Lucene search
K
ThnMost viewed

20784 matches found

The Hacker News
The Hacker News
•added 2013/08/30 6:30 a.m.•39 views

CISCO vulnerability allows remote attacker to take control of Windows system

Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system. Cisco Secure ACS is an application that allows companies to centrally manage access to network...

9.3CVSS7.3AI score0.05122EPSS
Exploits0
The Hacker News
The Hacker News
•added 2013/06/04 4:39 p.m.•39 views

Surveillance malware targets 350 high profile victims in 40 countries

A global cyber espionage campaign affecting over 350 high profile victims in 40 countries, appears to be the work of Chinese hackers using a Surveillance malware called "NetTraveler". Kaspersky Lab's team of experts published a new research report about NetTraveler, which is a family of malicious...

9.3CVSS6.8AI score0.99966EPSS
Exploits12
The Hacker News
The Hacker News
•added 2013/05/01 1:16 p.m.•39 views

Millions of WordPress sites exploitable for DDoS Attacks using Pingback mechanism

Distributed Denial of Service attacks have increased in scale, intensity and frequency. The wide range of motives for these attacks political , criminal, or social makes every merchant or organization with an online presence a potential target. Over the weekend Incapsula mitigated a unique DDoS...

6.4CVSS6.6AI score0.28857EPSS
Exploits3
The Hacker News
The Hacker News
•added 2011/11/06 6:24 a.m.•39 views

Duqu malware was created to spy on Iran's nuclear program

Duqu malware was created to spy on Iran's nuclear program A Report by Kaspersky Lab Expert, Ryan Naraine says that the DUQU malware was created to spy on Iran's nuclear program. IrCERT Iran's Computer Emergency Response Team Duqu is an upgraded version of "Stars". Back in April this year, The...

9.3CVSS6.1AI score0.78285EPSS
Exploits1
The Hacker News
The Hacker News
•added 2011/10/24 4:30 a.m.•39 views

Bleeding Life 2 Exploit Pack Released

Bleeding Life 2 Exploit Pack Released Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version...

10CVSS6.3AI score0.98463EPSS
Exploits71
The Hacker News
The Hacker News
•added 2025/05/28 12:30 p.m.•38 views

New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

Embedded Linux-based Internet of Things IoT devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. "Rather than...

7.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/03/27 6:23 a.m.•38 views

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform XP to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...

9.8CVSS8.9AI score0.99993EPSS
Exploits69
The Hacker News
The Hacker News
•added 2025/03/12 9:52 a.m.•38 views

URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days

Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity...

7.8CVSS8.2AI score0.60954EPSS
Exploits9
The Hacker News
The Hacker News
•added 2025/01/24 5:39 a.m.•38 views

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The medium-severity vulnerability is...

6.9CVSS7.3AI score0.99019EPSS
Exploits14
The Hacker News
The Hacker News
•added 2024/11/07 9:48 a.m.•38 views

5 Most Common Malware Techniques in 2024

Tactics, techniques, and procedures TTPs form the foundation of modern defense strategies. Unlike indicators of compromise IOCs, TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used techniques, according to ANY.RUN's Q3 2024...

7.7AI score
Exploits0
The Hacker News
The Hacker News
•added 2024/10/31 10:30 a.m.•38 views

Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as "the new perimeter", the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of h...

7.3AI score
Exploits0
The Hacker News
The Hacker News
•added 2024/10/10 4:24 a.m.•38 views

Firefox Zero-Day Under Attack: Update Your Browser Immediately

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release ESR has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680 CVSS score: 9.8, has been described as a use-after-free bug in the Animation timeline component...

9.8CVSS10AI score0.32568EPSS
Exploits1
The Hacker News
The Hacker News
•added 2024/10/08 4:7 a.m.•38 views

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 CVSS score: 7.8, has been described as a...

9.8CVSS7.2AI score0.00673EPSS
Exploits0
The Hacker News
The Hacker News
•added 2024/08/22 4:13 p.m.•38 views

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the...

6.7CVSS8.2AI score0.04271EPSS
Exploits1
The Hacker News
The Hacker News
•added 2024/06/25 10:42 a.m.•38 views

New Attack Technique Exploits Microsoft Management Console Files

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console MSC files to gain full code execution using Microsoft Management Console MMC and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after...

6.6AI score
Exploits0
The Hacker News
The Hacker News
•added 2024/06/15 9:51 a.m.•38 views

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the first expansion of its footprint beyond the E.U., Saudi Arabia, the U.A.E., and the U.S. "The group's latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2024/03/28 12:43 p.m.•38 views

New Webinar: Avoiding Application Security Blind Spots with OPSWAT and F5

Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2024/03/07 6:11 a.m.•38 views

Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware

Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023. "The threat actor is distributing Remote Access Trojans RATs includin...

7.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2024/01/24 2:25 p.m.•38 views

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine GKE that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many ...

7.2AI score
Exploits0
The Hacker News
The Hacker News
•added 2024/01/08 2:4 p.m.•38 views

Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals

Threat actors operating under the name Anonymous Arabic have released a remote access trojan RAT called Silver RAT that's equipped to bypass security software and stealthily launch hidden applications. "The developers operate on multiple hacker forums and social media platforms, showcasing an...

7.6AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/12/28 1:20 p.m.•38 views

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high...

