The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques for cracking passwords and how to defend against them. Brute force attack Brute force attacks are straightforward yet highly effective techniques for cracking passwords. These attacks involve malicious actors using automated tools to systematically try every possible password combination through repeated login attempts. While such tools have existed for years, the advent of affordable computing power and storage has made them even more efficient today, especially when weak passwords are used. How it works When it comes to brute force attacks, malicious actors employ a range of tactics—from simple brute force attacks that test ev...

The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat (aka DarkCrystal RAT). The Ukrainian cybersecurity authority said it observed the latest attack wave starting in mid-January 2025. The activity is designed to target the Notary of Ukraine. The infection chain leverages phishing emails that claim to be sent on behalf of the Ministry of Justice of Ukraine, urging recipients to download an executable, which, when launched, leads to the deployment of the DCRat malware. The binary is hosted in Cloudflare's R2 cloud storage service. "Having thus provided primary access to the notary's automated workplace, the attackers take measures to install additional tools, in particular, RDPWRAPPER, which implements the functionality of parallel RDP sessions, which, in combination with the use of the BORE utility...

Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in question is automslc, which has been downloaded over 104,000 times to date. First published in May 2019, it remains available on PyPI as of writing. "Although automslc, which has been downloaded over 100,000 times, purports to offer music automation and metadata retrieval, it covertly bypasses Deezer's access restrictions by embedding hardcoded credentials and communicating with an external command-and-control (C2) server," Socket security researcher Kirill Boychenko said in a report published today. Specifically, the package is designed to log into the French music streaming platform via user-supplied and hard-coded credentials, gather track-related metadata, and download full audio files in violation of Deezer's API terms. The package also periodicall...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control vulnerability in Microsoft Partner Center that allows an attacker to escalate privileges. (Fixed in November 2024 ) CVE-2023-34192 (CVSS score: 9.0) - A cross-site scripting (XSS) vulnerability in Synacor ZCS that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. (Fixed in July 2023 with version 8.8.15 Patch 40) Last year, Microsoft acknowledged that CVE-2024-49035 had been exploited in the wild, but did not reveal any additional details on how it was weaponized in real-world attacks. There are currently no public repor...

Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that's capable of infecting both Windows and Apple systems with an aim to harvest data. It was first documented in 2020, targeting users in Hong Kong. This includes Wi-Fi network information, screenshots, location, iCloud Keychain, sound recordings, photos, browser history, contacts, call history, and SMS messages, and data from various apps like Files, LINE, Mail Master, Telegram, Tencent QQ, WeChat, and WhatsApp. Late last year, ThreatFabric detailed an updated version of the malware that incorporates destructive capabilities to prevent the compromised device from booting up, alongside expanding the number of supported plugins from 12 to 28. Previous findings have also uncovered potential overlaps ...

Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader .  The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed Ghostwriter (aka Moonscape, TA445, UAC-0057, and UNC1151) since 2016. It's known to align with Russian security interests and promote narratives critical of NATO. "The campaign has been in preparation since July-August 2024 and entered the active phase in November-December 2024," SentinelOne researcher Tom Hegel said in a technical report shared with The Hacker News. "Recent malware samples and command-and-control (C2) infrastructure activity indicate that the operation remains active in recent days." The starting point of the attack chain analyzed by the cybersecurity company is a Google Drive shar...

The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments. NetSupport RAT Exploiting the ClickFix Technique In early 2025, threat actors began exploiting a technique known as ClickFix to distribute the NetSupport Remote Access Trojan (RAT).  This method involves injecting fake CAPTCHA pages into compromised websites, prompting users to execute malicious PowerShell commands that download and run the NetSupport RAT.  Once installed, this RAT grants attackers full control over the victim's system, allowing activities such as real-time screen monitoring, file manipulation, and execution of arbitrary commands. Main technical characteristics of NetSupport RAT Attackers can view and control the victim's screen in real time. Uploads, downloads, m...

A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware . "To further evade detection, the attackers deliberately generated multiple variants (with different hashes) of the 2.0.2 driver by modifying specific PE parts while keeping the signature valid," Check Point said in a new report published Monday. The cybersecurity company said the malicious activity involved thousands of first-stage malicious samples that are used to deploy a program capable of terminating endpoint detection and response (EDR) software by means of what's called a bring your own vulnerable driver ( BYOVD ) attack. As many as 2,500 distinct variants of the legacy version 2.0.2 of the vulnerable RogueKiller Antirootkit Driver, truesight.sys, have been identified on the VirusTotal platform, although the number is believed to be likely higher. The EDR-killer module...

Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub . The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky. "The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables the remote management of Bitcoin wallets and a crack tool to play the Valorant game," the Russian cybersecurity vendor said. "All of this alleged project functionality was fake, and cybercriminals behind the campaign stole personal and banking data and hijacked cryptowallet addresses from the clipboard." The malicious activity has facilitated the theft of 5 bitcoins, approximately worth $456,600 as of writing. It's believed the campaign has been ongoing for at least two years, when some of the fake projects were published. A majority of the infection attempts...

Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. "The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure," Kaspersky ICS CERT said in a Monday report. "The attackers employed a sophisticated multi-stage payload delivery framework to ensure evasion of detection." The activity has singled out government agencies and industrial organizations, particularly manufacturing, construction, information technology, telecommunications, healthcare, power and energy, and large-scale logistics and transportation, in Taiwan, Malaysia, China, Japan, Thailand, South Korea, Singapore, the Philippines, Vietnam, and Hong Kong. The lure attachments used in the email messages suggest that the phishing campaign, dubbed Operation SalmonSla...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting Adobe ColdFusion in the Apache BlazeDS library that allows for arbitrary code execution. (Fixed in April 2017 ) CVE-2024-20953 (CVSS score: 8.8) - A deserialization vulnerability impacting Oracle Agile PLM that allows a low-privileged attacker with network access via HTTP to compromise the system. (Fixed in January 2024 ) There are currently no public reports referencing the exploitation of the vulnerabilities, although another flaw impacting Oracle Agile PLM ( CVE-2024-21287 , CVSS score: 7.5) came under active abuse late last year. To mitigate the risks posed by potential attacks w...