encryption | Breaking Cybersecurity News | The Hacker News

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. "Because the ransomware is now considered dead, we released the decryptor for public download," Gen Digital researcher Ladislav Zezula said . FunkSec , which emerged towards the end of 2024, has claimed 172 victims , according to data from Ransomware.live. The vast majority of targeted entities are located in the U.S., India, and Brazil, with technology, government, and education being the top three sectors attacked by the group. An analysis of FunkSec by Check Point earlier this January found signs that the encryptor was developed with assistance from artificial intelligence (AI) tools. The group has not added any new victims to its data leak site since March 18, 2025, suggesting that the group may no longer be active. It's also believed that the group consisted of inexperienced hackers seeking visibility and recogniti...

Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. "These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device," Nozomi Networks Labs said in a report published last week. "If chained together, they could allow an attacker with access to the same network — such as through a Man-in-the-Middle (MiTM) position — to compromise the Niagara system." Developed by Tridium, an independent business entity of Honeywell, the Niagara Framework is a vendor-neutral platform used to manage and control a wide range of devices from different manufacturers, such as HVAC, lighting, energy management, and security, making it a valuable solution in building management, industrial automation, and smart infrastructure environments. I...

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January 2025 . "The research discovered that SAP GUI input history is stored insecurely, both in the Java and Windows versions," Pathlock researcher Jonathan Stross said in a report shared with The Hacker News. SAP GUI user history allows users to access previously entered values in input fields with the goal of saving time and reducing errors. This historical information is stored locally on devices. This can include usernames, national IDs, social security numbers (SSNs), bank account numbers, and internal SAP table names. The vulnerabilities identified by Pathlock are rooted in th...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app's security. "The Office of Cybersecurity has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use," the CAO said in a memo, according to Axios. To that end, House staff are prohibited from downloading the app on any device issued by the government, including its mobile, desktop, or web browser versions. WhatsApp has pushed back against these concerns, stating messages sent on the platform are end-to-end encrypted by default, and that it offers a "higher level" of security than most of the apps on CAO's approved ...

Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries ), exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions. "Low-code platforms such as Salesforce Industry Cloud make building applications easier, but that convenience can come at a cost if security isn't prioritized," Aaron Costello, chief of SaaS Security Research at AppOmni, said in a statement shared with The Hacker News. These misconfigurations, if left unaddressed, could allow cybercriminals and unauthorized to access encrypted confidential data on employees and customers, session data detailing how users have interacted with Salesforce Industry Cloud, credentials for Salesforce and other company systems, and business logic. Following responsible discl...

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response team, said . "By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information, in plaintext." The fact that the network traffic is unencrypted also means that they are susceptible to adversary-in-the-middle (AitM) attacks, allowing malicious actors on the same network such as a public Wi-Fi to intercept and, even worse, modify this data, which could lead to far more serious consequences. The list of identified extensions are below - SEMRush Rank (extension ID: idbhoeaiokcojcgappfigpifhpkjgmab) and P...

The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. "TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information," Recorded Future Insikt Group said . "TerraLogger, by contrast, is a standalone keylogger. It uses a common low-level keyboard hook to record keystrokes and writes the logs to local files." Golden Chickens, also known as Venom Spider, is the name given to a financially motivated threat actor linked to a notorious malware family called More_eggs . It's known to be active since at least 2018, offering its warez under a malware-as-a-service (MaaS) model. Campaigns distributing More_eggs entail the use of spear-phishing emails to target hiring managers using fake resumes, allowing attackers to steal confidential data. Other campa...

When assessing an organization's external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention . Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited.  This highlights how important your SSL configurations are in maintaining your web application security and minimizing your attack surface. However, research shows that most (53.5%) websites have  inadequate security and that  weak SSL/TLS configuration is amongst the most common application vulnerabilities. Get your SSL configuration right, and you'll enhance your cyber resilience and keep your apps and data safe. Get it wrong, however, and you can increase your organization's attack surface, exposing your business to more cyberattacks. We'll explore the impacts of SSL misconfigurations and explain why they present such a significant attack surface risk. Then, we'll show you how a s...

