The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Breach confirmed in GlobalSign , SSL certificates not compromised GlobalSign said on Tuesday that the SSL certificate and key for www.globalsign.com may have been exposed after a hack on an external server in September. However, the company said that after investigating the breach it has found no evidence of rogue certificates being issued following the hack. A hacker known as " Comodohacker " compromised other certificate authorities including Comodo and DigiNotar. " I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain ," the hacker said in a Pastebin at the time. The investigation revealed that the compromise was limited to a peripheral Web server hosting the CA's website and did not affect the part of its network that deals with digital certificates. Companies use digital certificates as a cryptographic online trust technology. A stolen digital certificate can all...

Facebook Ticker partially Removed Due To Various Bugs According to a Post on Facebook Known Issues Page , Facebook has removed the ticker apparently motivated the social network to call the phenomenon a bug that's undergoing a fix. Facebook says that " Some people are seeing their ticker disappear. We are aware of this issue and are working to resolve it. ". Comments explaining that people with less active accounts won't see the feature, Because when your friends aren't doing anything on the site, the ticker would only duplicate the news feed and not scroll, so there's no point in the feature taking up part of your screen. Not even this, Last month a Brazilian (independent) Security and Behavior Research had analyzed a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent .How Facebook Ticker exposing your information and behavior without your knowledge. Meanwhile, the Known Issues on Facebook page posted that som...

Web of Trust (WOT) Wins in Court, Favors freedom of speech The world's leading safe surfing tool Web of Trust (WOT) has won the lawsuit filed against it in the United States. WOT was accused of defamation, violating rights, conspiracy and manipulating algorithms. The court of justice in Florida granted the motion to dismiss with prejudice. The case was brought up by ten companies, which are all associated to a person named Mr. Ayman El-Difrawi. The companies demanded WOT to remove ratings and comments for their numerous websites. WOT's advocacy was based on the article 230 of the Communications Decency Act, legislated in 1996 for similar cases. The article protects Internet service providers clearing them from liabilities related to content created by third parties. During the eventful case, the plaintiff changed their claims several times. The last change happened only a day before the oral hearing, when the plaintiff voluntarily dismissed some defendants and half of the clai...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Government organised 12 Chinese Hacker Groups  behind all Attacks About 12 different Chinese groups largely directed by the government there, do the bulk of the China based cyber attacks stealing critical data from U.S. companies and government agencies, according to U.S. cyber security analysts and experts. US online security companies are suggesting that it should have the right to force them to stop " by any means possible ". Sketched out by analysts who have worked with U.S. companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the U.S. to take a much harder stand against the communist giant. The report states that many of the attacks carry tell-tale signatures of particular hacking groups b...

US ,Israel or Russia , Who is Behind Stuxnet ? Initially After Symantec did a little reverse engineering on the now infamous Stuxnet worm, many started pointing the finger at the US and Israel, especially since it was concluded that the piece of malware was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating in certain nuclear facilities from Iran. Ralph Langner told a conference in California that the malicious software was designed to cripple systems that could help build an Iranian bomb.Mr Langner was one of the first researchers to show how Stuxnet could take control of industrial equipment. Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute. He told the Diplomat that the one weak point in the theory that the US and Israel hit the Iranian nuclear problem with Stuxnet is that both sides denied it when they would not have had to. Yannakogeorgos said that the Russians...

Coalition of Law Enforcement Hacked & Agents Information Leaked The Official Website of Coalition of Law Enforcement and Retail Hacked by Exphin1ty, Claiming himself from Anonymous Team. The Database has been hacked using SQL Injection on the website. Passwords, Email ID's, Address & Phone Number of Various Agents leaked by him. The attack resulted in the temporary suspension of the website Hacker Said in a pastebin Note that " The American law enforcement's inhumane treatments of occupiers has caught our attention. You have shown through these actions that you are nothing more than puppets in the hands of your government. We have seen our fellow brothers & sisters being teargassed for exercising their fundamental liberal rights, the exact ones that were bestowed upon them by their Constitution. Due to this and several other reasons we are releasing the entire member database of clearusa.org (The Coalition of Law Enforcement and Retail). An organization wh...

President of Guyana 's Website defaced by Hackers The Official Website of President of Guyana 's Website defaced by some hackers belongs to Group called " The Hackers Army " ."To the ignorant observer Israel may appear modern, vigorous and democratic largely thanks to the outrageous bias in Western media and the $$$ whom have become our leaders...now wake up!!!" The Pakistani hacker also blames the UN for creating out of Israel a country comparable to Nazi Germany. Also earlier The Hackers Army has hacked lots of high profile websites inlcuding ESET antivirus site and many more. The Disaster named hacker from the group is responsible for the Defacements . This is not the first time when Tha Disastar manages to breach the security of a site. Just yesterday he took down one of the websites used by Anonymous to spread their activist messages.

Source Code of Crypo.com Available to Download ! The Source Code of Crypo.com , One of the Famous Free Online Encryption Service is now available to download form a File sharing website . This Script will encrypt your messages using a strong encryption algorithm, and then your information will be secure for sending.  Download Here

Fully Undetectable Backdoor generator for Metasploit Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. Below you can find the modified version and a simple presentation on how it works: In order to be able to compile the generated payload we must install the following packages ; Mingw32 gcc which you can install by : root@bt:~# apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils After the installation we must move our shell-script - Vanish.sh - to default Metasploit folder  (/pentest/exploits/framework) and execute it. Recommended Seed Number = 7000 and Number of Encode = 14 . Note:  By default Script Generates Reverse TCP Payload but you can change it some modifications in Script [vanish.sh]. Virus Scan Report of Backdoor shows that its almost undetectable by most of the Antivirus programs. Download Link ...

Russian hackers hit Twitter with automated hashtags tweets Russian hackers have taken aim at Twitter in recent days to hamper communication between opposition activists as outrage against the conduct of last week's general elections grows. The pro-government messages were generated by thousands of Twitter accounts that had little activity beforehand. The hashtag is #триумфальная (Triumfalnaya), the name of the square where many protesters gathered. Maxim Goncharov, a senior threat researcher at Trend Micro, observed that " if you currently check this hash tag on twitter you'll see a flood of 5-7 identical tweets from accounts that have been inactive for month and that only had 10-20 tweets before this day. To this point those hacked accounts have already posted 10-20 more tweets in just one hour. " Brian Krebs, the author of the blog Krebs on Security, noted that the 'bot accounts he lists them here  appear to follow a single account called @master_boot , as well as following e...

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing. BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors. BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include metasploit, port sc...

The Mole - Another Automatic SQL Injection exploitation tool The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command line interface. Different commands trigger different actions. Auto-completion for commands, command arguments and database, table and columns names. Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily. Exploits SQL Injections through GET and POST methods. Developed in python 3. Video Demonstration: 1.)  Installation Guide 2.) Tutorial to Use 3.) Download Mole