The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as  CVE-2023-37476  (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine is designed to only run locally on a user's machine, an attacker can trick a user into importing a malicious project file," Sonar security researcher Stefan Schiller  said  in a report published last week. "Once this file is imported, the attacker can execute arbitrary code on the user's machine." Software prone to  Zip Slip vulnerabilities  can pave the way for code execution by taking advantage of a directory traversal bug that an attacker can exploit to gain access to parts of the file system that should be out of reach otherwise. The attack is built on t...

Cybersecurity experts have discovered yet another malware-as-a-service ( MaaS ) threat called  BunnyLoader  that's being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credentials and system information, and much more," Zscaler ThreatLabz researchers Niraj Shivtarkar and Satyam Singh  said  in an analysis published last week. Among its other capabilities include running remote commands on the infected machine, a keylogger to capture keystrokes, and a clipper functionality to monitor the victim's clipboard and replace content matching cryptocurrency wallet addresses with actor-controlled addresses. A C/C++-based loader offered for $250 for a lifetime license, the malware is said to have been under continuous development since its debut on September 4, 2023, with new features and enhancements that incorporate anti-sandbox and antivirus evasio...

An emerging Android banking trojan called Zanubis is now masquerading as a Peruvian government app to trick unsuspecting users into installing the malware. "Zanubis's main infection path is through impersonating legitimate Peruvian Android applications and then tricking the user into enabling the Accessibility permissions in order to take full control of the device," Kaspersky  said  in an analysis published last week. Zanubis,  originally documented  in August 2022, is the latest addition to a  long list of Android banker malware  targeting the Latin American (LATAM) region. Targets include more than 40 banks and financial entities in Peru. It's mainly known for abusing accessibility permissions on the infected device to display fake overlay screens atop the targeted apps in an attempt to steal credentials. it's also capable of harvesting contact data, list of installed apps, and system metadata. Kaspersky said it observed recent samples of Zanubis i...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI  said  in an alert. "Variants were deployed in various combinations." Not much is known about the scale of such attacks, although it's believed that they happen in close proximity to one another, ranging from anywhere between 48 hours to within 10 days. Another notable change observed in ransomware attacks is the increased use of custom data theft, wiper tools, and malware to exert pressure on victims to pay up. "This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments," the agency said. "Second ran...

Sophisticated cyber actors backed by Iran known as  OilRig  have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy  said  in a Friday report. The victimology of the attacks is not immediately known, although the use of decoys indicates at least one of the targets is an organization located in Saudi Arabia. Also tracked under the names APT34, Cobalt Gypsy, Hazel Sandstorm, and Helix Kitten,  OilRig  is an Iranian advanced persistent threat (APT) group that specializes in covert intelligence gathering operations to infiltrate and maintain access within targeted networks. The revelation builds on  recent findings  from NSFOCUS, which uncovered an OilRig phishing atta...

Multiple security vulnerabilities have been disclosed in the  Exim mail transfer agent  that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114  (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability CVE-2023-42115  (CVSS score: 9.8) - Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2023-42116  (CVSS score: 8.1) - Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability CVE-2023-42117  (CVSS score: 8.1) - Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability CVE-2023-42118  (CVSS score: 7.5) - Exim libspf2 Integer Underflow Remote Code Execution Vulnerability CVE-2023-42119  (CVSS score: 3.1) - Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability The most sev...

Threat actors are selling a new crypter and loader called  ASMCrypt , which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky  said  in an analysis published this week. DoubleFinger was  first documented  by the Russian cybersecurity company, detailing infection chains leveraging the malware to propagate a cryptocurrency stealer dubbed GreetingGhoul to victims in Europe, the U.S., and Latin America. ASMCrypt, once purchased and launched by the customers, is designed to establish contact with a backend service over the TOR network using hard-coded credentials, thereby enabling the buyers to build payloads of their choice for use in their campaigns. "The application creates an encrypted blob hidden inside a .PNG file," Kaspersky said. "This image mus...

The North Korea-linked  Lazarus Group  has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding challenge or quiz," ESET security researcher Peter Kálnai  said  in a technical report shared with The Hacker News. The attack is part of a long-standing spear-phishing campaign called  Operation Dream Job  that's orchestrated by the hacking crew in an attempt to lure employees working at prospective targets that are of strategic interest, enticing them with lucrative job opportunities to activate the infection chain. Earlier this March, the Slovak cybersecurity company detailed an attack wave aimed at Linux users that involved the use of bogus HSBC job offers to ...

Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight.  Today, many rely on encryption in their daily lives to protect their fundamental digital privacy and security, whether for messaging friends and family, storing files and photos, or simply browsing the web. The question experts have been asking for a long time, with their eye on the advances in quantum computing, is, "How long before these defenses fail?"  The ticking clock of quantum computing One set of researchers is already sounding the alarms,  claiming  that they've found a way to break 2048-bit RSA encryption with a quantum computer. While the claims may be premature, they hint toward a scary future that is perhaps closer than we once thought. Breaking RSA encryption would represent a massive privacy and security vulnerability for virtually every...

Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations. Introduced by Microsoft in February 2023, Bing Chat is an  interactive search experience  that's powered by OpenAI's large language model called  GPT-4 . A month later, the tech giant  began   exploring  placing ads in the conversations. But the move has also opened the doors for threat actors who resort to malvertising tactics and propagate malware. "Ads can be inserted into a Bing Chat conversation in various ways," Jérôme Segura, director of threat intelligence at Malwarebytes,  said . "One of those is when a user hovers over a link and an ad is displayed first before the organic result." In an example highli...

Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as  CVE-2023-40044 , the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw. "In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system," the company  said  in an advisory. Assetnote security researchers Shubham Shah and Sean Yeoh have been credited with discovering and reporting the vulnerability. The list of remaining flaws, impacting WS_FTP Server versions prior to 8.8.2, is as follows - CVE-2023-42657  (CVSS score: 9.9) - A directory traversal vulnerability that could be exploited to perform file operations. CVE-20...