The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner. This week, we dive into the hidden risks, surprising loopholes, and the clever tricks cybercriminals are using to outsmart the systems we depend on. Stay with us as we unpack what's happening behind the screen and how you can stay one step ahead. ⚡ Threat of the Week Dozens of Google Chrome Extensions Caught Stealing Sensitive Data — The challenges with securing the software supply chain reared once again after about three dozen extensions were found surreptitiously siphoning sensitive data from roughly 2.6 million devices for several months as part of two related campaigns. The compromises came to light after data loss prevention service Cyberhaven revealed that its browser extens...

In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024 ). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout players, unexpected underdogs, and relentless scorers leaving their mark on the SaaS security playing field.  As we enter 2025, security teams must prioritize SaaS security risk assessments to uncover vulnerabilities, adopt SSPM tools for continuous monitoring, and proactively defend their systems. Here are the Cyber Threat All-Stars to watch out for—the MVPs, rising stars, and master strategists who shaped the game. 1. ShinyHunters: The Most Valuable Player Playstyle: Precision Shots (Cybercriminal Organization) Biggest Wins: Snowflake, Ticketmaster and Authy Notable Drama: Exploited on...

An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices. "Disguised as a fake 'Telegram Premium' app, it is distributed through a GitHub.io-hosted phishing site that impersonates RuStore – a popular app store in the Russian Federation," Cyfirma said , describing it as a "sophisticated and multifaceted threat." "The malware employs a multi-stage infection process, starting with a dropper APK, and performs extensive surveillance activities once installed." The phishing site in question, rustore-apk.github[.]io, mimics RuStore, an app store launched by Russian tech giant VK in the country, and is designed to deliver a dropper APK file ("GetAppsRu.apk"). Once installed, the dropper acts as a delivery vehicle for the main payload, which is responsible for exfiltrating sensitive data,...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, and configuration details," the Socket research team said in an analysis. Hardhat is a development environment for Ethereum software, incorporating various components for editing, compiling, debugging and deploying smart contracts and decentralized apps (dApps). The list of identified counterfeit packages is as follows - nomicsfoundations @nomisfoundation/hardhat-configure installedpackagepublish @nomisfoundation/hardhat-config @monicfoundation/hardhat-config @nomicsfoundation/sdk-test @nomicsfoundation/hardhat-config @nomicsfoundation/web3-sdk @nomicsfoundation/sdk-...

A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei , a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405 , it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. "The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed," according to a description of the vulnerability. "This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template." Nuclei is a vulnerability scanner designed to probe modern applications, infrastructure, cloud platforms, and networks to identify security flaws. The scanning engine makes use of templates , wh...

Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google's Mandiant Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT , which had its source code publicly leaked in 2008. PLAYFULGHOST's initial access pathways include the use of phishing emails bearing code of conduct-related lures or search engine optimization (SEO) poisoning techniques to distribute trojanized versions of legitimate VPN apps like LetsVPN. "In one phishing case, the infection begins by tricking the victim into opening a malicious RAR archive disguised as an image file by using a .jpg extension," the company said . "When extracted and executed by the victim, the archive drops a malicious Windows executable, which eventually dow...

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or RedJuliett ), which was outed last year as operating an Internet of Things (IoT) botnet called Raptor Train . The hacking crew has been active since at least mid-2021, targeting various entities across North America, Europe, Africa, and across Asia. Attacks mounted by Flax Typhoon have typically leveraged known vulnerabilities to gain initial access to victims' computers and then make use of legitimate remote access software to maintain persistent access.  The Treasury Department described Chinese malicious cyber actors as one of the "most active and most persistent threats to U.S. nati...

Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and Danny Tsechansky. "The technique asks the target LLM to act as a judge scoring the harmfulness of a given response using the Likert scale , a rating scale measuring a respondent's agreement or disagreement with a statement," the Unit 42 team said . "It then asks the LLM to generate responses that contain examples that align with the scales. The example that has the highest Likert scale can potentially contain the harmful content." The explosion in popularity of artificial intelligence in recent years has also led to a new class of security exploits called prompt in...

A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (CVSS score: 9.8), a critical integer overflow flaw in the same component that could result in remote code execution. Credited with discovering and reporting both vulnerabilities is independent security researcher Yuki Chen ( @guhe120 ). The CVE-2024-49113 PoC devised by SafeBreach Labs, codenamed LDAPNightmare , is designed to crash any unpatched Windows Server "with no pre-requisites except that the DNS server of the victim DC has Internet connectivity."  Specifically, it entails sending a DCE/RPC request to the victim server, ultimately causing the Local Security Authority Su...

Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. "We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program manager on the .NET team, said in a statement last week. The move is the result of the fact that some .NET binaries and installers are hosted on Azure Content Delivery Network (CDN) domains that end in .azureedge[.]net -- dotnetcli.azureedge.net and dotnetbuilds.azureedge.net -- which are hosted on Edgio. Last month, web infrastructure and security company Akamai acquired select assets from Edgio following its bankruptcy. As part of this transition, the Edgio platform is scheduled to end service on January 15, 2025. Given that the .azureedge[.]net domains could ceas...

Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the assistant "obtained by Apple and/or were shared with third-parties as a result of an unintended Siri activation" between September 17, 2014, and December 31, 2024. Eligible individuals can submit claims for up to five Siri devices – iPhone, iPad, Apple Watch, MacBook, iMac, HomePod, iPod touch, or Apple TV – on which they claim to have experienced an accidental Siri activation during a conversation intended to be confidential or private. Class members who submit valid claims can receive $20 per device. The lawsuit was brought against Apple following a 2019 report from The Guar...