The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

We are pleased to announce the release of version 1.4 (yes 1.3 squeaked by without a blog post) of the Open Pentest Bookmarks Collection. They have added a  large  amount of community submissions, with the addition of  several new sections.  They have also moved around some of the bookmarks to better organize everything.  The new wiki entry should be a mirror of the file. To submit to the project, please use the wikipage at  https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList / and post in the comments section. To download the file for import straight into Firefox or Chrome go here:  https://code.google.com/p/pentest-bookmarks/downloads/list

Google on Thursday patched six vulnerabilities in Chrome, and as usual, silently updated users' copies of the browser. The update to Chrome 10.0.648.204 also included two more blacklisted SSL certificates that may be related to last week's theft of nine digital certificates from a Comodo reseller. All six bugs were rated "high," Google's second-most-serious ranking in its threat scoring system. Of the half-dozen bugs, two were "use after free" flaws -- a type of memory management bug that can be exploited to inject attack code -- while a second pair were pegged by Google as "stale pointer" vulnerabilities, another kind of memory allocation flaw. As is Google's practice, the company locked down its bug-tracking database, blocking access to the technical details of the patched vulnerabilities. Google usually unlocks the bug entries several weeks, sometimes months later, to give users time to update before the information goes public. G...

Nasa HaCkeD By The 077 & DinelSon Tunisian HaCker Hacked link by The 077 :  https://blogs.nasa.gov/cm/resource/1015442 Hacked link by DinelSon :  https://blogs.nasa.gov/cm/resource/1015440

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

Delhi University 's & Pakistani.pk  site is vuln to XSS ! angel (4d0r4b13) Found Xss cross site scripting vulnerability in Delhi University Website, as shown. vulnerable Link :  : https://du.ac.in/index. php?id=276&sitesearch=du.ac. in&client=pub- 017673838153185424638% 3Aoxnjzwaqtce&cof=FORID%3A10& ie=UTF-8&q=%22%3E%3Cscript% 3Ealert%28%22Vuln+found+by+ 4ng31+4k4+4d0r4b13..!+angelws+ here..!+enjoy....!+delhi+ university..!+hehe..!+%3D%29+% 3D%29+%3B%29+%22%29%3C% 2Fscript%3E and  https://pakistani.pk/?s=%22%3E%3Cscript%3Ealert%28%22angel%20w45%20here..!%20heheheh%20pakistani.pk%20vuln%20to%20xss%20yup%20it%20is//!%20greets:Indian%20r00ting%20w1z4rd5..!%20vuln%20found%20n%20executed%20by%20angel%204k4%204d0r4b13%22%29%3C/script%3E

Anonymous Open Letter to Citizens of United States of America ! Just Now another Open Letter by Anonymous hackers released on Twitter m as below : Dear US Citizens,                           We, Anonymous, would like to offer you, America, the opportunity to join and support our movement.We are a group that formed on the internet--one that knows no constructs or absolutes, and one that has recently grown exponentially. We would like to introduce an Operation. An Operation that involves Americans getting our Natural Rights and dreams back. Right now, you can help by passing on the Information. Information is Power. Share the Power of the Information with other like-minded individuals. The more people we represent, the more Power we have, both as individuals and as Anonymous. Thank you for your time and your Power.                    ...

Hackers hack into TripAdvisor 's members Database ! Travel site TripAdvisor has warned subscribers to expect more spam following the theft of its member database. The travel review and information website said that an unspecified vulnerability allowed miscreants to make off with a portion of its email database. TripAdvisor does not collect members' credit card or financial information, and no passwords were obtained as a result of the breach. TripAdvisor has promised to tighten up its security in the wake of the incident, which is under investigation internally. The US-based website, which serves an international client base, has also reported the matter to police. Subscribers were notified of the breach by email, a copy of which was passed onto El Reg.. The incident comes days after ne'er-do-wells got their hands on the Play.com email list, sending targets links to a supposed Adobe software update that actually served up malware. Play.com blamed the incident on it...

