The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Ashley Madison, an American most prominent dating website that helps people cheat on their spouses has been hacked, has agreed to an $11.2 Million settlement for roughly 37 million users whose personal details were exposed in a massive data breach two years ago. Though the parent company of Ashley Madison , Ruby Corp., denies any wrongdoing, the company has pledged to pay around $3,500 to each of the hack's victims for the settlement. The settlement has to be reviewed by a federal judge in St. Louis. Ashley Madison marketed itself as a means to help people cheat on their spouses, with a tagline "Life is short. Have an affair." The site was breached in July 2015 and hackers dumped nearly 100 gigabytes' worth of sensitive data belonging to 37 million users of the casual sex and marriage affair website onto the dark web. The leaked data included victims' usernames, first and last names, email addresses, passwords, credit card data information, street...

Microsoft is making every effort to make its Windows 10 Fall Creators Update bigger than ever before by beefing up its security practices and hardening it against hackers and cyber attacks in its next release. Microsoft is finally adding one of the much-requested features to Windows 10: Pin and Password recovery option directly from the lock screen. Yes, the next big update of Windows 10, among other features, will allow you to recover your forgotten pin and password, allowing you to reset your Windows password directly from the lock screen. In Windows 10 Fall Creators Update, you will see "Reset password" or "I forgot my PIN" options on the login screen along with the sign-in box, mspoweruser confirmed . Once you click on the option, Windows 10 will take you to the OOBE where Cortana will help you reset your password, after you successfully verify your identity using either your secondary email, your phone number, or Microsoft Authenticator. A veri...

Cybercrime has continued to evolve and today exists in a highly organised form. Cybercrime has increasingly been commercialised, and itself become big business by renting out an expanded range of hacking tools and technologies, from exploit kits to ransomware, to help anyone build threats and launch attacks. In past few years, we have witnessed the increase in the popularity of malware-as-a-service (MaaS), which is today a prosperous business on the underground black market that offers an array of services, including ransomware-as-a-service , DDoS-as-a-service , phishing-as-a-service, and much more. Two such services have recently been spotted by two separate group of researchers, which we have detailed in this article. Ovidiy Stealer — $7 Password-Stealing Malware For Everyone A new credential stealing malware that targets primarily web browsers is being marketed at Russian-speaking web forums for as cheap as $7, allowing anyone with even little technical knowledge ...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Have you ever felt like wishing of sending any type of file immediately to your friends and office colleagues on WhatsApp directly, instead of just contacts, images or documents? Well, now you can… The latest version of WhatsApp for Android and iOS now allows users to send and receive any type of files, whether it's .mp3, .avi, .php, zip files, or even APKs. The company last month rolled out this feature to its beta users for Android, and now after being tested successfully, the feature is being released to all WhatsApp users in the latest public update for iOS and Android. The ability to send any file types also works on the WhatsApp-Web client . And of course, there's a file-size limit: Android users can send files up to 100MB iOS users can send files up to 128MB While WhatsApp-web users can only send up to 64MB To send any file format you just need to select 'Document' from 'Attach.' Additionally, the latest update of the app will allow you to select photos ...

AlphaBay Market — one of the largest Dark Web marketplaces for drugs, guns, and other illegal goods — that mysteriously went dark earlier this month without any explanation from its admins has reportedly been shut down by the international authorities. On July 4th, the dark web marketplace suddenly went down without any explanation from its admins, which left its customers who have paid large sums in panic. Some customers even suspected that the site's admins had pulled an exit scam to steal user funds. However, according to the Wall Street Journal , the disappearance of the AlphaBay came after authorities in the United States, Canada, and Thailand collaborated to conduct a series of raids and arrest  Alexandre Cazes , who allegedly was one of the AlphaBay's operators. Citing "people familiar with the matter," the publication claims that Cazes, a resident of Canada, was arrested in Thailand and taken into custody in Bangkok on July 5th, the same day the ...

Windows and Linux in the same line? Yes, you heard that right... and that too, on the same computer and within the same operating system. Two months ago, Microsoft announced its plans to let its users install three different flavours of the Linux operating system – Ubuntu , Fedora , and SUSE – directly through their Windows Store, allowing them to run Windows and Linux apps side-by-side. Now, downloading an entire operating system has just become as easy as downloading an application with the availability of popular Linux distro 'Ubuntu' in the Windows App Store . However, unlike a conventional Ubuntu installation, this Ubuntu version runs in a sandboxed alongside Windows 10 with limited interaction with the operating system and is focused on running regular command-line utilities like bash or SSH as a standalone installation through an Ubuntu Terminal. For now, Ubuntu is currently only available to Windows 10 Insiders users and would be made available to the pub...

WikiLeaks has today published the 16th batch of its ongoing Vault 7 leak , this time instead of revealing new malware or hacking tool, the whistleblower organisation has unveiled how CIA operatives stealthy collect and forward stolen data from compromised smartphones. Previously we have reported about several CIA hacking tools, malware and implants used by the agency to remotely infiltrate and steal data from the targeted systems or smartphones. However, this time neither Wikileaks nor the leaked CIA manual clearly explains how the agency operatives were using this tool. But, since we have been covering every CIA leak from the very first day, we have understood a possible scenario and have illustrated how this newly revealed tool was being used. Explained: How CIA Highrise Project Works In general, the malware uses the internet connection to send stolen data after compromising a machine to the attacker-controlled server (listening posts), but in the case of smartphones, ...

After WannaCry and Petya ransomware outbreaks, a scary (but rather creative) new strain of ransomware is spreading via bogus apps on the Google Play Store, this time targeting Android mobile users. Dubbed LeakerLocker , the Android ransomware does not encrypt files on victim's device, unlike traditional ransomware, rather it secretly collects personal images, messages and browsing history and threatens to share it to their contacts if they don't pay $50 (£38). Researchers at security firm McAfee spotted the LeakerLocker ransomware in at least two apps — Booster & Cleaner Pro and Wallpapers Blur HD — in the Google Play Store, both of which have thousands of downloads. To evade detection of malicious functionality, the apps initially don't contain any malicious payload and typical function like legitimate apps. But once installed by users, the apps load malicious code from its command-and-control server, which instructs them to collect a vast number of sensitive...

A researcher has claimed that Samsung's Tizen operating system that runs on millions of Samsung products is so poorly programmed that it could contain nearly 27,000 programming errors, which could also lead to thousands of vulnerabilities. Tizen is a Linux-based open-source operating system backed by Intel and Samsung Electronics, which has been in development since early 2012 and designed for smartphones, tablets, smart TVs, smart watches, cameras and PCs. According to Andrey Karpov — founder of Russia-based company Program Verification Systems that made PVS-Studio, a static code analyzer tool that helps programmers to find and fix bugs in their source codes — his team has discovered hundreds of errors in Tizen project using PVS-Studio. Samsung's Tizen operating system, written in C/C++ programming language, currently has 72.5 million lines of source code, out of which Karpov's team has analysed some randomly chosen modules i.e. 3.3% of the entire Project and fou...

Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet after NICE Systems , a third-party vendor, mistakenly left the sensitive users' details open on a server. Chris Vickery, researcher and director of cyber risk research at security firm UpGuard, discovered the exposed data on an unprotected Amazon S3 cloud server that was fully downloadable and configured to allow public access. The exposed data includes sensitive information of millions of customers, including their names, phone numbers, and account PINs (personal identification numbers), which is enough for anyone to access an individual's account, even if the account is protected by two-factor authentication . "The exposure of Verizon account PIN codes used to verify customers, listed alongside their associated phone numbers, is particularly concerning," explained UpGuard's Dan O'Sullivan in ...