Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrar...
https://thehackernews.com/2024/05/popular-android-apps-like-xiaomi-wps.html
A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaros...
https://thehackernews.com/2024/05/ukrainian-revil-hacker-sentenced-to-13.html
Like antivirus software, vulnerability scans rely on a database of known weaknesses. That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sam...
https://thehackernews.com/2024/05/when-is-one-vulnerability-scanner-not.html
Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general ac...
https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html
A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for furth...
https://thehackernews.com/2024/05/new-goldoon-botnet-targets-d-link.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw impacting GitLab to its Known Exploited Vulnerabilities (KEV) catalog, owing to active exploitation in...
https://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html
A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication dat...
https://thehackernews.com/2024/05/new-cuttlefish-malware-hijacks-router.html
A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal...
https://thehackernews.com/2024/05/bitcoin-forensic-analysis-uncovers.html
Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) serve...
https://thehackernews.com/2024/05/android-malware-wpeeper-uses.html
There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those ve...
https://thehackernews.com/2024/05/everyones-expert-how-to-empower-your.html
The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively devel...
https://thehackernews.com/2024/05/zloader-malware-evolves-with-anti.html
A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence...
https://thehackernews.com/2024/05/ex-nsa-employee-sentenced-to-22-years.html
Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring ho...
https://thehackernews.com/2024/04/millions-of-malicious-imageless.html
The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. "These guidelines are informed by the wh...
https://thehackernews.com/2024/04/us-government-releases-new-ai-security.html
Operational Technology (OT) refers to the hardware and software used to change, monitor, or control the enterprise's physical devices, processes, and events. Unlike traditional Information Techn...
https://thehackernews.com/2024/04/considerations-for-operational.html
The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29,...
https://thehackernews.com/2024/04/new-uk-law-bans-default-passwords-on.html
Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or ...
https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html
A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures an...
https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html
It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better,...
https://thehackernews.com/2024/04/navigating-threat-landscape.html
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results i...
https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html
Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three f...
https://thehackernews.com/2024/04/sandbox-escape-vulnerabilities-in.html
Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks...
https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compro...
https://thehackernews.com/2024/04/ukraine-targeted-in-cyberattack.html
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurit...
https://thehackernews.com/2024/04/bogus-npm-packages-used-to-trick.html
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact a...
https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targe...
https://thehackernews.com/2024/04/10-critical-endpoint-security-tips-you.html
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remo...
https://thehackernews.com/2024/04/new-brokewell-android-malware-spread.html
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CV...
https://thehackernews.com/2024/04/palo-alto-networks-outlines-remediation.html
Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-2...
https://thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT as part of attacks targeting spe...
https://thehackernews.com/2024/04/north-koreas-lazarus-group-deploys-new.html
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multip...
https://thehackernews.com/2024/04/network-threats-step-by-step-attack.html
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 bi...
https://thehackernews.com/2024/04/doj-arrests-founders-of-crypto-mixer.html
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its ...
https://thehackernews.com/2024/04/google-postpones-third-party-cookie.html
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the�...
https://thehackernews.com/2024/04/state-sponsored-hackers-exploit-two.html
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the I...
https://thehackernews.com/2024/04/us-treasury-sanctions-iranian-firms-and.html
Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver a malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, ...
https://thehackernews.com/2024/04/researchers-detail-multistage-attack.html
Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovere...
https://thehackernews.com/2024/04/major-security-flaws-expose-keystrokes.html
Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the secu...
https://thehackernews.com/2024/04/ciso-perspectives-on-complying-with.html
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat coden...
https://thehackernews.com/2024/04/escan-antivirus-update-mechanism.html
A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains s...
https://thehackernews.com/2024/04/coralraider-malware-campaign-exploits.html
Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that�...
https://thehackernews.com/2024/04/apache-cordova-app-harness-targeted-in.html
In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-par...
https://thehackernews.com/2024/04/webinar-learn-proactive-supply-chain.html
European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the indu...
https://thehackernews.com/2024/04/police-chiefs-call-for-solutions-to.html
Cybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on understanding how and why they were targeted by such breaches, there's a ...
https://thehackernews.com/2024/04/unmasking-true-cost-of-cyberattacks.html
German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federa...
https://thehackernews.com/2024/04/german-authorities-issue-arrest.html
The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or w...
https://thehackernews.com/2024/04/us-imposes-visa-restrictions-on-13.html
The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called Go...
https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html
The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data. Russian cybersecurity firm Kaspersky ch...
https://thehackernews.com/2024/04/russian-hacker-group-toddycat-uses.html
Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises d...
https://thehackernews.com/2024/04/penteras-2024-report-reveals-hundreds.html
The MITRE Corporation revealed that it was the target of a nation-state cyber attack that exploited two zero-day flaws in Ivanti Connect Secure appliances starting in January 2024. The intrusion ...
https://thehackernews.com/2024/04/mitre-corporation-breached-by-nation.html