XSS vulnerable on dmoz.org ! https://www.dmoz.org/search?q=%3Cimg%20src=%22https://lh4.ggpht.com/_bCYQxIvMQ2U/TRG6cWyFNjI/AAAAAAAAAW8/ZEHFUPXBmLk/hackernews.jpg%22/%3E View the compromised page

Iran has tricked a web firm into issuing fake security certificates for Gmail, Skype, Hotmail and more. Comodo Group, a US-based certificate authority firm with 15% of the market, admitted that one of its affiliate's accounts in Southern Europe had been hacked, letting the attackers create fake SSL security certificates for six websites. Such digital keys let websites offer secure services, and fake versions could be used to spoof sites, gather login details and watch user activity. The fake certificates target Microsoft's Live platform, Gmail and Google, Skype, Yahoo, and Mozilla Firefox extensions. The attack was quickly discovered, with the attacker still using the account when it was shut down. Comodo's CEO Melih Abdulhayogl said the attack appeared to originate in Iran, as it would have required access to the country's DNS infrastructure. "We believe these are politically motivated, state-driven/funded attacks," he said in a blog post, adding it wa...

There's confusion tonight as to whether international cyber vandals have tried to hack websites run by the Department of Internal Affairs. A group called Anonymous has threatened to attack internal affairs because it operates a filter that identifies child porn websites - which the cyber activists believe is an act of censorship. They use YouTube to threaten - and now it's New Zealand's turn. "On March 28, at approximately 5pm Eastern Standard Time, a series of coordinated anonymous server attacks will be carried out on the New Zealand Department of Internal Affairs website," says their video. March 28 is next Monday, but since Tuesday this week the Internal Affairs website has been frequently off line, and the Civil Defence website has had to move to a temporary server. But it might not be an Anonymous attack. "Usually when they take a site down they will leave a message up saying 'we've done this' and why and how long it will go on for," says Technology Writer Dylan ...

EC-Council Computer Hacking Forensics Investigator (CHFI) First Look Training ! Join this live online training led by EC-Council lead trainer Kevin Cardwell, as he shares with you some of the interesting topics from EC-Council Computer Hacking Forensics Investigator (CHFI) program. In this session, Kevin will be covering the following modules: Module 26: Network Forensics & Investigating Logs Module 27: Investigating Network Traffic Module 28: Router Forensics In this 3 hours online training session, you will be introduced to network forensics, you will learn how normal network traffic patterns look during protocol analysis, and you will get to see indications of attack attempts that are typically encountered when analyzing network traffic from a cybercrime event. This training session will conclude with an introduction to router forensics, an area that is often overlooked as a potential source of evidence, and Kevin will share and show why forensics investigat...

Email & Bank Account of DIRECTOR,Indian Ministry of Communications & IT Hacked by Zcompany Hacking Crew !  Last Night (24 March,2011) we (The Hacker News) got an email from id of Amar Singh Meena ,DIRECTOR (T)TEC, Ministry of Communications & IT. But this email was sent by a Hacker from his email id having codename " Hard Hunter " from  Zcompany Hacking Crew . Zcompany Hacking Crew or ZHC Hack for reason to raise awareness of the issues in the world with a main focus on Kashmir & Palestine. Now they have access to Personal Email ID of Mr. Amar Singh Meena and also have his ICICI Bank details.  Even Today 1389 Indian websites defaced/Hacked By ZCompany Hacking Crew & TeaMp0isoN : Read Here How ZHC hack into Email : Hard Hunter [ZHC] had a access to a Online Store where he found email of Amar Singh, they hack logged into his email and then went for his ICICI details. Message From ZHC : As in above image, The email send us (The Ha...

1389 Indian websites defaced By ZCompany Hacking Crew & TeaMp0isoN Hacked Sites List :  https://pastebin.com/ji5AsDgY Note :  Some sites have been restored & some may have 404 errors, but all sites were mirrored, if a site wasent mirrored it means the site was already hacked in the past by someone else. News Source : ZCompany Hacking Crew & TeaMp0isoN