#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

The Hacker News | #1 Trusted Cybersecurity News Site

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

Dec 23, 2024 Machine Learning / Threat Analysis
Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers said in a new analysis. "Criminals can prompt LLMs to perform transformations that are much more natural-looking, which makes detecting this malware more challenging." With enough transformations over time, the approach could have the advantage of degrading the performance of malware classification systems, tricking them into believing that a piece of nefarious code is actually benign. While LLM providers have increasingly enforced security guardrails to prevent them from going off the rails and producing unintended output, bad actors have advertised tools like WormGPT...
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

Dec 23, 2024 Cybersecurity / Weekly Recap
The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps. These events aren't random—they show just how clever and flexible cyber threats can be. In this edition, we'll look at the most important cyber events from the past week and share key takeaways to help you stay safe and prepared. Let's get started. ⚡ Threat of the Week LockBit Developer Rostislav Panev Charged in the U.S. — Rostislav Panev, a 51-year-old dual Russian and Israeli national, has been charged in the U.S. for allegedly acting as the developer of the now-disrupted LockBit ransomware-as-a-service (RaaS) operation, netting about $230,000 between June 2022 and February 2024. Panev was ...
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

Dec 23, 2024 Phishing / Cybercrime
An interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm . "It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable," Sophos said in a new report published last week. "This does not appear to be because of a takedown action, but due to some technical failure on the backend of the service." Rockstar2FA was first documented by Trustwave late last month as a PhaaS service that allows criminal actors to launch phishing attacks that are capable of harvesting Microsoft 365 account credentials and session cookies, thereby circumventing multi-factor authentication (MFA) protections. The service is assessed to be an updated version of the DadSec phishing kit, which is tracked by Microsoft under the name Storm-1575. A majority of the ph...
cyber security

What CISOs Really Think About AI (and What They're Doing About It)

websiteTinesAI Security
74% of CISOs believe AI will bring more benefits than risks to the SOC. Uncover how security leaders see AI.
Top 10 Cybersecurity Trends to Expect in 2025

Top 10 Cybersecurity Trends to Expect in 2025

Dec 23, 2024 Cybersecurity / Threat Intelligence
The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Here's a closer look at ten emerging challenges and threats set to shape the coming year. 1. AI as a weapon for attackers The dual-use nature of AI has created a great deal of risk to organizations as cybercriminals increasingly harness the power of AI to perpetrate highly sophisticated attacks. AI-powered malware can change its behavior in real-time. This means it can evade traditional methods of detection and find and exploit vulnerabilities with uncanny precision. Automated reconnaissance tools let attackers compile granular intelligence about systems, employees, and defenses of a target at unprecedented scale and speed. AI use also reduces the planning time for a...
U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case

U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case

Dec 23, 2024 Spyware / Mobile Security
Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus. "The limited evidentiary record before the court does show that defendants' Pegasus code was sent through plaintiffs' California-based servers 43 times during the relevant time period in May 2019," United States District Judge Phyllis J. Hamilton said . The order further lambasted NSO Group, stating it "repeatedly failed to produce relevant discovery and failed to obey court orders regarding such discovery," referring to the company's failure to produce the Pegasus source code and for limiting the access to Israeli citizens present in Israel. This information, per WhatsApp, included code only pertaining to an Amazon Web Services (AWS) server, and not the entire codebase that wo...
Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations

Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations

Dec 23, 2024 GDPR / Data Privacy
Italy's data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users' information to train its service in violation of the European Union's General Data Protection Regulation (GDPR). The authority said OpenAI did not notify it of a security breach that took place in March 2023, and that it processed the personal information of users to train ChatGPT without having an adequate legal basis to do so. It also accused the company of going against the principle of transparency and related information obligations toward users. "Furthermore, OpenAI has not provided for mechanisms for age verification, which could lead to the risk of exposing children under 13 to inappropriate responses with respect to their degree of development and self-awareness," the Garante said. ...
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

Dec 21, 2024 Ransomware / Cybercrime
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev , 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a statement. Based on fund transfers to a cryptocurrency wallet owned by Panev, he allegedly earned approximately $230,000 between June 2022 and February 2024. "Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit co-conspirators to wreak havoc and cause billions of dollars in damage around the world," U.S. Attorney Philip R. Sellinger said . LockBit, which was one of the most prolific ransomware groups, had its infrastructure seized in February 2024 as part of an international law enforcement operation called Cronos. It gained notoriety for tar...
Data Governance in DevOps: Ensuring Compliance in the AI Era

Data Governance in DevOps: Ensuring Compliance in the AI Era

Dec 16, 2024DevOps / Data Governance
With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we'll explore the concept of CI/CD pipeline governance and why it's vital, especially as AI becomes increasingly prevalent in our software pipelines. What is CI/CD Pipeline Governance? CI/CD pipeline governance refers to the framework of policies, practices, and controls that oversee the entire software delivery process. It ensures that every step, from the moment the code is committed to when it's deployed in production, adheres to organizational standards, security protocols, and regulatory requirements. In DevOps, this governance acts as a guardrail, allowing teams to move fast without compromising on quality, security, or compliance. It's about striking the delicate balance betwee...
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

Dec 20, 2024 Cyber Espionage / Malware
The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The attacks, which culminated in the deployment of a new modular backdoor referred to as CookiePlus , are part of a long-running cyber espionage campaign known as Operation Dream Job, which is also tracked as NukeSped by cybersecurity company Kaspersky. It's known to be active since at least 2020, when it was exposed by ClearSky. These activities often involve targeting developers and employees in various companies, including defense, aerospace, cryptocurrency, and other global sectors, with lucrative job opportunities that ultimately lead to the deployment of malware on their machines. "Lazarus is interested in carrying out supply chain attacks as part of the DeathNote...
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Dec 20, 2024 Malware / Supply Chain Attack
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli , were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery , versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest safe version is 1.1.8. "They were released by an attacker who gained unauthorized npm publishing access, and contain malicious scripts," software supply chain security firm Socket said in an analysis. Rspack is billed as an alternative to the webpack , offering a "high performance JavaScript bundler written in Rust." Originally developed by ByteDance, it has since been adopted by several companies such as Alibaba, Amazon, Discord, and Microsoft, among others. The npm packages in question, @rspack/core, and @rspack/cli, attract weekly downloads of over 300,000 and 145...
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Dec 20, 2024 Firewall Security / Vulnerability
Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows - CVE-2024-12727 (CVSS score: 9.8) - A pre-auth SQL injection vulnerability in the email protection feature that could lead to remote code execution, if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability ( HA ) mode. CVE-2024-12728 (CVSS score: 9.8) - A weak credentials vulnerability arising from a suggested and non-random SSH login passphrase for High Availability (HA) cluster initialization that remains active even after the HA establishment process completed, thereby exposing an account with privileged access if SSH is ena...
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Dec 20, 2024 Vulnerability / Cyber Attack
A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.  The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted data packets. Russian cybersecurity firm Kaspersky said the October 2024 attack targeted an unnamed company's Windows server that was exposed to the internet and had two open ports associated with FortiClient EMS. "The targeted company employs this technology to allow employees to download specific policies to their corporate devices, granting them secure access to the Fortinet VPN," it said in a Thursday analysis. Further analysis of the incident found that the threat actors took advantage of CVE-2023-48788 as an initial access vector, subsequently dropping a ScreenConnect exe...
Expert Insights / Articles Videos
Cybersecurity Resources