8.4AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/12/18 2:40 p.m.•38 views

Top 7 Trends Shaping SaaS Security in 2024

Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/12/01 12:40 p.m.•38 views

New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia

Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/11/08 9:18 a.m.•38 views

Webinar: Kickstarting Your SaaS Security Strategy & Program

SaaS applications make up 70% of total company software usage, and as businesses increase their reliance on SaaS apps, they also increase their reliance on those applications being secure. These SaaS apps store an incredibly large volume of data so safeguarding the organization's SaaS app stack a...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/11/08 8:0 a.m.•38 views

Experts Expose Farnetwork's Ransomware-as-a-Service Business Model

Cybersecurity researchers have unmasked a prolific threat actor known as farnetwork, who has been linked to five different ransomware-as-a-service RaaS programs over the past four years in various capacities. Singapore-headquartered Group-IB, which attempted to infiltrate a private RaaS program...

7.5AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/10/31 6:29 a.m.•38 views

Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws

Meta on Monday announced plans to offer an ad-free option to access Facebook and Instagram for users in the European Union EU, European Economic Area EEA, and Switzerland to comply with "evolving" data protection regulations in the region. The ad-free subscription, which costs €9.99/month on the...

6.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/10/26 11:59 a.m.•38 views

The Danger of Forgotten Pixels on Websites: A New Case Study

While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents. A new case study highlights one of these more common cases. Download the full case study here. It's...

6.3AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/10/24 10:59 a.m.•38 views

Make API Management Less Scary for Your Organization

While application development has evolved rapidly, the API management suites used to access these services remain a spooky reminder of a different era. Introducing new API management infrastructure with these legacy models still poses challenges for organizations as they modernize. Transitioning...

6.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/10/17 10:17 a.m.•38 views

Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge

Recently, the cybersecurity landscape has been confronted with a daunting new reality – the rise of malicious Generative AI, like FraudGPT and WormGPT. These rogue creations, lurking in the dark corners of the internet, pose a distinctive threat to the world of digital security. In this article, ...

6.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/10/12 10:29 a.m.•38 views

Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack

Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant's threat intelligence team is...

7.2AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/10/12 6:20 a.m.•38 views

Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants

High-profile government and telecom entities in Asia have been targeted as part of an ongoing campaign since 2021 that's designed to deploy basic backdoors and loaders for delivering next-stage malware. Cybersecurity company Check Point is tracking the activity under the name Stayin' Alive. Targe...

7.5AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/10/04 11:54 a.m.•38 views

Wing Disrupts the Market by Introducing Affordable SaaS Security

Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be launched for $1,50...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/10/03 11:52 a.m.•38 views

API Security Trends 2023 – Have Organizations Improved their Security Posture?

APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to...

7.4AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/10/02 11:21 a.m.•38 views

APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries

Introduction In today's interconnected digital ecosystem, Application Programming Interfaces APIs play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and...

8.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/09/29 4:43 p.m.•38 views

Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar

Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected...

7.4AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/09/25 11:19 a.m.•38 views

Are You Willing to Pay the High Cost of Compromised Credentials?

Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them? 83% of compromised passwords would satisfy the password complexity and length requirements of compliance standards. That's because bad actors already have...

6.7AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/09/19 10:29 a.m.•38 views

Live Webinar: Overcoming Generative AI Data Leakage Risks

As the adoption of generative AI tools, like ChatGPT, continues to surge, so does the risk of data exposure. According to Gartner's "Emerging Tech: Top 4 Security Risks of GenAI" report, privacy and data security is one of the four major emerging risks within generative AI. A new webinar featurin...

6.4AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/09/14 9:52 a.m.•38 views

N-Able's Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation

A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 CVSS score: 8.8, the issue relates to a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability,...

6.9AI score0.00537EPSS
Exploits2
The Hacker News
The Hacker News
•added 2023/08/23 12:43 p.m.•38 views

North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns

The U.S. Federal Bureau of Investigation FBI on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. The law enforcement agency attributed the blockchain activity to an adversary the U.S. government tracks as...

6.7AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/08/23 11:44 a.m.•38 views

Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight 8 incremental iterations of their credential harvesting malwa...

7.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/08/10 2:20 p.m.•38 views

New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

Malicious actors are using a legitimate Rust-based injector called Freeze.rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It...

6.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/06/27 2:10 p.m.•38 views

New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain

Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems. "The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/06/20 11:55 a.m.•38 views

Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer

A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer. "The operation was active for more than a year with the end goal of compromising credentials and data exfiltration," Bitdefender security researcher Vict...

6.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/06/19 12:37 p.m.•38 views

Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems

Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems. "As of now, these samples are still largely undetected and very little information is available about any of them," Bitdefender researchers Andrei...

7.3AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/06/19 8:37 a.m.•38 views

Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions

Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359. "These attacks likely rely on access to multiple virtual private servers VPS in conjunction with rented cloud...

6.7AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/06/01 3:14 p.m.•38 views

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

A previously unknown advanced persistent threat APT is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root...

7.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/05/19 6:53 a.m.•38 views

Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware

Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware. "Both AI services are extremely popular but lack first-party standalone apps...

6.5AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/05/03 1:45 p.m.•38 views

Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts

Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. Passkeys, backed by the FIDO Alliance, are a more secure way to sign in to apps and websites without having to...

6.5AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/04/10 1:1 p.m.•38 views

Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military

An Estonian national has been charged in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. The 45-year-old individual, Andrey Shevlyakov, was arrested on March 28, 2023, in Tallinn. He has been indicted with 18 counts of conspiracy and other charges. ...

6.6AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/04/06 11:46 a.m.•38 views

Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation's Crown Jewels

Critical infrastructure attacks are a preferred target for cyber criminals. Here's why and what's being done to protect them. What is Critical Infrastructure and Why is It Attacked? Critical infrastructure is the physical and digital assets, systems and networks that are vital to national securit...

6.5AI score
Exploits0
Total number of security vulnerabilities5000