#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

Digital Threat | Breaking Cybersecurity News | The Hacker News

Category — Digital Threat
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

Feb 01, 2025 Privacy / Surveillance
Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024. In a statement to The Guardian, the encrypted messaging app said it has reached out to affected users, stating it had "high confidence" that the users were targeted and "possibly compromised." It's currently not known who is behind the campaign and for how long it took place. The attack chain is said to be zero-click, meaning the deployment of the spyware occurs without requiring any user interaction. It's suspected to involve the distribution of a specially-crafted PDF file sent to individuals who were added to group chats on WhatsApp. The company noted the targets were spread across over two dozen countries, including several in Europe, ...
Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

Oct 08, 2024 Mobile Security / Privacy
Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to "memory corruption while maintaining memory maps of HLOS memory." Qualcomm credited Google Project Zero researcher Seth Jenkins and Conghui Wang for reporting the flaw, and Amnesty International Security Lab for confirming in-the-wild activity. "There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation," the chipmaker said in an advisory. "Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible." ...
U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown

U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown

Nov 06, 2023
The U.S. Department of the Treasury imposed sanctions against a 37-year-old Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the Ryuk ransomware group. Ekaterina Zhdanova, per the department, is said to have facilitated large cross border transactions to assist Russian individuals to gain access to Western financial markets and circumvent international sanctions. "Zhdanova utilizes entities that lack Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) controls, such as OFAC-designated Russian cryptocurrency exchange Garantex Europe OU (Garantex)," the treasury department  said  last week.  "Zhdanova relies on multiple methods of value transfer to move funds internationally. This includes the use of cash and leveraging connections to other international money laundering associates and organizations." It's worth noting that Garantex was  previously sanctioned ...
cyber security

SANS Institute Complimentary Training Bundle ($3240 Value) at Network Security 2025

websiteSANS InstituteCyber Security Training
Register to attend in-person training at Network Security 2025 in Las Vegas, NV and claim a complimentary cyber-pro pass that includes an OnDemand bundle, AND a free pass to compete in NetWars!
cyber security

Key Essentials to Modern SaaS Data Resilience

websiteVeeamSaaS Security / Data Resilience
Learn how to modernize your SaaS data protection strategy and strengthen security to avoid risks of data loss.
Expert Insights Articles Videos
Cybersecurity Resources