On the 21st birthday of Gmail , Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an organization, with plans to send E2EE emails to any Gmail inbox in the coming weeks and to any email inbox later this year. What makes the new encryption model – an alternative to the Secure/Multipurpose Internet Mail Extensions ( S/MIME ) protocol – stand out is that it eliminates the need for senders or recipients to use custom software or exchange encryption certificates. "This capability, requiring minimal efforts for both IT teams and end users, abstracts away the traditional IT complexity and substandard user experiences of existing solutions, while preserving enhanced data sovereignty, privacy, and security controls," Google Workspace's Johney Burke and Julien Duplant said...

Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said . .NET MAUI is Microsoft's cross-platform desktop and mobile app framework for creating native applications using C# and XAML. It represents an evolution of Xamarin, with added capabilities to not only create multi-platform apps using a single project, but also incorporate platform-specific source code as and when necessary. It's worth noting that official support for Xamarin ended on May 1, 2024 , with the tech giant urging developers to migrate to .NET MAUI. While Android malware implemented using Xamarin has been detected in the past , the latest development signals that ...

A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025, demanding ransoms as high as $500,000. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said in a report published over the weekend. "The only rule is not to target the Commonwealth of Independent States (CIS)." As with any affiliate-backed ransomware program, VanHelsing claims to offer the ability to target a wide range of operating systems, including Windows, Linux, BSD, Arm, and ESXi. It also employs what's called the double extortion model of stealing data prior to encryption and threatening to leak the information unless the victim pays up. The RaaS operators have also revealed that the scheme offers a control panel that works "seamlessly" o...

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs , incorporate code that's designed to invoke a PowerShell command, which then grabs a PowerShell-script payload from a command-and-control (C2) server and executes it. The payload is suspected to be ransomware in early-stage development, only encrypting files in a folder called "testShiba" on the victim's Windows desktop. Once the files are encrypted, the PowerShell payload displays a message, stating "Your files have been encrypted. Pay 1 ShibaCoin to ShibaWallet to recover them." However, no other instructions or cryptocurrency wallet addresses are provided to the victims, anothe...

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security controls and default settings. "In just the past few months, I have witnessed two different methods for executing a ransomware attack using nothing but legitimate cloud security features," warns Brandon Evans, security consultant and SANS Certified Instructor. Halcyon disclosed an attack campaign that leveraged one of Amazon S3's native encryption mechanisms, SSE-C, to encrypt each of the target buckets. A few months prior, security consultant Chris Farris demonstrated how attackers could perform a similar attack using a different AWS security feature, KMS keys with external key material, using simple scripts generated by ChatGPT. "Clearly, this topic is top-of-mind for both threat actors and ...

The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol via what's called the RCS Universal Profile 3.0 . "The new specifications define how to apply MLS within the context of RCS," Tom Van Pelt, technical director of GSMA, said . "These procedures ensure that messages and other content such as files remain confidential and secure as they travel between clients." This also means that RCS will be the first "large-scale messaging service" to have support for interoperable E2EE between different client implementations from different providers in the near future. It's worth noting that Google's own implemen...

Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea's Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration , he will break down every technical step of a ransomware attack, showing you how hackers exploit vulnerabilities and encrypt data—in clear, simple language. What You Will Learn Attack Initiation: Understand how hackers exploit software bugs and weak passwords to breach your network. Hacker Tactics: See the technical methods hackers use to move laterally, encrypt files, and create backdoors. Identifying Vulnerabilities: Discover common weaknesses like outdated software, misconfigured servers, and unprotected endpoints, plus actionable tips to fix them. Live Simulation: Watch a step-by-step live demo of a ransomware attack—from breach to ransom demand. Expert Analysi...

Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire," Mozilla said . "Without updating to Firefox version 128 or higher (or ESR 115.13 + for ESR users, including Windows 7/8/8.1 and macOS 10.12-10.14 users), this expiration may cause significant issues with add-ons, content signing, and DRM-protected media playback." Mozilla said the latest version of Firefox includes a new root certificate that will prevent this from happening. The update is crucial for all users of Firefox running a version prior to 128, or Extended Support Release (ESR) versions before 115.13, both of which were released on July 9, 2024. This includes all versions of Firefox for Windows, macOS, Linux, and Android...