Lucene search
+L
ThnMost viewed

20926 matches found

The Hacker News
The Hacker News
added 2024/04/19 11:1 a.m.60 views

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities...

9.1CVSS8.2AI score0.71789EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/01/22 3:40 a.m.60 views

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...

10CVSS8.2AI score0.99654EPSS
Exploits31
The Hacker News
The Hacker News
added 2024/01/15 7:45 a.m.60 views

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws in WordPress...

6.1CVSS6.7AI score0.01999EPSS
Exploits4
The Hacker News
The Hacker News
added 2024/01/10 3:15 p.m.60 views

NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining

A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. "The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/15 2:17 p.m.60 views

New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen...

9.8CVSS9.5AI score0.85689EPSS
Exploits10
The Hacker News
The Hacker News
added 2023/12/05 10:14 a.m.60 views

15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack

New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. "More than 9,000 repositories are vulnerable to repojacking due to GitHub username changes," Jacob Baines, chief technology officer at VulnCheck, said in a report shared with T...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/14 11:35 a.m.60 views

CI/CD Risks: Protecting Your Software Development Pipelines

Have you heard about Dependabot? If not, just ask any developer around you, and they'll likely rave about how it has revolutionized the tedious task of checking and updating outdated dependencies in software projects. Dependabot not only takes care of the checks for you, but also provides...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/13 2:31 p.m.60 views

New PEAPOD Cyberattack Campaign Targeting Women Political Leaders

European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the nam...

7.5CVSS8.2AI score0.98998EPSS
Exploits3
The Hacker News
The Hacker News
added 2023/08/02 11:50 a.m.60 views

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services AWS that allows the AWS Systems Manager Agent SSM Agent to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/14 7:40 a.m.60 views

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

A new malware strain has been found covertly targeting small office/home office SOHO routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/16 2:45 p.m.60 views

China's Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks

The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023. An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/31 11:8 a.m.60 views

New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/19 2:20 p.m.60 views

New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks

A new critical remote code execution RCE flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "The vulnerability is achieved through CSRF cross-site request forgery on the ubiquitous SC...

8.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/04 4:28 a.m.60 views

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds writ...

2.2AI score0.16841EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/11/07 10:49 a.m.60 views

Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data

Security researchers are warning of "a trove of sensitive information" leaking through urlscan.io, a website scanner for suspicious and malicious URLs. "Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable," Positive...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/25 12:46 p.m.60 views

Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog

Cybersecurity researchers have disclosed details about a pair of vulnerabilities in Microsoft Windows, one of which could be exploited to result in a denial-of-service DoS. The exploits, dubbed LogCrusher and OverLog by Varonis, take aim at the EventLog Remoting Protocol MS-EVEN, which enables...

4.3CVSS1.1AI score0.02005EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/10/03 2:35 p.m.60 views

Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack

A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100...

1.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/25 1:24 p.m.60 views

Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers

The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed MagicWeb by Microsoft's threat intelligence teams, the development reiterates...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/22 6:35 p.m.60 views

SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products

Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection SQLi vulnerability affecting its Analytics On-Prem and Global Management System GMS products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and...

0.9AI score0.09261EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/07/13 11:47 a.m.60 views

New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models

Consumer electronics maker Lenovo on Tuesday rolled out fixes to contain three security flaws in its UEFI firmware affecting over 70 product models. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers ...

7.8CVSS3.8AI score0.02999EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/07/01 10:3 a.m.60 views

New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/27 10:0 a.m.60 views

Researchers Warn of 'Matanbuchus' Malware Campaign Dropping Cobalt Strike Beacons

A malware-as-a-service Maas dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/13 3:39 a.m.60 views

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'"...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/25 1:46 p.m.60 views

Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room

A group of academics has devised a system that can be used on a phone or a laptop to identify and locate Wi-Fi-connected hidden IoT devices in unfamiliar physical spaces. With hidden cameras being increasingly used to snoop on individuals in hotel rooms and Airbnbs, the goal is to be able to...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/04/01 12:31 p.m.60 views

Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers PLCs and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. The flaws have the...

10CVSS1.6AI score0.05013EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/08/06 8:0 a.m.60 views

India's Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks

Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform. The vulnerability involves a stored cross-site scriptin...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/02 6:11 a.m.60 views

US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks

Days after Microsoft, Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice DoJ Tuesday said it intervened to take control of two command-and-control C2 and malware...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/11 1:24 p.m.60 views

LIVE Webinar — The Rabbit Hole of Automation

The concept of automation has taken on a life of its own in recent years. The idea is nothing new, but the current interest in automation is a mix of both hype and innovation. On the one hand, it's much easier today to automate everything from small processes to massive-scale tasks than it's ever...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/04/15 10:25 a.m.60 views

Malware Variants: More Sophisticated, Prevalent and Evolving in 2021

A malicious program intended to cause havoc with IT systems—malware—is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity. While smarter security...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/12 8:36 a.m.60 views

