Lucene search
+L
ThnMost viewed

20926 matches found

The Hacker News
The Hacker News
added 2020/01/30 3:38 p.m.55 views

Wawa Breach: Hackers Put 30 Million Stolen Payment Card Details for Sale

Remember the recent payment card breach at Wawa convenience stores? If you're among those millions of customers who shopped at any of 850 Wawa stores last year but haven't yet hotlisted your cards, it's high time to take immediate action. That's because hackers have finally put up payment card...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2019/12/18 3:18 p.m.55 views

LifeLabs Paid Hackers to Recover Stolen Medical Data of 15 Million Canadians

LifeLabs, the largest provider of healthcare laboratory testing services in Canada, has suffered a massive data breach that exposed the personal and medical information of nearly 15 million Canadians customers. The company announced the breach in a press release posted on its website, revealing...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2019/04/16 12:5 p.m.55 views

Google Makes it Tough for Rogue App Developers Get Back on Android Play Store

Even after Google's security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers' existin...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2018/08/08 10:33 a.m.55 views

Snapchat Hack — Hacker Leaked Snapchat Source Code On GitHub

The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx, who claimed to be from Pakistan, created a GitHub reposito...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/07/31 11:4 a.m.55 views

Dixons Carphone Data Breach Affects 10 Million Customers

Dixons Carphone's 2017 data breach was worse than initially anticipated. In an announcement on Monday, Dixons Carphone, one of the largest consumer electronics and telecommunication retailers in Europe, admitted that the breach affected around 10 million customers, up from an initial estimate of...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2018/04/19 7:24 a.m.55 views

Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately

It's time to update your Drupal websites, once again. For the second time within a month, Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft. Discovered b...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2015/01/02 11:0 p.m.55 views

Hacker Released 'iDict' Tool That Can Hack Your iCloud Account

Hackers have a great start of new year 2015, giving a public threat to Apple’s online iCloud service. A hacker using the handle "Pr0x13" has released a password-hacking tool to GitHub website that assures attackers to break into any iCloud account, potentially giving them free access to victims’...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2013/07/07 7:41 p.m.55 views

Microsoft to patch Six critical Remote Code Execution vulnerabilities this Tuesday

Microsoft has announced Patch Tuesday for this July Month, with seven bulletins. Out of that, one is important kernel privilege escalation flaw and six critical Remote Code Execution vulnerabilities. Patch will address vulnerabilities in Microsoft Windows, .Net Framework, Silverlight and will app...

7.8CVSS8.3AI score0.39578EPSS
Exploits6
The Hacker News
The Hacker News
added 2012/05/05 8:31 p.m.55 views

RedKit Exploit Kit : New web malware exploitation pack

RedKit Exploit Kit : New web malware exploitation pack Trustwave researchers have spotted a new exploit kit called "RedKit Exploit Kit" that being used in the wild is aiming to enter a market that is practically monopolized by the widely famous BlackHole and Phoenix exploit kits. In actual, The n...

10CVSS6.9AI score0.98113EPSS
Exploits25
The Hacker News
The Hacker News
added 2011/05/15 12:56 a.m.55 views

Crimepack 3.1.3 Exploit kit Leaked, available for Download !

Crimepack 3.1.3 Exploit kit Leaked, available for Download ! Part 1: Java Exploit As stated above, I focus on a malware that exploits a recent JRE vulnerability: CVE-2010-0840 to execute malicious files on a victim system. This malware comes inside a jar file, which contains the following two...

9.8CVSS6.5AI score0.96319EPSS
Exploits5
The Hacker News
The Hacker News
added 2011/04/15 7:47 a.m.55 views

Phoenix exploit kit 2.5 leaked, Download Now !

Phoenix exploit kit 2.5 leaked, Download Now ! Phoenix exploit kit 2.5 has been leaked . Now U can dowload from given link.. At below here is a some define about Phoenix Exploit Kit. The Phoenix Exploit Kit is a good example of exploit packs used to exploit vulnerable software on the computers of...

9.8CVSS6.3AI score0.96319EPSS
Exploits5
The Hacker News
The Hacker News
added 2026/06/23 6:20 p.m.54 views

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

A Russian-speaking initial access broker IAB driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/23 11:55 a.m.54 views

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is a defensive...

9.3CVSS6.7AI score0.00468EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/05/21 4:27 a.m.54 views

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code VS Code extension. The development comes as the Nx team revealed that the extensio...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/20 8:25 a.m.54 views

Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that's targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. "RedisRaider aggressively scans randomized portions of the IPv4 space and uses...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/15 10:43 a.m.54 views

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 CVSS score: 4.3, has been characterized as a case of insufficient policy...

8.3CVSS4.2AI score0.08404EPSS
Exploits7
The Hacker News
The Hacker News
added 2025/04/21 10:10 a.m.54 views

⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that's exactly what we saw in last week's activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flag...

9.2CVSS9.4AI score0.98594EPSS
Exploits63
The Hacker News
The Hacker News
added 2025/04/21 7:1 a.m.54 views

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organization...

9.8CVSS8.2AI score0.98417EPSS
Exploits31
The Hacker News
The Hacker News
added 2024/08/21 4:15 p.m.54 views

Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 CVSS score: 8.5, the vulnerability has been described as an information disclosure bug stemming from a...

9.1CVSS6.7AI score0.12341EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/08/19 7:5 a.m.54 views

Microsoft Patches Zero-Day Flaw Exploited by North Korea's Lazarus Group

A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 CVSS score: 7.8, has been described as a privilege escalation bug in the Windows...

