Lucene search
+L
ThnMost viewed

20925 matches found

The Hacker News
The Hacker News
added 2013/08/28 10:14 a.m.70 views

Warning : Java 6 vulnerable to zero-day exploit; added to Neutrino exploit kit

Hackers are using a new exploit for a bug in the out-of-date but popular Java 6 platform to attack victims, and has been added to a commercially available Neutrino exploit kit. The use of Java 6 still is prevalent, opening up a significant number of users to the threat. F-secure analyst Timo...

10CVSS2.1AI score0.10179EPSS
Exploits0
The Hacker News
The Hacker News
added 2012/04/12 9:34 a.m.70 views

Iran replacing Google, Hotmail with its own internal search engines and email services

Iran replacing Google, Hotmail with its own internal search engines and email services Iran has denied the report that it plans to cut itself off from the Internet. In a statement, the ministry said "The report is in no way confirmed by the ministry". It added that it was "completely baseless," a...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/07 11:25 a.m.69 views

⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Surge and More

Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on every day. Hackers don't need sophisticated...

10CVSS9.3AI score0.99979EPSS
Exploits29
The Hacker News
The Hacker News
added 2025/02/13 9:39 a.m.69 views

Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software

Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108 , carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is...

7.5CVSS10AI score0.98417EPSS
Exploits22
The Hacker News
The Hacker News
added 2024/07/30 4:20 a.m.69 views

VMware ESXi Flaw Exploited by Ransomware Groups for Admin Access

A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware. The attacks involve the exploitation of CVE-2024-37085 CVSS score: 6.8, an Active Directory integration...

7.8CVSS7.5AI score0.48973EPSS
Exploits10
The Hacker News
The Hacker News
added 2024/06/14 1:21 p.m.69 views

Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

Data is growing faster than ever. Remember when petabytes that's 1,000,000 gigabytes! were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed, analyzed,...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/08 5:22 p.m.69 views

New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called 5Ghoul a combination...

7.5CVSS7.3AI score0.00607EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/08/29 2:38 p.m.69 views

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/29 4:27 a.m.69 views

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile EPMM, formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 CVSS score: 7.8, impacts support...

9.5AI score0.99999EPSS
Exploits14
The Hacker News
The Hacker News
added 2023/06/21 11:38 a.m.69 views

Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover

A security shortcoming in Microsoft Azure Active Directory AD Open Authorization OAuth process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubb...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/17 11:52 a.m.69 views

Threat Group UNC3944 Abusing Azure Serial Console for Total VM Takeover

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines VMs to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944,...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/12 9:42 a.m.69 views

Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk

Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with symlinks when processing files a...

8.8CVSS1.5AI score0.01659EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/12/28 7:12 a.m.69 views

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

Microsoft's decision to block Visual Basic for Applications VBA macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat APT actors and commodity malware...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/11 4:41 p.m.69 views

BazarCall Call Back Phishing Attacks Constantly Evolving Its Social Engineering Tactics

The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or facilitate the delivery of next-stage payloads such as...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/08 5:55 p.m.69 views

New Vulnerabilities Reported in Baxter's Internet-Connected Infusion Pumps

Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alterati...

0.1AI score0.00596EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/09/01 3:24 a.m.69 views

Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability

Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address a critical security flaw that has been actively exploited in the wild. The shortcoming, tracked as CVE-2022-32893 CVSS score: 8.8, is an out-of-bounds write issue affecting WebKit that could...

8.8CVSS1.1AI score0.09785EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/07/26 10:12 a.m.69 views

Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers

FileWave's mobile device management MDM system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it. "The vulnerabilities are remotely exploitable and enable an attacker to bypass...

0.9AI score0.15824EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/05/06 5:13 a.m.69 views

Google Releases Android Update to Patch Actively Exploited Vulnerability

Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year. Tracked as CVE-2021-22600 CVSS score: 7.8, the vulnerability is ranked...

