Lucene search
+L
ThnMost viewed

20924 matches found

The Hacker News
The Hacker News
added 2025/04/27 5:2 a.m.75 views

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface CLI tool that is being used by a wide range of...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/18 8:24 a.m.75 views

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 CVSS scores: 9.8 -...

9.8CVSS8.7AI score0.99428EPSS
Exploits4
The Hacker News
The Hacker News
added 2024/04/26 5:49 a.m.75 views

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior t...

9.9CVSS10AI score0.93971EPSS
Exploits20
The Hacker News
The Hacker News
added 2024/04/10 4:57 a.m.75 views

Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The...

9CVSS9AI score0.95443EPSS
Exploits4
The Hacker News
The Hacker News
added 2024/03/06 4:58 p.m.75 views

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. "The attackers...

10CVSS9.5AI score0.99999EPSS
Exploits428
The Hacker News
The Hacker News
added 2024/01/24 5:32 a.m.75 views

Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin

A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer MFT software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4....

9.8CVSS7.5AI score0.99999EPSS
Exploits20
The Hacker News
The Hacker News
added 2024/01/11 4:55 a.m.75 views

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software

Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 CVSS score: 7.3, the vulnerability is an arbitrary file upload bug residing in the...

8.6AI score0.01604EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/12/22 5:34 a.m.75 views

Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector

Organizations in the Defense Industrial Base DIB sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach...

9.8CVSS9.6AI score0.96515EPSS
Exploits17
The Hacker News
The Hacker News
added 2023/08/29 2:54 p.m.75 views

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway ESG appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which i...

9.8CVSS6.8AI score0.86956EPSS
Exploits3
The Hacker News
The Hacker News
added 2023/08/02 3:41 a.m.75 views

Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

Advanced persistent threat APT actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile EPMM as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint...

6.8AI score0.99999EPSS
Exploits14
The Hacker News
The Hacker News
added 2023/06/01 2:55 p.m.75 views

Unmasking XE Group: Experts Reveal Identity of Suspected Cybercrime Kingpin

Cybersecurity researchers have unmasked the identity of one of the individuals who is believed to be associated with the e-crime actor known as XE Group. According to Menlo Security, which pieced together the information from different online sources, "Nguyen Huu Tai, who also goes by the names J...

9.8CVSS7.2AI score0.99737EPSS
Exploits16
The Hacker News
The Hacker News
added 2023/02/11 11:11 a.m.75 views

Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers "use several highly obfuscated and under-development custom loaders in order to infect...

7.8CVSS0.09011EPSS
Exploits7
The Hacker News
The Hacker News
added 2022/12/01 2:32 p.m.75 views

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day...

9.3CVSS0.6AI score0.14261EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/08/26 6:52 a.m.75 views

Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework

Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control C2 framework in their intrusion campaigns as a replacement for Cobalt Strike. "Given Cobalt Strike's popularity as an attack tool, defenses against it have also improved over time," Microsoft...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/14 10:54 a.m.75 views

Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices

Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain...

5.5CVSS0.4AI score0.07492EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/06/20 10:10 a.m.75 views

Google Researchers Detail 5-Year-Old Apple Safari Vulnerability Exploited in the Wild

A security flaw in Apple Safari that was exploited in the wild earlier this year was originally fixed in 2013 and reintroduced in December 2016, according to a new report from Google Project Zero. The issue, tracked as CVE-2022-22620 CVSS score: 8.8, concerns a case of a use-after-free...

8.8CVSS1.8AI score0.16342EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/04/14 4:31 a.m.75 views

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the security shortcoming relates to a remote code execution vulnerability...

10CVSS2AI score0.99997EPSS
Exploits25
The Hacker News
The Hacker News
added 2021/09/10 5:7 a.m.75 views

Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ACI services that could have been weaponized by a malicious actor "to access other customers' information" in what the researchers described as the "first cross-account container takeover in the public...

9.3CVSS0.5AI score0.9857EPSS
Exploits33
The Hacker News
The Hacker News
added 2020/12/03 10:59 a.m.75 views

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/02 12:8 p.m.75 views

New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service

A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site or a legitimate site loaded with malicious ads...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/06/15 10:53 a.m.75 views

New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users

High impact vulnerabilities in modern communication protocol used by mobile network operators MNOs can be exploited to intercept user data and carry out impersonation, fraud, and denial of service DoS attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in...

Exploits0
The Hacker News
The Hacker News
added 2020/03/18 10:38 a.m.75 views

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait

As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to a new report published by Check Point Research today a...

Exploits0
The Hacker News
The Hacker News
added 2019/11/13 8:0 a.m.75 views

The Comprehensive Compliance Guide (Get Assessment Templates)

Complying with cyber regulations forms a significant portion of the CISO's responsibility. Compliance is, in fact, one of the major drivers in the purchase and implementation of new security products. But regulations come in multiple different colors and shapes – some are tailored to a specific...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/10/17 10:28 a.m.75 views

Feds Shut Down Largest Dark Web Child Abuse Site; South Korean Admin Arrested

The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins. With an international coalition of law enforcement agencies, federal...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/10/01 5:31 p.m.75 views

Researchers Find New Hack to Read Content Of Password Protected PDF Files

Looking for ways to unlock and read the content of an encrypted PDF without knowing the password? Well, that's now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/08/16 12:5 p.m.75 views

European Central Bank Shuts Down 'BIRD Portal' After Getting Hacked

The European Central Bank ECB confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank ECB is the...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/05/29 5:58 p.m.75 views

Top 5 Last-Minute Memorial Day Deals at THN Store → Get 60% Extra OFF

Memorial Day has come and gone, but you still have time to land some of the best deals on some of the best apps and tech training bundles around. Whether you're looking for a world-class VPN or want to begin a career as a high-paid ethical hacker or IT pro, this list of ultra-discounted apps and...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/18 7:57 a.m.75 views