7.8CVSS9.8AI score0.51865EPSS
Exploits17
The Hacker News
The Hacker News
added 2024/06/27 6:45 a.m.54 views

Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135...

9.8CVSS8.2AI score0.90067EPSS
Exploits5
The Hacker News
The Hacker News
added 2024/05/22 12:21 p.m.54 views

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

Rockwell Automation is urging its customers to disconnect all industrial control systems ICSs not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company said it's issuing the advisory due to "heightened geopolitical tensions and...

9.8CVSS8.1AI score0.25455EPSS
Exploits1
The Hacker News
The Hacker News
added 2024/04/26 10:46 a.m.54 views

10 Critical Endpoint Security Tips You Should Know

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/12 12:13 p.m.54 views

Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets

Threat hunters have discovered a set of seven packages on the Python Package Index PyPI repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/19 3:16 p.m.54 views

Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team

Cybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged role in launching thousands of attacks across the world. Matveev, who resides ...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/15 11:8 a.m.54 views

Bug or Feature? Hidden Web Application Vulnerabilities Uncovered

Web Application Security consists of a myriad of security controls that ensure that a web application: 1. Functions as expected. 2. Cannot be exploited to operate out of bounds. 3. Cannot initiate operations that it is not supposed to do. Web Applications have become ubiquitous after the expansio...

7.8CVSS8.4AI score0.65005EPSS
Exploits8
The Hacker News
The Hacker News
added 2023/11/28 11:13 a.m.54 views

How Hackers Phish for Your Users' Credentials and Sell Them

Account credentials, a popular initial access vector, have become a valuable commodity in cybercrime. As a result, a single set of stolen credentials can put your organization's entire network at risk. According to the 2023 Verizon Data Breach Investigation Report, external parties were responsib...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/22 11:8 a.m.54 views

AI Solutions Are the New Shadow IT

Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are covertly using AI with little regard for established IT and cybersecurity review procedures...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/10 12:22 p.m.54 views

Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes

The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. The findings come from Google's Mandiant, which described the hack as a "multi-event cyber attack" leveraging a novel technique for impacting...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/07 5:8 a.m.54 views

Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now

Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows - CVE-2023-38547 CVSS score: 9.9 - An unspecified flaw that can be leveraged by an unauthenticated user...

7.7AI score0.19125EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/10/31 2:16 p.m.54 views

Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App

The threat actor known as Arid Viper aka APT-C-23, Desert Falcon, or TAG-63 has been attributed as behind an Android spyware campaign targeting Arabic-speaking users with a counterfeit dating app designed to harvest data from infected handsets. "Arid Viper's Android malware has a number of featur...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/31 10:55 a.m.54 views

Trojanized PyCharm Software Version Delivered via Google Search Ads

A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. "Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/31 8:21 a.m.54 views

Canada Bans WeChat and Kaspersky Apps On Government Devices

Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an "unacceptable level of risk to privacy and security." "The Government of Canada is committed to keeping government information and networks secure," the Canadian government said...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/16 12:11 p.m.54 views

SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls

The Android banking trojan known as SpyNote has been dissected to reveal its diverse information-gathering features. Typically spread via SMS phishing campaigns, attack chains involving the spyware trick potential victims into installing the app by clicking on the embedded link, according to...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/26 3:56 p.m.54 views

ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families

Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate formerly Infra Storm that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/09 8:14 a.m.54 views

Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play

Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that's designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/09 6:25 a.m.54 views

Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks

A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers,...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/30 4:5 a.m.54 views

FBI Dismantles QakBot Malware, Frees 700,000 Computers, Seizes $8.6 Million

A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that's estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware. To that end, the U.S. Justice Department DoJ said th...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/18 6:51 a.m.54 views

Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to proactively alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/03 4:18 p.m.54 views

Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners

Threat actors are leveraging a technique called versioning to evade Google Play Store's malware detections and target Android users. "Campaigns using versioning commonly target users' credentials, data, and finances," Google Cybersecurity Action Team GCAT said in its August 2023 Threat Horizons...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/20 8:12 a.m.54 views

Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces

Over 101,100 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on t...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/29 12:15 p.m.54 views

AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks

A crypter alternatively spelled cryptor malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016. Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/18 6:19 a.m.54 views

Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions

Apple has announced that it prevented over $2 billion in potentially fraudulent transactions and rejected roughly 1.7 million app submissions for privacy and security violations in 2022. The computing giant said it terminated 428,000 developer accounts for potential fraudulent activity, blocked...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/28 6:44 a.m.54 views

Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions

South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execu...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/08 7:19 a.m.54 views

Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/15 9:43 a.m.54 views

The Different Methods and Stages of Penetration Testing

The stakes could not be higher for cyber defenders. With the vast amounts of sensitive information, intellectual property, and financial data at risk, the consequences of a data breach can be devastating. According to a report released by Ponemon institute, the cost of data breaches has reached a...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/03 6:42 a.m.54 views

U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released a new advisory about Royal ransomware, which emerged in the threat landscape last year. "After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before...

2.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/20 10:11 a.m.54 views

Cyber Espionage Group Earth Kitsune Deploys WhiskerSpy Backdoor in Latest Attacks

The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign. Earth Kitsune, active since at least 2019, is known to primarily target individuals interested in North Korea with self-developed malwar...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/05 2:55 p.m.54 views

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics an...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/15 11:3 a.m.54 views

Researchers Say China State-backed Hackers Breached a Digital Certificate Authority

A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group...

1.4AI score
Exploits0
Total number of security vulnerabilities5000