Lucene search
+L

20926 matches found

The Hacker News
The Hacker News
added 2025/03/06 9:57 a.m.49 views

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in ...

9.8CVSS10AI score0.99994EPSS
Exploits26
The Hacker News
The Hacker News
added 2025/03/06 6:40 a.m.11 views

U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations

The U.S. Department of Justice DoJ has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People's Republic of China's PRC Ministr...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/05 3:44 p.m.62 views

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access

The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology IT supply chain as a means to obtain initial access to corporate networks. That's according to new findings...

10CVSS9AI score0.99999EPSS
Exploits492
The Hacker News
The Hacker News
added 2025/03/05 2:8 p.m.25 views

Defending against USB drive attacks with Wazuh

USB drive attacks constitute a significant cybersecurity risk, taking advantage of the everyday use of USB devices to deliver malware and circumvent traditional network security measures. These attacks lead to data breaches, financial losses, and operational disruptions, with lasting impacts on a...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/05 1:37 p.m.19 views

Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America

The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish-speaking targets in Latin America in 2024. The findings come from Russian cybersecurity company Positive Technologies, which described the...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/05 1:20 p.m.12 views

Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud

Google has announced the rollout of artificial intelligence AI-powered scam detection features to secure Android device users and their personal information. "These features specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/05 11:3 a.m.25 views

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. "Lotus Blossom has been using the Sagerunex backdoor...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/05 11:0 a.m.20 views

Identity: The New Cybersecurity Battleground

The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/05 7:7 a.m.20 views

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems. "The threat actor has published at least seven packages impersonating widely used Go libraries,...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/04 4:21 p.m.44 views

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect BC module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/04 2:13 p.m.39 views

VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches

Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 CVSS score: 9.3 - A Time-of-Check...

9.3CVSS8.9AI score0.01676EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/03/04 11:0 a.m.20 views

How New AI Agents Will Transform Credential Stuffing Attacks

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — includi...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/04 9:58 a.m.22 views

Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector

Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out "fewer than five" entities in the United Arab Emirates U.A.E. to deliver a previously undocumented Golang backdoor dubbed Sosano. The malicious activity was specifically directed against aviation and...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/04 9:1 a.m.16 views

Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers

Internet service providers ISPs in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/04 4:39 a.m.32 views

Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of...

9.8CVSS9.7AI score0.99288EPSS
Exploits8
The Hacker News
The Hacker News
added 2025/03/04 4:7 a.m.34 views

Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-43093 - A privilege escalation flaw in...

7.8CVSS7.1AI score0.03558EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/03/03 5:26 p.m.76 views

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

Threat actors are targeting Amazon Web Services AWS environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 short for a threat group with...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/03 2:0 p.m.17 views

Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites

Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control C2 framework called Havoc. "The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/03 1:56 p.m.21 views

Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks

Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw CVE-2025-0289 is part of a set of five vulnerabilities that was discovered by Microsoft,...

8AI score0.00471EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/03/03 1:56 p.m.11 views

U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices

The U.K.'s Information Commissioner's Office ICO has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it's probing how the ByteDance-owned...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/03 11:58 a.m.46 views

⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists

This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive...

7.2CVSS8.2AI score0.72059EPSS
Exploits16
The Hacker News
The Hacker News
added 2025/03/03 11:0 a.m.13 views

The New Ransomware Groups Shaking Up 2025

In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023. After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents 33% of the year's total. Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise ...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/03 5:17 a.m.28 views

Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/01 8:0 a.m.9 views

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states - You give Mozilla the rights necessary to...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/28 4:48 p.m.30 views

Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone

A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploi...

7.8CVSS6.8AI score0.03558EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/02/28 2:23 p.m.25 views

RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable

Remote Desktop Protocol RDP is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It's like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work fro...

8.1CVSS7.6AI score0.14979EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/02/28 1:49 p.m.29 views

Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains

Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's content delivery network CDN to deliver the Lumma stealer malware. Netskope Threat Labs said it discovered 260 unique domains hosting 5,000 phishing P...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/28 10:33 a.m.15 views

Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence GenAI services in order to produce offensive and harmful content. The campaign, called LLMjacking, ha...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/28 10:24 a.m.25 views

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

A dataset used to train large language models LLMs has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/28 9:36 a.m.13 views

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of a previously undocumented implant. Cybersecurity company Kaspersky is tracking the activity under the name Angry Likho,...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/27 3:36 p.m.19 views

Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations

A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country's National Taxation Bureau. The campaign, detected last month by Fortinet FortiGuard Labs, marks a departure from previous attack chains that have leveraged...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/27 1:50 p.m.8 views

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology IT organizations with a previously undocumented malware called LuckyStrike Agent. The activity was detected in November 2024 by Solar, the cybersecurity arm of Russian...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/27 1:5 p.m.11 views

89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals

Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce. The...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/27 1:4 p.m.13 views

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic aka ToxicPanda, indicating that the threat actors behind it are continuously making changes in response to public reporting. "The modifications seen in the TgToxic payloads reflect the actors' ongoin...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/27 9:20 a.m.23 views

PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices

A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity company Sekoia said it observed the unknown threat actors deploying a backdoor by leveraging...

7.2CVSS8AI score0.54107EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/02/27 7:15 a.m.13 views

Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers

The U.S. Federal Bureau of Investigation FBI formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben Zhou declared a "war against Lazarus." The agency said the Democratic People's Republic of Korea North Korea was responsible for the the...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/26 5:19 p.m.18 views

Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites

A cross-site scripting XSS vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report...

6.1CVSS5.5AI score0.01015EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/02/26 1:54 p.m.58 views

Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts

More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between...

10CVSS10AI score0.99999EPSS
Exploits751
The Hacker News
The Hacker News
added 2025/02/26 11:28 a.m.22 views

SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent

Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it's clear this isn't just a human problem—it's a math problem. There are simply too many threats and security tasks for any SOC to...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/26 11:4 a.m.25 views

New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems

Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42. "Once installed, Auto-color allows threat actors full...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/26 10:56 a.m.17 views

Three Password Cracking Techniques and How to Defend Against Them

Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracki...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/26 10:53 a.m.17 views

CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries

The Computer Emergency Response Team of Ukraine CERT-UA on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat aka DarkCrystal RAT. The Ukrainian cybersecurity authority said it observe...

6.5CVSS7AI score0.1337EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/02/26 10:40 a.m.13 views

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

Cybersecurity researchers have flagged a malicious Python library on the Python Package Index PyPI repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in question is automslc, which has been downloaded over 104,000 times to date. First publish...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/26 4:33 a.m.29 views

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite ZCS to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities in...

9.8CVSS6.5AI score0.77266EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/02/25 4:7 p.m.23 views

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that's capable of...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/25 3:54 p.m.18 views

Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware

Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader. The threat cluster has been assessed to be an extension of a...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/25 11:0 a.m.14 views

5 Active Malware Campaigns in Q1 2025

The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/25 10:22 a.m.14 views

2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT

A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware. "To further evade detection, the attackers deliberately generated multiple variants with different hashes of...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/25 10:13 a.m.19 views

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets

Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky. "The infected projects...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/25 5:51 a.m.9 views

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

Various industrial organizations in the Asia-Pacific APAC region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. "The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network CDN myqcloud and the Youdao Cloud...

7.1AI score
Exploits0
Total number of security vulnerabilities20926