Over 92 Million New Accounts Up for Sale from More Unreported Breaches

All these numbers…. "More than 5 billion records from 6,500 data breaches were exposed in 2018" — a report from Risk Based Security says. "More than 59,000 data breaches have been reported across the European since the GDPR came into force in 2018" — a report from DLA Piper says. …came from data...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/24 10:55 a.m.75 views

T-Mobile Hacked — 2 Million Customers' Personal Data Stolen

T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers. The leaked information includes customers' name, billing zip code, phone number, email...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/13 4:19 p.m.75 views

ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability

Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/10 12:28 p.m.75 views

How to Find Out Everything Facebook Knows About You

Facebook CEO Mark Zuckerberg will testify before Congress this week to explain how his company collects and handles users' personal information. The past few weeks have been difficult for Facebook over concerns that the data of millions of users has been breached. Facebook stores details of almos...

Exploits0
The Hacker News
The Hacker News
added 2017/03/16 4:54 a.m.75 views

Linux Kernel Gets Patch For Years-Old Serious Vulnerability

Another dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu. The latest Linux kernel flaw CVE-2017-2636, which existed in the Linux kernel for the past seven years,...

7.2CVSS8.2AI score0.01021EPSS
Exploits2
The Hacker News
The Hacker News
added 2017/02/16 6:14 a.m.75 views

A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures

Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them, and the worse — the flaw can not be entirely fixed with any mere software update. The vulnerability resides in the w...

9.3CVSS6.7AI score0.51324EPSS
Exploits11
The Hacker News
The Hacker News
added 2016/11/22 10:49 p.m.75 views

NTP DoS Exploit Released — Update Your Servers to Patch 10 Flaws

A proof-of-concept PoC exploit for a critical vulnerability in the Network Time Protocol daemon ntpd has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet. The vulnerability has been patched by the Network Time Foundation with the...

5CVSS6.8AI score0.52935EPSS
Exploits7
The Hacker News
The Hacker News
added 2015/10/29 11:9 p.m.75 views

Mission '1 Billion' — Microsoft will Automatically Offer Windows 10 Upgrade

Microsoft wholeheartedly wants you to upgrade your PCs to Windows 10, so much so that the company plans to automatically download its new operating system to Windows 7/8 computers next year. Just two weeks ago, Microsoft accidentally pushed Windows 10 installation to Windows 7 and Windows 8/8.1...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2014/10/13 10:18 p.m.75 views

Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO

Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization NATO, Ukrainian and Polish government agencies, and a variety of sensitive European industries over...

9.3CVSS9.4AI score0.81628EPSS
Exploits22
The Hacker News
The Hacker News
added 2026/01/19 1:17 p.m.74 views

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can...

10CVSS9.9AI score0.99999EPSS
Exploits142
The Hacker News
The Hacker News
added 2024/10/10 5:44 a.m.74 views

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 CVSS score: 9.8, relates ...

9.9CVSS10AI score0.99609EPSS
Exploits17
The Hacker News
The Hacker News
added 2024/08/24 7:3 a.m.74 views

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

The U.S. Cybersecurity and Infrastructure Security Agency CISA has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 CVSS score: 6.6, is case of...

10CVSS9.7AI score0.99871EPSS
Exploits28
The Hacker News
The Hacker News
added 2024/04/03 4:10 p.m.74 views

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A...

9.2AI score0.0068EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/03/05 4:18 p.m.74 views

Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware

North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark...

10CVSS9.4AI score0.99959EPSS
Exploits9
The Hacker News
The Hacker News
added 2023/11/29 5:7 a.m.74 views

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve th...

10CVSS8.1AI score0.99654EPSS
Exploits31
The Hacker News
The Hacker News
added 2023/11/20 3:19 p.m.74 views

NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors

Threat actors are targeting the education, government and business services sectors with a remote access trojan called NetSupport RAT. "The delivery mechanisms for the NetSupport RAT encompass fraudulent updates, drive-by downloads, utilization of malware loaders such as GHOSTPULSE, and various...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/14 6:40 p.m.74 views

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization SEV technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines VMs and even perform privilege escalation. The attack has been codenamed CacheWarp...

6.5CVSS7.5AI score0.01018EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/11/06 8:25 a.m.74 views

Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel

Google is warning of multiple threat actors sharing a public proof-of-concept PoC exploit that leverages its Calendar service to host command-and-control C2 infrastructure. The tool, called Google Calendar RAT GCR, employs Google Calendar Events for C2 using a Gmail account. It was first publishe...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/25 10:11 a.m.74 views

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 CVSS score: 9.8, has been described as an out-of-bounds write vulnerability in the implementation of the DCE/R...

7.3AI score0.99428EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/09/23 6:12 a.m.74 views

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place...

8.8CVSS8.5AI score0.37987EPSS
Exploits5
The Hacker News
The Hacker News
added 2023/09/08 8:52 a.m.74 views

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines. The findings come from Google's Threat Analysis Group TAG, which found the adversary setting up...

7.8CVSS7.7AI score0.25019EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/07/11 4:8 a.m.74 views

Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari

Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild. The WebKit bug, cataloged as CVE-2023-37450, could allow threat actors to achieve arbitrary code execution when...

7.2AI score0.1895EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/02/02 10:4 a.m.74 views

Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down?

Over the past few years, cybersecurity has become a major concern for businesses around the globe. With the total cost of cybercrime in 2023 forecasted to reach $8 Trillion – with a T, not a B – it's no wonder that cybersecurity is top of mind for leaders across all industries and regions. Howeve...

6.7AI score
Exploits0
Total number of security vulnerabilities5000