The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern instances of absolute path traversal that allow a remote unauthenticated attacker to leak sensitive information. The flaws are listed below - CVE-2024-10811 CVE-2024-13161  CVE-2024-13160, and CVE-2024-13159 The shortcomings affect EPM versions 2024 November security update and prior, and 2022 SU6 November security update and prior. They have been addressed in EPM 2024 January-2025 Security Update and EPM 2022 SU6 January-2025 Security Update. Horizon3.ai security researcher Zach Hanley has been credited with discovering and reporting all four vulnerabilities in question. Also patched by Ivanti are multiple high-severity bugs in Avalanche vers...

Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. "The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages," Jérôme Segura, senior director of threat intelligence at Malwarebytes, said in a report shared with The Hacker News. It's suspected the end goal of the campaign is to reuse the stolen credentials to further perpetuate the campaigns, while also selling them to other criminal actors on underground forums. Based on posts shared on Reddit , Bluesky , and Google's own support forums , the threat has been active since at least mid-November 2024. The activity cluster is a lot similar to campaigns that leverage stealer malware to steal data related to Facebook advertising and business accounts in order to ...

The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat Research and Intelligence at SecurityScorecard, said in a new report published today. "Once a victim takes the bait, they're directed to clone a malicious GitLab repository – seemingly harmless, but packed with disaster. The cloned code connects to command-and-control (C2) servers, embedding malware into the victim's environment." Victims of the campaign have been identified across the globe, with a significant concentration recorded in Italy. A lesser number of impacted victims are located in Argentina, Brazil, Egypt, France, Germany, India, Indonesia, Mexico,...

Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyang-based threamoret groups may have pulled off illicit money-making scams that predate the use of IT workers, SecureWorks Counter Threat Unit (CTU) said in a report shared with The Hacker News. The IT worker fraud scheme , which came to light in late 2023, involves North Korean actors infiltrating companies in the West and other parts of the world by surreptitiously seeking employment under fake identities to generate revenue for the sanctions-hit nation. It's also tracked under the names Famous Chollima, Nickel Tapestry, UNC5267, and Wagemole. The IT personnel, per South Korea's Ministry of Foreign Affairs (MoFA), have been assessed to be part of the 313th General Bureau, an organization under the Munitions Industry Department of the Workers' Party of Korea. ...

As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH keys, can be extracted, and malicious code can be executed by overwriting files such as ~/.bashrc or ~/.popt." The shortcomings, which comprise heap-buffer overflow, information disclosure, file leak, external directory file-write, and symbolic-link race condition, are listed below - CVE-2024-12084 (CVSS score: 9.8) - Heap-buffer overflow in Rsync due to improper checksum length handling CVE-2024-12085 (CVSS score: 7.5) - Information leak via uninitialized stack contents CVE-2024-12086 (CVSS score: 6.1) - Rsync server leaks arbitrary client files CVE-2024-12087 (CVSS ...

Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn't just ineffective—it's high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT engineering systems, which power critical infrastructure such as electric power grids, oil and gas processing, heavy manufacturing, food and beverage processes, and water management facilities, require tailored cybersecurity strategies, and controls. This is due to the increasing attacks towards ICS/OT, their unique operational missions, a different risk surface than that of traditional IT networks, and the significant safety consequences from cyber incidents that impact the physical world. Critical infrastructure should be protected against today's threats to continue supporting national sa...

The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People's Republic of China (PRC), allowing for information theft and remote control of compromised devices. An affidavit filed by the FBI noted that the identified PlugX variant is linked to a state-sponsored hacking group called Mustang Panda , which is also referred to as BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, Red Lich, Stately Taurus, TA416, and Twill Typhoon. "Since at least 2014, Mustang Panda hackers then infiltrated thousands of computer systems in campaigns targeting U.S. victims, as well as European and Asian governments and businesses, and Chinese dissident...

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass ( CVE-2024-7344 , CVSS score: 6.7), has not been assigned any severity. According to the Zero Day Initiative , the update marks the largest number of CVEs addressed in a single month since at least 2017. The fixes are in addition to seven vulnerabilities the Windows maker addressed in its Chromium-based Edge browser since the release of December 2024 Patch Tuesday updates. Prominent among the patches released by Microsoft is a trio of flaws in Windows Hyper-V NT Kernel Integration VSP ( CVE-2025-21333 , CVE-2025-21334 , and CVE-2025-21335 , CVSS scores: 7.8) that the company said has come under active exploitation in the wild. ...

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows - CVE-2024-57727 (CVSS score: 7.5) - An unauthenticated path traversal vulnerability that allows an attacker to download arbitrary files from the SimpleHelp server, including the serverconfig.xml file that contains hashed passwords for the SimpleHelpAdmin account and other local technician accounts CVE-2024-57728 (CVSS score: 7.2) - An arbitrary file upload vulnerability that allows an attacker with SimpleHelpAdmin privileges (or as a technician with admin privileges) to upload arbitrary files anywhere on the SimpleServer host, potentially leading to remote code execution CVE-2024-5772...

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection ( SIP ) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug that was addressed by Apple as part of macOS Sequoia 15.2 released last month. The iPhone maker described it as a "configuration issue" that could permit a malicious app to modify protected parts of the file system. "Bypassing SIP could lead to serious consequences, such as increasing the potential for attackers and malware authors to successfully install rootkits, create persistent malware, bypass Transparency, Consent and Control (TCC), and expand the attack surface for additional techniques and exploits," Jonathan Bar Or of the Microsoft Threat Intelligen...