The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it can break out of the Web Content sandbox. Apple said it resolved the issue with improved checks to prevent unauthorized actions. It also noted that it's a supplementary fix for an attack that was blocked in iOS 17.2 . Furthermore, it acknowledged that the vulnerability "may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2." However, the advisory does not mention if Apple's own security team discovered the flaw or if it was reported by an external researcher.. It also does not mentio...

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis. "More than 1,600 victims were affected during one of these campaigns which took place around December 19, 2024. This infection rate is significant considering Blind Eagle's targeted APT approach." Blind Eagle, active since at least 2018, is also tracked as AguilaCiega, APT-C-36, and APT-Q-98. It's known for its hyper-specific targeting of entities in South America, specifically Colombia and Ecuador. Attack chains orchestrated by the threat actor entail the use of social engineering tactics, often in the form of spear-phishing emails, to gain initial access to target systems and ultimately drop readily available re...

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with The Hacker News. CVE-2023-1389 is a high-severity security flaw impacting TP-Link Archer AX-21 routers that could lead to command injection, which could then pave the way for remote code execution. The earliest evidence of active exploitation of the flaw dates back to April 2023, with unidentified threat actors using it to drop Mirai botnet malware. Since then, it has also been abused to propagate other malware families like Condi and AndroxGh0st . Cato CTRL said it detected the Ballista campaign on January 10, 2025. The most recent exploitation attempt was recorded on Februa...

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV) , the essential strategy that's still missing from most security frameworks. The Danger of False Confidence Conventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the nec...

Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace. This is steganography, a cybercriminal's secret weapon for concealing malicious code inside harmless-looking files. By embedding data within images, attackers evade detection, relying on separate scripts or processes to extract and execute the hidden payload. Let's break down how this works, why it's so dangerous, and most importantly, how to stop it before it's too late. What is Steganography in Cybersecurity? Steganography is the practice of concealing data within another file or medium. Unlike encryption, which scrambles data to make it unreadable, steganography disguises malicious code inside harmless-looking images, videos, or audio files, makin...

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy infrastructure in South Asia and Africa, as well as telecommunication, consulting, IT service companies, real estate agencies, and hotels. In what appears to be a wider expansion of its victimology footprint, SideWinder has also targeted diplomatic entities in Afghanistan, Algeria, Bulgaria, China, India, the Maldives, Rwanda, Saudi Arabia, Turkey, and Uganda. The targeting of India is significant as the threat actor was previously suspected to be of Indian origin. "It is worth noting that SideWinder constantly works to improve its toolsets, stay ahead of security software detections, extend per...

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297 , has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. "Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism," the company said in an advisory released last week. "Despite client-side and back-end server verification, attackers can exploit weaknesses in its implementation. This vulnerability may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device." Successful exploitation of the shortcoming, in other words, could lead to an authentication bypass and allow an attacker to gain unauthorized access to sensitive configurations or disrupt services. The...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx CVE-2025-25181 - An SQL injection vulnerability in Advantive VeraCore that allows a remote attacker to execute arbitrary SQL commands CVE-2024-13159 - An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information CVE-2024-13160 - An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information CVE-2024-13161 - An absolute path traversal vulnerability...

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to the real extension," SquareX said in a report published last week. The harvested credentials could then be abused by the threat actors to hijack online accounts and gain unauthorized access to sensitive personal and financial information. The attack affects all Chromium-based web browsers, including Google Chrome, Microsoft Edge, Brave, Opera, and others. The approach banks on the fact that users commonly pin extensions to the browser's toolbar. In a hypothetical attack scenario, threat actors could publish a polymorphic extension to the Chrome Web Store (or any extension m...

The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. "The campaign, which leverages social media to distribute malware, is tied to the region's current geopolitical climate," Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week. "The attackers host malware in legitimate online file-sharing accounts or Telegram channels set up specially for this purpose." The campaign is estimated to have claimed approximately 900 victims since the fall 2024, the Russian cybersecurity company added, indicating its widespread nature. A majority of the victims are located in Libya, Saudi Arabia, Egypt, Turkey, the United Arab Emirates, Qatar, and Tunisia. The activity, attributed to a threat actor dubbed Desert Dexter , was discovered in February 2025. It chiefly involves creating temporary accounts and news ...

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together different security tools, hoping that multiple layers of protection will keep them safe.  But in reality, this patchwork approach often creates blind spots, making it harder—not easier—to defend against threats. To truly secure Google Workspace, businesses need a unified security strategy that offers complete protection without unnecessary complexity. The problem with most security solutions is that they only solve part of the puzzle. Point solutions, like tools that block malware or phishing attacks, might work well for a specific type of threat but fail to recognize suspicious user behavior, unauthori...