Lucene search
+L
ThnMost viewed

20926 matches found

The Hacker News
The Hacker News
added 2020/10/12 7:52 a.m.56 views

Watch Out — Microsoft Warns Android Users About A New Ransomware

Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note. The findings concern a variant of a known Android ransomware family dubbed "MalLocker.B" which has now resurfaced wit...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/09/23 9:7 a.m.56 views

A New Hacking Group Hitting Russian Companies With Ransomware

As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers i...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/20 9:39 p.m.56 views

Former Uber Security Chief Charged Over Covering Up 2016 Data Breach

The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016. According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/05 6:57 p.m.56 views

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said th...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/07/27 8:35 a.m.56 views

Learn Machine Learning and AI – Online Training Program @ 93% OFF

Within the next decade, artificial intelligence is likely to play a significant role in our everyday lives. Machine learning already powers image recognition, self-driving cars, and Netflix recommendations. For any aspiring developer, learning how to code smart software is a good move. These skil...

1.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/03/18 3:52 p.m.56 views

How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats

The Coronavirus is hitting hard on the world's economy, creating a high volume of uncertainty within organizations. Cybersecurity firm Cynet today revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by thre...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2020/03/11 8:0 a.m.56 views

L1ght Looks to Protect Internet Users from Toxic and Predatory Behavior

Cybersecurity has been regarded as a necessity for all computer users, especially today when data breaches and malware attacks have become rampant. However, one of the more overlooked aspects of cybersecurity is the prevention of other forms of cybercrime, such as the spread of harmful content an...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2019/11/05 10:11 a.m.56 views

Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light

A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words. Dubbed 'Light Commands,' the hack relies on a vulnerability i...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/10/09 6:38 p.m.56 views

7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App

A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app. Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent...

10CVSS3AI score0.0248EPSS
Exploits1
The Hacker News
The Hacker News
added 2019/04/09 5:7 p.m.56 views

Adobe Releases Security Patches for Flash, Acrobat Reader, Other Products

Good morning readers, it's Patch Tuesday again—the day of the month when Adobe and Microsoft release security patches for their software. Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe...

10CVSS0.8AI score0.06376EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/04/03 2:39 p.m.56 views

WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites

If you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites. WordPress has recently patched a severe vulnerability in its iO...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2019/03/28 4:0 p.m.56 views

Advanced Breach Protection Demystified – Untold Truths On Security Beyond AV

Doing business in today's connected world means dealing with a continually evolving threat landscape. With potential losses due to downtime following a breach, plus valuable client and proprietary information at risk, most organizations realize they cannot afford to be complacent. This puts extra...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2017/06/28 8:16 p.m.56 views

Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response

A critical vulnerability has been discovered in Systemd, the popular init system and service manager for Linux operating systems, that could allow remote attackers to potentially trigger a buffer overflow to execute malicious code on the targeted machines via a DNS response. The vulnerability,...

5CVSS8.2AI score0.55116EPSS
Exploits1
The Hacker News
The Hacker News
added 2015/07/09 7:5 a.m.56 views

Critical OpenSSL Flaw Allows Hackers to Impersonate Any Trusted SSL Certificate

The mysterious security vulnerability in the widely used OpenSSL code library is neither HeartBleed nor FREAK, but it’s critical enough to be patched by sysadmins without any delay. OpenSSL Foundation released the promised patch against a high severity vulnerability in OpenSSL versions 1.0.1n and...

6.4CVSS6.5AI score0.61798EPSS
Exploits6
The Hacker News
The Hacker News
added 2015/07/07 5:49 a.m.56 views

Zero-Day Flash Player Exploit Disclosed in 'Hacking Team' Data Dump

The Recent Cyber Attack that exposed 400GB of corporate data belonging to surveillance software firm Hacking Team has revealed that the spyware company have already discovered an exploit for an unpatched zero-day vulnerability in Flash Player. Security researchers at Trend Micro claim that the...

10CVSS9.4AI score0.08151EPSS
Exploits0
The Hacker News
The Hacker News
added 2010/11/01 12:15 a.m.56 views

Meher Assel (NeT-Own3r) Tunisian Hacker do 9,856 mass defacements

"Meher Assel NeT-Own3r Tunisian Hacker is one of the Great Hacker. He do almost 9,856 defacements. Zone-H Records : Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/30 1:49 p.m.55 views

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepte...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/02 3:55 a.m.55 views

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a brute-force attack agains...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/06 4:25 p.m.55 views

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer AMOS on Apple macOS systems. The campaign, according to CloudSEK, has been found to...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/24 11:20 a.m.55 views

⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple's Data Dilemma

Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection. Let these stories spark your interest and help you...

