The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

A critical security vulnerability has been discovered in the global e-commerce business PayPal that could allow attackers to steal your login credentials , and even your credit card details in unencrypted format. Egypt-based researcher Ebrahim Hegazy discovered a Stored Cross Site Scripting (XSS) vulnerability in the Paypal's Secure Payments domain. As it sounds, the domain is used to conduct secure online payments when purchasing from any online shopping website. It enables buyers to pay with their payment cards or PayPal accounts, eliminating the need to store sensitive payment information. However, it is possible for an attacker to set up a rogue online store or hijacked a legitimate shopping website, to trick users into handing over their personal and financial details. How the Stored XSS Attack Works? Hegazy explains a step by step process in his blog post , which gives a detailed explanation of the attack. Here's what the researcher calls the worst attack scenario:

Remember Team Poison ?  The hackers group that was active in 2012, and was known for gaining access to the former Prime Minister Tony Blair's address book and then publishing information from it. The British hacker who actually obtained the Prime Minister's address book and was jailed for six months in 2012, named Junaid Hussain , has been killed in a United States drone strike in Syria, a source familiar with the matter said on Wednesday. Hussain was a British hacker who rose to prominence within Islamic State group in Syria as a top cyber expert to mastermind the ISIS online war. The U.S. military conducted the operation; no involvement of the British government in the killing of Hussain, a British citizen from Birmingham. Junaid Hussain Killed in Raqqa Hussain was killed in Raqqa, located in northern Syria, which has been treated as a safe place by ISIS. The United States has yet to officially announce Hussain's death, which is not veri

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

Microsoft's 'Cortana', Google's 'Google Now', Apple's 'Siri', Now meet Facebook's 'M.' Facebook's announcement to introduce their Personal Digital Assistant "M" comes with powers within the Facebook Messenger. It is a similar virtual assistant like Google Now, Apple's Siri and Microsoft's smart digital assistant Cortana. It seems that all the intelligence that resides within the personal digital assistants already in the market are nothing in front of M's capabilities, according to the Facebook post by David Marcus , Vice President of Messaging Products at Facebook. Three days ago, Microsoft had boosted the powers of Android users by making Cortana accessible on Android devices. Now listening to Facebook's launch of 'M', rival companies would have definitely face-palmed! What Can I Help You With? The virtual assistant software "M" is truly going to support you by doing the

Jailbreakers Beware! Some shady tweaks that you installed on their jailbroken devices are looking to steal your iCloud login credentials, a report said. The iCloud account details, including email addresses and passwords, of nearly 220,000 jailbreak users have been breached , an online Chinese vulnerability-reporting platform WooYun reported . WooYun is an information security platform where researchers report vulnerabilities and vendors give their feedbacks. Backdoor Privacy Attack The security breach, according to the website, was a result of ' backdoor privacy attack ' caused by the installation of a malicious jailbreak tweak. It appears that Hackers are using a variety of " built-in backdoors " that could be numerous of malicious jailbreak tweaks in an effort to acquire victim's iCloud account information. Once installed, these malicious tweaks transferred the iCloud login details of the jailbreak users to an unknown remote se

Cheaters Exposed! Would it be  the Impact Team or a woman ex-employee who worked for Avid Life Media (as per John McAfee claims ), the hackers that breached the cheater's dating website Ashley Madison has made the world aware of a lot of unfaithful people. The data crunching firm Dadaviz has analysed the leaked information of the Ashley Madison website and  revealed that thousands of the cheating website customers are from the large tech companies. Among those large tech companies, IBM and HP have the highest number of employees using the online infidelity website. Also, the list included Cisco, Apple, Intel and Microsoft employees. Top 10 Big Tech Companies that Love to Cheat Here is the list of Top 10 Big Tech Companies where Ashley Madison is the most popular: IBM HP Cisco Apple Intel Microsoft Samsung SAP Oracle Qualcomm Dadaviz found that one-third (34 percent) of all the Ashley Madison accounts were fake. Of course, there would be