The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A new exploit for IE9 bypasses all security measures in even the latest fully patched version of Windows 7, according to a French security company Vupen. The exploit uses an unpatched zero-day vulnerability in Internet Explorer 9 and bypasses all the extra security measures of Windows 7. The latest version of Microsoft's operating system, fully up-to-date with service pack 1 (SP1), is vulnerable. The security hole was reported by the French security company Vupen, that previously discovered an IE8 vulnerability in December of last year. Vupen classifies the exploit for IE9 as reliable, which means it's an effective way for cyber attackers to run malicious code of their choosing on Windows 7 PCs. The exploit manages to break through Windows' additional security layers, such as ASLR, DEP and the sandbox (Protected Mode) in IE9. "The exploit uses two distinct vulnerabilities. The first one allows execution of arbitrary code within the IE9 sandbox. The second one allo...

Google Fixing the little things ! Ever since I joined the Gmail team, my friends have been eager to tell me, " I love Gmail ! Except for this one thing... " And every day, Gmail users share their "one thing" that would make Gmail better for them through our  suggestions page . While we enjoy creating new solutions to old problems with features like  Priority Inbox , those little annoyances and missing pieces are important, too. Recently, we've rolled out several small tweaks to Gmail to show it a little extra love.   Here's a rundown: Auto-save contacts setting : Most people like that Gmail automatically saves every email address you send messages to; it can help recover forgotten addresses of former teachers, bosses, and people you contacted once but never thought you'd need to contact again. For some people, though, this feature can cause too much  contacts clutter . Today, we're rolling out a new setting to let you turn off the auto-save option. Yo...

PIZZA HUT Sql vulnerability by Srinivas Kj Vunl Site :  https://pizzahut.co.in/

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Progenic.com down with Social Engineering by Saken & Josh of TeamDX ! Method: Social Engineering via LiveChat + Phone + Support Ticket System How: They had a SSN + DOB posted on their forum, Saken & Josh of TeamDX simply played the role of the person that the identity was stolen from, their domain registar which was located in the United States then decided that enough was enough but to shut them off. Remember: Saken & Josh of TeamDX may not be able to get into your server/website, but Saken & Josh of TeamDX sure know the backdoor, your un-secure registars who are easily manipulative. Saken & Josh of TeamDX could of gotten into your box, but Saken & Josh of TeamDX decided to lul about the domain going bye bye.

GNOME 3.0 Released , Available for Download ! GNOME 3.0 is a major milestone in the history of the GNOME Project. The release introduces an exciting new desktop which has been designed for today's users and which is suited to a range of modern computing devices. GNOME's developer technologies have been substantially improved for 3.0. Modernized and streamlined, they will enable developers to provide better user experiences with less time and effort. And GNOME 3.0 comes with the same GNOME applications that users know and trust, many of which have received significant enhancements. Download Now :  https://gnome3.org/tryit.html

Hydra v6.2 with a password bruteforcing mode, xmpp and irc modules, MD5/SHA1/ Support ! A very fast network logon cracker which support many different services. Have a look at the feature sets and services coverage page - including a speed comparison against ncrack and medusa! CHANGELOG for 6.2 * Added a patch by Jan Dlabal which adds password generation bruteforcing (no more password files :-) ) * New module: XMPP with TLS negotiation and LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1 support * New module: IRC is not dead ! use to find general server password and /oper credential * Added man pages from debian maintainers * Add support for new syntax: :// [: ][/ ] * Add TLS support for SIP * Add SCRAM-SHA1 auth to IMAP module * Add module usage help (-U) * Add support for RFC 4013: Internationalized Strings in SASL ("SASLPrep") * Add SASL + TLS support for NNTP * Add su...

Hackers steal Dell 1000's customer information ! The personal information of thousands of Australians has been stolen by hackers who raided a US-based database company, in what some experts are calling the biggest data theft in US hist ory. Dell Australia says customer data was "exposed" by an unauthorised entry into the computer system of email service provider Epsilon. The information includes the names and email addresses of Dell Australia's customers. In a statement, Dell assured its customers that credit card, banking and other personally-identifiable information was not at risk and remained secure. Australian Privacy Commissioner Timothy Pilgrim says Dell has informed him of the data breach. "Dell Australia have also advised all of its customers affected by the data breach and have set up an advice service that those customers can use to obtain further information if needed," he said in a statement. Mr Pilgrim has launched an investigati...