Hackers Are Targeting Microsoft Exchange Servers With Ransomware

It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. Now it appears that threat actors have caught up. According to...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/19 7:25 a.m.60 views

SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune

Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/25 7:48 a.m.60 views

Pen Testing By Numbers: Tracking Pen Testing Trends and Challenges

Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/14 9:10 a.m.60 views

Experts Uncover Malware Attacks Against Colombian Government and Companies

Cybersecurity researchers took the wraps off an ongoing surveillance campaign directed against Colombian government institutions and private companies in the energy and metallurgical industries. In a report published by ESET on Tuesday, the Slovak internet security company said the attacks — dubb...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/30 12:52 p.m.60 views

Quick Guide — How to Troubleshoot Active Directory Account Lockouts

Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/10/13 7:10 a.m.60 views

Microsoft and Other Tech Companies Take Down TrickBot Botnet

Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. The joint collaboration, which involved Microsoft's Digital Crimes Unit,...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/07/28 6:48 a.m.60 views

QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices

Cybersecurity agencies in the US and UK yesterday issued a joint advisory about a massive ongoing malware threat infecting Taiwanese company QNAP's network-attached storage NAS appliances. Called QSnatch or Derek, the data-stealing malware is said to have compromised 62,000 devices since reports...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/02/21 9:5 a.m.60 views

Google Bans 600 Android Apps from Play Store for Serving Disruptive Ads

Google has banned nearly 600 Android apps from the Play Store for bombarding users with disruptive ads and violating its advertising guidelines. The company categorizes disruptive ads as "ads that are displayed to users in unexpected ways, including impairing or interfering with the usability of...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/01/20 12:22 p.m.60 views

Evaluating Your Security Controls? Be Sure to Ask the Right Questions

Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2019/04/30 4:59 p.m.60 views

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft...

9.8CVSS0.2AI score0.08654EPSS
Exploits3
The Hacker News
The Hacker News
added 2018/04/19 11:47 a.m.60 views

Facebook Plans to Build Its Own Chips For Hardware Devices

A new job opening post on Facebook suggests that the social network is forming a team to build its own hardware chips, joining other tech titans like Google, Apple, and Amazon in becoming more self-reliant. According to the post, Facebook is looking for an expert in ASIC and FPGA—two custom silic...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2018/03/20 10:8 a.m.60 views

Apple Blocks Sites From Abusing HSTS Security Standard to Track Users

If you are unaware, the security standard HTTP Strict Transport Security HSTS can be abused as a 'supercookie' to surreptitiously track users of almost every modern web browser online without their knowledge even when they use "private browsing." Apple has now added mitigations to its open-source...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2018/02/28 4:3 p.m.60 views

Apple Moves iCloud Data and Encryption Keys for Chinese Users to China

Apple has finally agreed to open a new Chinese data center next month to comply with the country's latest controversial data protection law. Apple will now move the cryptographic keys of its Chinese iCloud users in data centers run by a state-owned company called Cloud Big Data Industrial...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2017/08/17 6:46 a.m.60 views

Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader

Are you using Foxit PDF Reader? If yes, then you need to watch your back. Security researchers have discovered two critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if not configured to open files in th...

6.8CVSS9.4AI score0.07152EPSS
Exploits2
The Hacker News
The Hacker News
added 2017/07/18 7:4 a.m.60 views

Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability CVE-2017-9765, discovere...

6.8CVSS8.6AI score0.21894EPSS
Exploits2
The Hacker News
The Hacker News
added 2015/01/21 8:36 a.m.60 views

Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities

Get Ready to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities in its software. The United States software maker Oracle releases its security updates every three months on Tuesday, which it referred to as "Critical Patch Updates" CPU...

10CVSS8.1AI score0.49587EPSS
Exploits1
The Hacker News
The Hacker News
added 2015/01/03 12:17 a.m.60 views

Hacker Leaks Xbox One SDK that could let Developers make Homebrew Apps

Just a week ago on Christmas, the massive Distributed Denial of Service DDoS attack from the notorious hacking group Lizard Squad knocked Sony’s PlayStation Network and Microsoft’s Xbox Live offline, but as if it wasn't the end of disaster for Microsoft. This time it isn't a case of services bein...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/19 10:0 a.m.59 views

⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More

Cybersecurity leaders aren't just dealing with attacks—they're also protecting trust, keeping systems running, and maintaining their organization's reputation. This week's developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow. Just fixing...

9.4CVSS7.9AI score0.99899EPSS
Exploits37
The Hacker News
The Hacker News
added 2025/05/14 8:14 a.m.59 views

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rate...

10CVSS8.4AI score0.27561EPSS
Exploits19
The Hacker News
The Hacker News
added 2025/05/01 3:47 p.m.59 views

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execut...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/01 6:40 a.m.59 views

BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used...

9.8CVSS7.9AI score0.87991EPSS
Exploits8
Total number of security vulnerabilities5000