Lucene search
+L
ThnMost viewed

20924 matches found

The Hacker News
The Hacker News
added 2022/12/22 9:39 a.m.74 views

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center MSTIC is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or...

10CVSS10AI score0.99964EPSS
Exploits229
The Hacker News
The Hacker News
added 2022/10/06 12:20 p.m.74 views

Details Released for Recently Patched new macOS Archive Utility Vulnerability

Security researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures. The vulnerability, tracked as CVE-2022-32910, is rooted in the...

7.5CVSS1.4AI score0.07749EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/08/23 2:50 p.m.74 views

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group TAG, the actively in-development malicious software ...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/04/12 1:8 p.m.74 views

Critical LFI Vulnerability Reported in Hashnode Blogging Platform

Researchers have disclosed a previously undocumented local file inclusion LFI vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a Bulk Markdo...

Exploits0
The Hacker News
The Hacker News
added 2022/03/01 2:12 p.m.74 views

Break into Ethical Hacking with 18 Advanced Online Courses for Just $42.99

It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-On...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/11/19 5:38 a.m.74 views

New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/20 8:1 a.m.74 views

LightBasin Hackers Breach at Least 13 Telecom Service Providers Since 2019

A highly sophisticated adversary named LightBasin has been identified as behind a string of attacks targeting the telecom sector with the goal of collecting "highly specific information" from mobile communication infrastructure, such as subscriber information and call metadata. "The nature of the...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/12 2:41 a.m.74 views

Apple Releases Urgent iPhone and iPad Updates to Patch New Zero-Day Vulnerability

Apple on Monday released a security update for iOS and iPad to address a critical vulnerability that it says is being exploited in the wild, making it the 17th zero-day flaw the company has addressed in its products since the start of the year. The weakness, assigned the identifier CVE-2021-30883...

9.8CVSS1.1AI score0.75994EPSS
Exploits8
The Hacker News
The Hacker News
added 2021/04/09 7:45 a.m.74 views

Gigaset Android Update Server Hacked to Install Malware on Users' Devices

Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 plus, and GS370 plus series — the malware took the form of...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/04/08 5:52 a.m.74 views

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believ...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/12 6:35 a.m.74 views

New Browser Attack Allows Tracking Users Online With JavaScript Disabled

Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/26 5:10 a.m.74 views

N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches

Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development. The internet giant's Threat Analysis Group TAG said the adversary created a...

7.8CVSS0.6AI score0.39653EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/07/21 3:5 p.m.74 views

Chinese Hackers Escalate Attacks Against India and Hong Kong Amid Tensions

An emerging threat actor out of China has been traced to a new hacking campaign aimed at government agencies in India and residents of Hong Kong intending to steal sensitive information, cybersecurity firm Malwarebytes revealed in the latest report shared with The Hacker News. The attacks were...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/07/06 11:38 a.m.74 views

Cato MDR: Managed Threat Detection and Response Made Easy

Lately, we can't help noticing an endless cycle where the more enterprises invest in threat prevention; the more hackers adapt and continue to penetrate enterprises. To make things worse, detecting these penetrations still takes too long with an average dwell time that exceeds 100 ! days. To keep...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/26 2:40 p.m.74 views

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public...

7.8CVSS0.4AI score0.00631EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/04/21 11:30 a.m.74 views

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. The affected premium product in question i...

9AI score
Exploits0
The Hacker News
The Hacker News
added 2019/10/16 10:38 a.m.74 views

Facebook Now Pays Hackers for Reporting Security Bugs in 3rd-Party Apps

Following a series of security mishaps and data abuse through its social media platform, Facebook today expanding its bug bounty program in a very unique way to beef up the security of third-party apps and websites that integrate with its platform. Last year, Facebook launched "Data Abuse Bounty"...