7.2CVSS0.8AI score0.05918EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/02/18 3:38 a.m.69 views

Another Critical RCE Discovered in Adobe Commerce and Magento Platforms

Adobe on Thursday updated its advisory for an actively exploited zero-day affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. Tracked as CVE-2022-24087, the issue – like CVE-2022-24086 – is rated 9.8 on th...

10CVSS3.1AI score0.99199EPSS
Exploits6
The Hacker News
The Hacker News
added 2021/08/06 2:29 p.m.69 views

Apple to Scan Every Device for Child Abuse Content — But Experts Fear for Privacy

Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material CSAM in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/07/30 10:0 a.m.69 views

Experts Uncover Several C&C Servers Linked to WellMess Malware

Cybersecurity researchers on Friday unmasked new command-and-control C2 infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/04/26 11:3 a.m.69 views

Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby

New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers. "As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – ev...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/06 7:28 a.m.69 views

Cybercriminals Now Using Plex Media Servers to Amplify DDoS Attacks

A new distributed denial-of-service attack DDoS vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it ca...

2.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/25 7:48 a.m.69 views

Beware — A New Wormable Android Malware Spreading Through WhatsApp

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a li...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2020/07/31 9:39 a.m.69 views

New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server. Remote timing attacks that work over a network connection are predominantly affected by...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/02/28 10:24 a.m.69 views

Why Businesses Should Consider Managed Cloud-Based WAF Protection

The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up for a $20 million cyber insurance policy. It's very evident that...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/02/25 10:54 a.m.69 views

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers

OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfe...

10CVSS1.5AI score0.889EPSS
Exploits10
The Hacker News
The Hacker News
added 2019/11/07 12:9 p.m.69 views

Gartner Says the Future of Network Security Lies with SASE

Cloud services and networking are driving the concept of digital businesses, yet traditional networking and cybersecurity architectures are far from meeting the demands of the digital business. Gartner's "The Future of Network Security Is in the Cloud" report spells out the potential for the...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/10/15 10:40 a.m.69 views

Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks

In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in "about: pages" that are the gateway to sensitive preferences, settings, and statics of the...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/07/11 1:4 p.m.69 views

New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices

Are you sure the WhatsApp app you are using on your Android device is legitimate, even if it's working perfectly as intended? ...Or the JioTV, AppLock, HotStar, Flipkart, Opera Mini or Truecaller app—if you have installed any of these? I'm asking this because cybersecurity researchers just...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/07/10 2:0 p.m.69 views

A New Ransomware Is Targeting Network Attached Storage (NAS) Devices

A new ransomware family has been found targeting Linux-based Network Attached Storage NAS devices made by Taiwan-based QNAP Systems and holding users' important data hostage until a ransom is paid, researchers told The Hacker News. Ideal for home and small business, NAS devices are dedicated file...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/06/04 5:42 p.m.69 views

Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default

As promised, Mozilla has finally enabled "Enhanced Tracking Protection" feature on its Firefox browser by default, which from now onwards would automatically block all third-party tracking cookies that allow advertisers and websites to track you across the web. Tracking cookies, also known as...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/04/17 7:26 p.m.69 views

Researcher Hijacks a Microsoft Service Using Loophole in Azure Cloud Platform

A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft's Azure cloud service by exploiting it to take control over Windows Live Tiles, one of the key features Microsoft built into Windows 8 operating system. Introduced in Windows 8, the Live tiles feature was...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2018/05/08 7:18 a.m.69 views

Twitter is Testing End-to-End Encrypted Direct Messages

Twitter has been adopting new trends at a snail's pace. But it's better to be late than never. Since 2013 people were speculating that Twitter will bring end-to-end encryption to its direct messages, and finally almost 5 years after the encryption era began, the company is now testing an end-to-e...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/12 3:36 p.m.69 views

Hacker Can Steal Data from Air-Gapped Computers through Power Lines

Do you think it is possible to extract data from a computer using its power cables? If no, then you should definitely read about this technique. Researchers from Israel's Ben Gurion University of the Negev—who majorly focus on finding clever ways to exfiltrate data from an isolated or air-gapped...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2017/03/02 12:48 a.m.69 views

Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’

Last year Google employees took an initiative to help thousands of Open Source Projects patch a critical remote code execution vulnerability in a widely used Apache Commons Collections ACC library. Dubbed Operation Rosehub, the initiative was volunteered by some 50 Google employees, who utilized ...

