#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Cyber Attack | Breaking Cybersecurity News | The Hacker News

Category — Cyber Attack
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

Dec 16, 2024 Cyber Threats / Weekly Recap
This past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there's a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small. Meanwhile, law enforcement has scored wins against some shady online marketplaces, and technology giants are racing to patch problems before they become a full-blown crisis. If you've been too busy to keep track, now is the perfect time to catch up on what you may have missed. ⚡ Threat of the Week Cleo Vulnerability Comes Under Active Exploitation — A critical vulnerability (CVE-2024-50623) in Cleo's file transfer software—Harmony, VLTrader, and LexiCom—has been actively exploited by cybercriminals , creating major security risks for organizations worldwide. The flaw enables attackers to execute code remotely without authorization...
Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

Dec 16, 2024 Cyber Attack / Cyber Espionage
The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia's Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of "quest games." Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv . These groups, per the agency, consisted exclusively of children aged 15 and 16. "The minors carried out hostile tasks of conducting reconnaissance, correcting strikes, and arson," the SSU said in a statement released Friday. "To mask subversive activities, both enemy cells operated separately from each other." As per the quest game rules set by the FSB, the children were given geographic coordinates, after which they were instructed to get to the location, take photos and videos of targets, and provide a general description of the surrounding area. The results of these reconnaissance m...
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Future-Ready Trust: Learn How to Manage Certificates Like Never Before

WebinarTrust Management / SSL Certificate
Managing digital trust shouldn't feel impossible. Join us to discover how DigiCert ONE transforms certificate management—streamlining trust operations, ensuring compliance, and future-proofing your digital strategy.
ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms

Dec 11, 2024 Ransomware / Malware
Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. "Zloader 2.9.4.0 adds notable improvements including a custom DNS tunnel protocol for C2 communications and an interactive shell that supports more than a dozen commands, which may be valuable for ransomware attacks," Zscaler ThreatLabz said in a Tuesday report. "These modifications provide additional layers of resilience against detection and mitigation." ZLoader , also referred to as Terdot, DELoader, or Silent Night, is a malware loader that's equipped with the ability to deploy next-stage payloads. Malware campaigns distributing the malware were observed for the first time in almost two years in September 2023 after its infrastructure was taken down. In addition to incorporating various...
cyber security

2024: A Year of Identity Attacks | Get the New eBook

websitePush SecurityIdentity Security
Prepare to defend against identity attacks in 2025 by looking back at identity-based breaches in 2024.
⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)

⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8)

Dec 09, 2024 Cyber Threats / Weekly Recap
This week's cyber world is like a big spy movie. Hackers are breaking into other hackers' setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to know who's hacking who, how they're doing it, and what's being done to fight back? Stick around—this recap has the scoop. ⚡ Threat of the Week Turla Hackers Hijack Pakistan Hackers' Infrastructure — Imagine one hacker group sneaking into another hacker group 's secret hideout and using their stuff to carry out their own missions. That's basically what the Russia-linked Turla group has been doing since December 2022. They broke into the servers of a Pakistani hacking team called Storm-0156 and used those servers to spy on government and military targets in Afghanistan and India. By doing th...
Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

Dec 05, 2024 Threat Intelligence / Cyber Espionage
A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. However, the company doesn't rule out the possibility that the intrusion may have occurred earlier. "The attackers moved laterally across the organization's network, compromising multiple computers," the Symantec Threat Hunter Team said in a report shared with The Hacker News. "Some of the machines targeted were Exchange Servers, suggesting the attackers were gathering intelligence by harvesting emails. Exfiltration tools were also deployed, suggesting that targeted data was taken from the organizations." The name of the organization that was impacted by the persistent attack campaign was not disclosed, but noted that the victim has a significant presence in China. The links to China as ...
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

Dec 03, 2024 Threat Intelligence / Email Security
The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said . "Then, from mid-September, some phishing emails disguised as if they were sent from Russia were observed." This entails the abuse of VK's Mail.ru email service, which supports five different alias domains, including mail.ru, internet.ru, bk.ru, inbox.ru, and list.ru. Genians said it has observed the Kimsuky actors leveraging all the aforementioned sender domains for phishing campaigns that masquerade as financial institutions and internet portals like Naver. Other phishing attacks have entailed sending messages that mimic Naver's MYBOX cloud storage service and aim to trick users into ...
THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)

THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)

Dec 02, 2024 Cyber Threats / Weekly Recap
Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's trying to break into a system somewhere every 39 seconds. And get this - while we're all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity experts have trouble spotting them. What's even crazier? Some of the latest malware is like a digital chameleon - it literally watches how you try to catch it and changes its behavior to slip right past your defenses. Pretty mind-bending stuff, right? This week's roundup is packed with eye-opening developments that'll make you see your laptop in a whole new light. ⚡ Threat of the Week T-Mobile Spots Hackers Trying to Break In: U.S. telecom service provider T-Mobile caught some suspicious activity on their network recently - basically, someone was trying to sneak into th...
APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

Nov 27, 2024 Malware / Cyber Espionage
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack, an email purporting to be from a prospective employee was sent to the organization's recruiting contact, infecting the contact with malware," the agency said . APT-C-60 is the moniker assigned to a South Korea-aligned cyber espionage group that's known to target East Asian countries. In August 2024, it was observed exploiting a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262) to drop a custom backdoor called SpyGlace. The attack chain discovered by JPCERT/CC involves the use of a phishing email that contains a link to a file hosted on Goo...
Expert Insights / Articles Videos
Cybersecurity Resources