Exploits0
The Hacker News
The Hacker News
added 2019/09/05 9:4 a.m.74 views

Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

Twitter today finally decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers. Dorsey's Twitter account was compromised last...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/07/09 11:35 a.m.74 views

Over 1,300 Android Apps Caught Collecting Data Even If You Deny Permissions

Smartphones are a goldmine of sensitive data, and modern apps work as diggers that continuously collect every possible information from your devices. The security model of modern mobile operating systems, like Android and iOS, is primarily based on permissions that explicitly define which sensiti...

Exploits0
The Hacker News
The Hacker News
added 2019/05/08 3:34 p.m.74 views

Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites

Researchers from Chinese cybersecurity firm Qihoo 360's NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites. While monitoring a malicious domain,...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/01/08 11:27 a.m.74 views

Ethereum Classic (ETC) Hit by Double-Spend Attack Worth $1.1 Million

Popular cryptocurrency exchange Coinbase has suspended all transactions of Ethereum Classic ETC—the original unforked version of the Ethereum network—on their trading platforms, other products and services after detecting a potential attack on the cryptocurrency network that let someone spend the...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2018/07/10 7:29 a.m.74 views

USB Accessory Can Defeat iOS's New "USB Restricted Mode" Security Feature

With the release of iOS 11.4.1, Apple has finally rolled out a new security feature designed to protect your devices against USB accessories that connect to the data port, making it harder for law enforcement and hackers to break into your iPhone or iPad without your permission. Dubbed USB...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2013/12/03 4:19 a.m.74 views

Silk Road alternative 'Sheep Marketplace' shut down after $40 Million in Bitcoin Theft

Sheep Marketplace, one of the leading anonymous websites, after Silk Road’s closure by U.S. Prosecutors, allegedly selling drugs, has gone offline claiming it was robbed of $6 million worth of Bitcoins. Like Silk Road, Sheep Marketplace was a Deep Web site accessible via the Tor network and quick...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2013/01/02 1:23 a.m.74 views

CFR watering hole attack also target Capstone Turbine Corporation

Last week Council on Foreign Relations website was compromised and recently hit by a drive-by attack using a zero day Internet Explorer 6 vulnerability for Cyber Espionage attack, suspected by Chinese Hackers. Later Microsoft confirmed that Internet Explorer 6, 7, and 8 are vulnerable to remote...

9.3CVSS0.8AI score0.81716EPSS
Exploits20
The Hacker News
The Hacker News
added 2011/08/30 5:59 p.m.74 views

XCode SQLi/LFI/XSS and Webshell Scanning tool

XCode SQLi/LFI/XSS and Webshell Scanning tool XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded. Download...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/03 11:59 a.m.73 views

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [3 February]

This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices...

9.3CVSS8.8AI score0.47207EPSS
Exploits12
The Hacker News
The Hacker News
added 2024/04/09 11:24 a.m.73 views

CL0P's Ransomware Rampage - Security Measures for 2024

2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the 'CryptoMix' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 t...

9.8CVSS7.4AI score0.99999EPSS
Exploits38
The Hacker News
The Hacker News
added 2023/12/27 8:24 a.m.73 views

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called Xamar...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/04 1:16 p.m.73 views

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks

New research has unearthed multiple novel attacks that break Bluetooth Classic's forward secrecy and future secrecy guarantees, resulting in adversary-in-the-middle AitM scenarios between two already connected peers. The issues, collectively named BLUFFS, impact Bluetooth Core Specification 4.2...

6.8CVSS7.2AI score0.01297EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/12/01 4:25 a.m.73 views

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are describe...

9.6CVSS9.1AI score0.1963EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/11/02 5:19 a.m.73 views

FIRST Announces CVSS 4.0 - New Vulnerability Scoring System

The Forum of Incident Response and Security Teams FIRST has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015. "This latest version of CVSS 4.0 seeks to provide the highest...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/31 5:25 a.m.73 views

Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway ESG appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-286...

7.8AI score0.86956EPSS
Exploits3
The Hacker News
The Hacker News
added 2023/05/06 5:41 a.m.73 views

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting XSS that could be abused to inject arbitrary executable...