7.5CVSS8.9AI score0.18763EPSS
Exploits1
The Hacker News
The Hacker News
added 2015/07/06 10:12 p.m.69 views

OpenSSL to Patch Undisclosed High Severity Vulnerability this Thursday

Attention Please! System Administrator and anyone relying on OpenSSL should be prepared to switch to a new version of the open-source crypto library that will be released this Thursday 9th July. OpenSSL is a widely used open-source software library that provides encrypted Internet connections usi...

5CVSS6.4AI score0.98685EPSS
Exploits0
The Hacker News
The Hacker News
added 2013/01/16 6:1 a.m.69 views

Oracle Patches Java Zero Day Vulnerability

Oracle delivered an unusual emergency patch to Java's critical Zero Day vulnerability on Sunday to fix a malicious bug that allowed hackers access to users web browsers. Exploits for the previously undisclosed flaw were being hosted in a number of exploit kits and attacks have already been seen i...

10CVSS0.8AI score0.97612EPSS
Exploits38
The Hacker News
The Hacker News
added 2025/05/03 9:33 a.m.68 views

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure CNI entity in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed "extensive espionage...

9.8CVSS8.8AI score0.8488EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/02/10 5:14 a.m.68 views

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation o...

9.9CVSS9.5AI score0.99737EPSS
Exploits52
The Hacker News
The Hacker News
added 2024/10/24 12:41 p.m.68 views

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...

9.9CVSS8.7AI score0.15953EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/10/01 6:32 a.m.68 views

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

More than 140,000 phishing websites have been found linked to a phishing-as-a-service PhaaS platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin pan...

9.3CVSS8.9AI score0.99933EPSS
Exploits29
The Hacker News
The Hacker News
added 2024/09/12 3:55 p.m.68 views

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 "An issue was discovered in...

10CVSS7AI score0.94955EPSS
Exploits17
The Hacker News
The Hacker News
added 2024/08/02 10:52 a.m.68 views

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Enterprise Resource Planning ERP Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critic...

9.8CVSS7.7AI score0.99426EPSS
Exploits11
The Hacker News
The Hacker News
added 2024/07/01 6:25 a.m.68 views

Juniper Networks Releases Critical Security Update for Routers

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. "An Authentication Bypass Usin...

10CVSS8.4AI score0.17668EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/03/02 6:23 a.m.68 views

U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp

A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other remote access trojans to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor. The decision marks a major legal victory for Meta, which filed the lawsuit in October 2019...

9.8CVSS9.7AI score0.39166EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/02/27 10:18 a.m.68 views

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It's possible to send malicious pull requests with attacker-controlled data from the Huggin...

6.5CVSS7.8AI score0.01175EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/02/13 7:3 a.m.68 views

Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures

Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's according to findings from Orange Cyberdefense, which said it observed the exploitation of...

9.1CVSS7.4AI score0.99999EPSS
Exploits26
The Hacker News
The Hacker News
added 2024/01/20 4:31 a.m.69 views

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday issued an emergency directive urging Federal Civilian Executive Branch FCEB agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure ICS and Ivanti Policy Secure IPS products...

9.1CVSS9.7AI score0.99999EPSS
Exploits23
The Hacker News
The Hacker News
added 2023/12/19 5:42 a.m.68 views

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating dat...

9.8CVSS7.8AI score0.99999EPSS
Exploits38
Total number of security vulnerabilities5000