9.3CVSS9.1AI score0.9951EPSS
Exploits42
The Hacker News
The Hacker News
added 2024/10/22 4:47 a.m.55 views

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 CV...

9.8CVSS9.7AI score0.61725EPSS
Exploits8
The Hacker News
The Hacker News
added 2024/09/26 4:49 a.m.55 views

Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign

Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers ISPs as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. The activity has been attributed to a threat actor that...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/23 10:24 a.m.55 views

New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data

The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascadi...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/17 11:59 a.m.55 views

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/13 6:18 a.m.55 views

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo

Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control C2 framework within a PNG image of the project's logo. The package employing this...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/02 10:10 a.m.55 views

New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw

A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 CVSS score: 9.8, which affects D-Link DIR-645...

10CVSS8.6AI score0.97101EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/04/26 10:18 a.m.55 views

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 CVSS score: 10.0, could be weaponized to obtain unauthenticated remote shell command execution o...

10CVSS9.9AI score0.99999EPSS
Exploits43
The Hacker News
The Hacker News
added 2024/04/24 4:50 a.m.55 views

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network CDN cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/17 11:7 a.m.55 views

GenAI: A New Headache for SaaS Security Teams

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenA...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/10 2:24 p.m.55 views

'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan

An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is no...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/22 2:8 p.m.55 views

New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S.

Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as StrelaStealer. The campaigns impact more than 100 organizations in the E.U. and the U.S., Palo Alto Networks Unit 42 researchers said in a new report...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/02/02 6:21 a.m.55 views

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/12 1:3 p.m.55 views

Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP

GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could...

7.7AI score0.94955EPSS
Exploits16
The Hacker News
The Hacker News
added 2024/01/08 7:53 a.m.55 views

NIST Warns of Security and Privacy Risks from Rapid AI System Deployment

The U.S. National Institute of Standards and Technology NIST is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence AI systems in recent years. "These security and privacy challenges include the potential for adversari...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/07 2:36 p.m.55 views

Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics

The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as Star...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/05 7:55 a.m.55 views

New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace

A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what's suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as AeroBlade. Its origin is...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/01 9:2 a.m.55 views

North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware

State-sponsored threat actors from the Democratic People's Republic of Korea DPRK have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel macOS malware dubbed KANDYKORN. Elastic Security Labs said the activity, traced back to April 2023,...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/13 11:53 a.m.55 views

Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration

The advanced persistent threat APT actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/15 4:14 a.m.55 views

Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm formerly Holmium, said the adversar...

9.8CVSS7.4AI score0.99999EPSS
Exploits91
The Hacker News
The Hacker News
added 2023/09/11 6:23 a.m.55 views

New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World

A new malware loader called HijackLoader is gaining traction among the cybercriminal community to deliver various payloads such as DanaBot, SystemBC, and RedLine Stealer. "Even though HijackLoader does not contain advanced features, it is capable of using a variety of modules for code injection a...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/04 5:40 a.m.55 views

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. "A file created...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/22 7:5 a.m.55 views

New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App

A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote." "The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg,"...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/10 9:45 a.m.55 views

Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Threat actors are increasingly using a phishing-as-a-service PhaaS toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/07 7:24 a.m.55 views

Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities

Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak...

9.8CVSS8.1AI score0.05786EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/06/29 7:24 a.m.55 views

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts

A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 CVSS score: 9.8, the authentication bypass flaw...

7.2AI score0.46242EPSS
Exploits6
The Hacker News
The Hacker News
added 2023/06/14 8:33 a.m.55 views

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which...

6AI score0.01214EPSS
Exploits2
The Hacker News
The Hacker News
added 2023/05/22 11:12 a.m.55 views

Are Your APIs Leaking Sensitive Data?

It's no secret that data leaks have become a major concern for both citizens and institutions across the globe. They can cause serious damage to an organization's reputation, induce considerable financial losses, and even have serious legal repercussions. From the infamous Cambridge Analytica...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/12 2:16 p.m.55 views

Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution. "Successful exploits could allow attackers to monitor users' internet activity, hijack internet connections, and redirect traffic to...

9AI score0.01371EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/02/14 10:12 a.m.55 views

A CISOs Practical Guide to Storage and Backup Ransomware Resiliency

One thing is clear. The "business value" of data continues to grow, making it an organization's primary piece of intellectual property. From a cyber risk perspective, attacks on data are the most prominent threat to organizations. Regulators, cyber insurance firms, and auditors are paying much...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/30 11:26 a.m.55 views

Titan Stealer: A New Golang-Based Information Stealer Malware Emerges

A new Golang-based information stealer malware dubbed Titan Stealer is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP...

1AI score
Exploits0
Total number of security vulnerabilities5000