The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Ransomware doesn't hit all at once—it slowly floods your defenses in stages. Like a ship subsumed with water, the attack starts quietly, below the surface, with subtle warning signs that are easy to miss. By the time encryption starts, it's too late to stop the flood.  Each stage of a ransomware attack offers a small window to detect and stop the threat before it's too late. The problem is most organizations aren't monitoring for early warning signs - allowing attackers to quietly disable backups, escalate privileges, and evade detection until encryption locks everything down. By the time the ransomware note appears, your opportunities are gone.  Let's unpack the stages of a ransomware attack, how to stay resilient amidst constantly morphing indicators of compromise (IOCs), and why constant validation of your defense is a must to stay resilient. The Three Stages of a Ransomware Attack - and How to Detect It Ransomware attacks don't happen instantly. Attackers follow a st...

Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service ( Cloud KMS ) for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers. The feature, currently in preview, coexists with the National Institute of Standards and Technology's (NIST) post-quantum cryptography (PQC) standards, the final versions of which were formalized in August 2024. "Our Cloud KMS PQC roadmap includes support for the NIST post-quantum cryptography standards (FIPS 203, FIPS 204, FIPS 205, and future standards), in both software (Cloud KMS) and hardware (Cloud HSM)," the company's cloud division noted . "This can help customers perform quantum-safe key import and key exchange, encryption and decryption operations, and digital signature creation." The tech giant said its underlying software implementations of these standards – FIPS 203 (aka ML-KEM), FIPS 204 ...

Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns. "After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc. products and web services by Australian Government entities poses an unacceptable security risk to Australian Government, networks and data, arising from threats of foreign interference, espionage and sabotage," Stephanie Foster PSM, the Secretary of the Department of Home Affairs, said . "I have also considered the important need for a strong policy signal to critical infrastructure and other Australian governments regarding the unacceptable security risk associated with the use of Kaspersky Lab, Inc. products and web services." Foster further pointed out that entities are responsible for managing the risks arising from Kaspersky's extensive collection of user data and exposure of that data to extrajudicial di...

Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.5 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. "The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic," Bybit said in a post on X. "As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address." In a separate statement posted on the social media platform, Bybit's CEO Ben Zhou emphasized that all other cold wallets are secure. The company further said it has reported the case to the appropriate authorities. While there is no official conf...

OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool. The social media listening tool is said to likely originate from China and is powered by one of Meta's Llama models , with the accounts in question using the AI company's models to generate detailed descriptions and analyze documents for an apparatus capable of collecting real-time data and reports about anti-China protests in the West and sharing the insights with Chinese authorities. The campaign has been codenamed Peer Review owing to the "network's behavior in promoting and reviewing surveillance tooling," researchers Ben Nimmo, Albert Zhang, Matthew Richard, and Nathaniel Hartley noted, adding the tool is designed to ingest and analyze posts and comments from platforms such as X, Facebook, YouTube, Instagram, Telegram, and Reddit. In one instance flagged by the company, the actors used ChatG...

Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys used to unlock data stored in its cloud. This includes iCloud Backup, Photos, Notes, Reminders, Safari Bookmarks, voice memos, and data associated with its own apps. "We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy," the company was quoted as saying to Bloomberg. "ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices." Customers who are already using ADP ...

An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it's also providing "boutique" solutions in order to align with government initiatives and intelligence requirements, SentinelOne researchers Alex Delamotte and Aleksandar Milenkoski said in a report shared with The Hacker News. The data leak contains infrastructure details and work logs from employees, as well as references to web content monitoring services used to enforce censorship for public and private sector customers. It's believed that the company provided bespoke monitoring services to a state-owned enterprise hit by a corruption scandal, indicating that such platforms are being used to monitor and control public...

The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale. The latest iteration of the phishing suite "represents a significant shift in criminal capabilities, reducing the barrier to entry for bad actors to target any brand with complex, customizable phishing campaigns," Netcraft said in a new analysis. The cybersecurity company said it has detected and blocked more than 95,000 new Darcula phishing domains, nearly 31,000 IP addresses, and taken down more than 20,000 fraudulent websites since it was first exposed in late March 2024. The biggest change incorporated into Darcula is the ability for any user to generate a phishing kit for any brand in an on-demand fashion. "The new and remastered v...

In today's rapidly evolving digital landscape, weak identity security isn't just a flaw—it's a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into expensive liabilities. Join us for " Building Resilient Identity: Reducing Security Debt in 2025 " and discover smart, actionable strategies to protect your business against modern cyber threats. This webinar offers you a chance to cut through the complexity of identity security with clear, practical solutions. Our seasoned experts will show you how to detect risks early, optimize your resources, and upgrade your systems to stay ahead of emerging threats. What You'll Learn: Spot Hidden Risks: Uncover how weaknesses in identity security can lead to significant breaches and extra costs. Step-by-Step Solutions: Follo...

Wherever there's been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More recently, see how different newspapers report on wars, where it's said, 'The first casualty is the truth.'  While these forms of communication could shape people's beliefs, they also carry limitations around scalability. Any messaging and propaganda would often lose its power after traveling a certain distance. Of course, with social media and the online world there are few physical limits on reach, apart from where someone's internet connection drops. Add in the rise of AI, and there's also nothing to stop the scalability either.  This article explores what this means for societies and organizations facing AI-powered information manipulation and deception. The rise of the echo chamber According to the Pew R...

Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171 , and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple vendors for extended periods, maintaining access in one instance for over three years," Cisco Talos said , describing the hackers as highly sophisticated and well-funded. "The long timeline of this campaign suggests a high degree of coordination, planning, and patience — standard hallmarks of advanced persistent threat (APT) and state-sponsored actors." The networking equipment major said it found no evidence that other known security bugs have been weaponized by the hacking crew, contrary to a recent report from Recorded Future that revealed exploitation attempts inv...