our previous stories, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of your money. Unfortunately, to some extent, it's...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/03/10 4:30 p.m.81 views

LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk

It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data...

5.6CVSS0.1AI score0.0104EPSS
Exploits1
The Hacker News
The Hacker News
added 2019/12/20 1:18 p.m.81 views

Apple Opens Its Invite-Only Bug Bounty Program to All Researchers

As promised by Apple in August this year, the company today finally opened its bug bounty program to all security researchers, offering monetary rewards to anyone for reporting vulnerabilities in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its launch three years ago,...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2019/12/13 10:21 a.m.81 views

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites

Attention WordPress users! Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/11/23 9:21 a.m.81 views

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system. VNC virtual network computing is an open...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/01/16 10:56 a.m.81 views

Fortnite Flaws Allowed Hackers to Takeover Gamers' Accounts

Check Point researchers have discovered multiple security vulnerabilities in Fortnite, a massively popular online battle game, one of which could have allowed remote attackers to completely takeover player accounts just by tricking users into clicking an unsuspectable link. The reported Fortnite...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/02 8:50 a.m.81 views

3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million Credit Cards

Three members of one of the world's largest cybercrime organizations that stole over a billion euros from banks across the world over the last five years have been indicted and charged with 26 felony counts, the Justice Department announced on Wednesday. The three suspects are believed to be...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/01/31 3:19 a.m.81 views

Update Your Firefox Browser to Fix a Critical Remotely Exploitable Flaw

Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser. The update comes just a week after the company rolled out its new Firefox...

7.6AI score0.01013EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/12/19 8:25 a.m.80 views

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access DMA attacks across architectures that implement a Unified Extensible Firmware Interface UEFI and...

7CVSS6.8AI score0.00323EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/07/02 4:48 a.m.80 views

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 CVSS score: 6.0, concerns a case of command injection that allows an authenticated, local...

9.8CVSS6.7AI score0.82714EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/06/08 7:35 a.m.80 views

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP...

9.8CVSS8.2AI score0.99998EPSS
Exploits101
The Hacker News
The Hacker News
added 2024/01/16 1:39 p.m.80 views

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service DoS condition and remote code execution RCE. "The two issues are fundamentally the same but exploitable at differen...

9.8CVSS10AI score0.57324EPSS
Exploits3
The Hacker News
The Hacker News
added 2024/01/10 4:50 a.m.80 views

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added six security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. This includes CVE-2023-27524 CVSS score: 8.9, a high-severity vulnerability impacting the Apache Superset...

9.8CVSS7.3AI score0.99988EPSS
Exploits65
The Hacker News
The Hacker News
added 2023/12/04 6:53 a.m.80 views

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks

The Unified Extensible Firmware Interface UEFI code from various independent firmware/BIOS vendors IBVs has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, "can ...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/23 5:46 a.m.80 views

N. Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack

A North Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed by a Taiwanese multimedia software developer called CyberLink to target downstream customers via a supply chain attack. "This malicious file is a...

9.8CVSS9.9AI score0.99979EPSS
Exploits17
The Hacker News
The Hacker News
added 2023/11/17 9:56 a.m.80 views

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index PyPI repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 package...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/14 6:3 a.m.80 views

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

The U.S. Cybersecurity and Infrastructure Security Agency CISA has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday added five...

9.8CVSS9.6AI score0.94205EPSS
Exploits28
The Hacker News
The Hacker News
added 2023/09/08 11:27 a.m.81 views

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that...

7.8CVSS7.9AI score0.15263EPSS
Exploits3
The Hacker News
The Hacker News
added 2023/02/13 3:31 p.m.80 views

Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players' Systems

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena MOBA video game that could have been exploited to establish backdoor access to players' systems. The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 CVSS...

8.8CVSS1AI score0.36238EPSS
Exploits2
The Hacker News
The Hacker News
added 2023/01/17 2:12 p.m.80 views

Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access

Four different Microsoft Azure services have been found vulnerable to server-side request forgery SSRF attacks that could be exploited to gain unauthorized access to cloud resources. The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/05 8:35 a.m.80 views

Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

Cybersecurity researchers have uncovered 29 packages in Python Package Index PyPI, the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/04 1:43 p.m.80 views

Researchers Detail New Malware Campaign Targeting Indian Government Employees

The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions ...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/06 9:51 a.m.80 views

Bitter APT Hackers Continue to Target Bangladesh Military Entities

Military entities located in Bangladesh continue to be at the receiving end of sustained cyberattacks by an advanced persistent threat tracked as Bitter. "Through malicious document files and intermediate malware stages the threat actors conduct espionage by deploying Remote Access Trojans,"...

9.3CVSS0.3AI score0.95121EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/10/20 7:20 a.m.80 views

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices

Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism. Tracked as CVE-2021-42299 CV...

6.1CVSS2.1AI score0.00733EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/04/29 3:15 p.m.80 views

A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack. Tracked as CVE-2021-29472, the security issue...

8.8CVSS0.9AI score0.04849EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/04/19 10:21 a.m.80 views

Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE project...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/16 5:35 a.m.80 views

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown

Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/01 4:50 a.m.80 views

Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but no...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/10 4:2 p.m.80 views

Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software

Cisco has once again fixed four previously disclosed critical bugs in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks. The vulnerabilities, if successfully exploited, could allow an authenticated, remote attacker to...

9.9CVSS0.2AI score0.62119EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/12/08 6:31 a.m.80 views

Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams

A zero-click remote code execution RCE bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system. The issues were reported to the Windows maker by Oskars Vegeris, a security...

7.8CVSS2.5AI score0.01831EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/03/24 8:6 p.m.80 views

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as...

8.1CVSS0.6AI score0.01588EPSS
Exploits3
The Hacker News
The Hacker News
added 2020/01/07 3:1 p.m.80 views

Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020?

January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/12/04 8:16 a.m.80 views

Europol Shuts Down Over 30,500 Piracy Websites in Global Operation

In a coordinated global law enforcement operation, Europol has taken down more than 30,500 websites for distributing counterfeit and pirated items over the Internet and arrested three suspects. Among other things, the seized domains reportedly offered various counterfeit goods and pirated product...

0.7AI score
Exploits0
Total number of security vulnerabilities5000