7.1CVSS7.5AI score0.65533EPSS
Exploits10
The Hacker News
The Hacker News
added 2023/05/03 7:30 a.m.73 views

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording DVR devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995 CVSS score: 9.8, a critical authentication bypass issue that could b...

9.8CVSS8.3AI score0.86289EPSS
Exploits14
The Hacker News
The Hacker News
added 2023/03/24 7:51 a.m.73 views

Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisor...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/17 6:58 a.m.73 views

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices

Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The issues...

2.5AI score0.87987EPSS
Exploits9
The Hacker News
The Hacker News
added 2022/10/27 7:55 a.m.73 views

New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances

A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/30 2:42 p.m.73 views

New Malware Families Found Targeting VMware ESXi Hypervisors

Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi,...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/04 5:11 a.m.73 views

Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws

Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution RCE or cause a denial-of-service DoS condition on affected devices. The most critical of the flaws impact Cisco Small...

1.1AI score0.02934EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/09/03 6:20 a.m.73 views

Cisco Issues Patch for Critical Enterprise NFVIS Flaw — PoC Exploit Available

Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software NFVIS that could be exploited by an attacker to take control of an affected system. Tracked as CVE-2021-34746, the weakness has been rated 9.8 out of a maximum of 1...

9.8CVSS2.5AI score0.19958EPSS
Exploits3
The Hacker News
The Hacker News
added 2020/09/30 9:29 a.m.73 views

Chinese APT Group Targets Media, Finance, and Electronics Sectors

Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. Linking the attacks to Palmerworm aka BlackTech — likely a China-based advanced persistent threat APT —...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/09/25 10:24 a.m.73 views

Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers

As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/10 9:25 a.m.73 views

Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28

Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted...

6.5CVSS0.4AI score0.19193EPSS
Exploits4
The Hacker News
The Hacker News
added 2020/02/20 11:8 a.m.73 views

Deal: Cloud And Networking Certification Training ~ Get 97% OFF

Cloud computing and networking are two of the most significant areas of growth in the IT business. Companies need engineers who can maintain distributed software and keep the company connected. If you want to work in either niche, the Essential Cloud & Networking Certification Training Bundle...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/02/04 10:43 a.m.73 views

Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users

Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts. According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/11/07 10:40 a.m.73 views

Two Former Twitter Employees Caught Spying On Users For Saudi Arabia

Two former employees of Twitter have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government, likely with the purpose of unmasking the identity of dissidents. According to an indictment filed on November 5 and unsealed just yesterday, one of the...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/10/31 8:8 a.m.73 views

Two Hackers Who Extorted Money From Uber and LinkedIn Plead Guilty

Two grey hat hackers have pleaded guilty to blackmailing Uber, LinkedIn, and other U.S. corporations for money in exchange for promises to delete data of millions of customers they had stolen in late 2016. In a San Jose courthouse in California on Wednesday, Brandon Charles Glover 26 of Florida a...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/08/27 5:24 p.m.73 views

WARNING — Malware Found in CamScanner Android App With 100+ Million Users

Beware! Attackers can remotely hijack your Android device and steal data stored on it, if you are using free version of CamScanner, a highly-popular Phone PDF creator app with more than 100 million downloads on Google Play Store. So, to be safe, just uninstall the CamScanner app from your Android...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/08/26 11:41 a.m.73 views

Hostinger Suffers Data Breach – Resets Password For 14 Million Users

Popular web hosting provider Hostinger has been hit by a massive data breach, as a result of which the company has reset passwords for all customers as a precautionary measure. In a blog post published on Sunday, Hostinger revealed that "an unauthorized third party" breached one of its servers an...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/07/09 9:50 a.m.73 views

Cynet Launches Free Offering For Incident Response Service Providers

More and more, organizations take the route of outsourcing incident response to Managed Security Service Providers. This trend is distinct regardless of the organization's cyber maturity level and can be found across a wide range of cyber maturity, from small companies with no dedicated security...

0.7AI score
Exploits0
Total number of security vulnerabilities5000