Computer hackers embody classic Christian virtues, a Vatican publication says, and shouldn't be perceived negatively. In their passionate commitment to creating, and their openness to sharing ideas, hackers see their online exploits as "a form of participation in the 'work' of God in creation," Jesuit priest Father Antonio Spadaro wrote in the Vatican magazine Civilta Cattolica, Network World reported. Citing the "joyful application of intelligence to problem solving" they demonstrate, and their ingrained rejection of competition, profit and authority, Spadaro said hackers are aligned with the teachings of Christianity. "Under fire are control, competition, property," Spadaro said. It's a mindset, he said, that has "a clear theological origin." (However, citing technology writer Eric S. Raymond, Spadaro said hackers shouldn't be confused with "crackers"— the former builds things and the latter breaks them, Raymond wrote.) A small and ironic wrinkle in the godly hacker theory exis...

Hackers have broken into The Hartford insurance company and installed password-stealing programs on several of the company's Windows servers. In a warning letter sent last month to about 300 employees, contractors, and a handful of customers, the company said it discovered the infection in late February. Several servers were hit, including Citrix servers used by employees for remote access to IT systems. A copy of The Hartford's letter was posted earlier this week to the website of the Office of the New Hampshire Attorney General :  https://doj.nh.gov/consumer/pdf/hartford2.pdf "It was a very small incident," said Debora Raymond, a company spokeswoman. The victims were mostly company employees. Less than 10 customers were affected by the malware, the W32-Qakbot Trojan, she said. Qakbot has been around for about two years. Once installed it spreads from computer to computer in the network, taking steps to cover its tracks as it logs sensitive data and opens up back...

Hackers behind what computer security experts believe could be the biggest data theft in US history may be planning to sell the information to cyber criminals for targeted scams. And while the tens of millions of names and email addresses swiped from online marketing firm Epsilon do not appear to have been used yet for cyber crime, the experts said it may just be a matter of time. Major US banks, hotels, retail outlets and other companies have been warning customers to be wary of fraudulent emails after Epsilon acknowledged last week that hackers had gained access to the Texas-based company's email system. Epsilon, which provides email services for some 2,500 companies around the world, has said that customer data for about two per cent of its total clients was exposed in what it called an "unauthorized entry." Epsilon, which sends out over 40 billion emails a year, did not identify the firms whose customers' names and email addresses were taken but dozens of ...

Microsoft is sorry, quite sorry indeed, that so many Windows Phone 7 owners have yet to receive the NoDo update for their handset. In a weekly written update today, the Windows Phone 7 team expressed sympathy to owners frustrated over the lag in receiving the update: "You want the latest technology and you're tired of waiting. Believe me, [we] get it." But the company also took time to warn against using any sort of workaround or hack to get the update ahead of schedule, saying that Microsoft has yet to fully test the 3rd party methods, and that they could lead to problems stretching from minor glitches to voided warranties. The usual, in other words, for phone hacking. But Microsoft was not all frowns and apologies today, it also had promises. In the same post the company stated that Europeans on O2 and SFR were moving along in the update queue, and that users should be patient just a "bit longer" in waiting for the official update to trickle down. Comments on the story have so...

François Dupoux has released an updated version of SystemRescueCd, a Gentoo-based live CD containing a collection of utilities for disk management and data rescue tasks. What's new in version 2.1.0? "Updated standard kernels to 2.6.35.12 (long-term kernel: rescuecd + rescue64); alternative kernels re-based on linux-2.6.38.2 (most recent kernel); patched alternative kernels with loop-aes-3.6b (encrypt disks using AES); updated Testdisk to 6.11.3 (checks and undeletes partitions + PhotoRec); updated hdparm to 9.36 (utility to change hard drive parameters); updated the Xfce desktop environment to new major version 4.8; updated gDisk to 0.7.1 (the package has been renamed gptfdisk); 32-bit kernels (rescuecd + altker32) compiled for i586 instead of i686." Change log.  Updated standard kernels to 2.6.35.12 (long-term kernel: rescuecd + rescue64) Alternative kernels rebased on linux-2.6.38.2 (most recent kernel) Patched alternative kernels with loop-aes-3.6b (encrypt d...