#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

XSS Vulnerability discovered on Paypal

XSS Vulnerability discovered on Paypal

Mar 12, 2012
XSS Vulnerability discovered on Paypal Vansh and Vaibhuv two Indian Hacker found a XSS vulnerability in world famous site Paypal. Paypal is affected by an XSS vulnerability where it fails to validate input. One can add arbitrary javascript with no need for any filter evasion. This is a serious security issue, with potential implications that are only starting to be understood. However, it is critical to realize that this problem does not expose any way to break into the server itself. What it allows is for malicious attackers to potentially take control of the interaction between a user and a website. It is likely that the most serious thing that an attacker can potentially do in this situation is change how a page appears to a particular user. Also Read :  Kevin Mitnick's website open to Cross-Site Scripting ( XSS ) vulnerability
Kevin Mitnick's website open to Cross-Site Scripting ( XSS ) vulnerability

Kevin Mitnick's website open to Cross-Site Scripting ( XSS ) vulnerability

Mar 12, 2012
Kevin Mitnick 's website open to Cross-Site Scripting ( XSS ) vulnerability Cross-Site Scripting ( XSS ) vulnerability discovered in official website of Kevin Mitnick (one of the most talented hackers, and the one one most prosecuted by the state. Mitnick's hacker handle was "Condor". He became the first hacker to appear on an FBI "Most Wanted" poster, for breaking into the Digital Equipment Company computer network, Mitnick has become something of a celebrity in hacker circles due to his Hacking talent) by  Fabián Cuchietti . This is a serious security issue, with potential implications that are only starting to be understood. However, it is critical to realize that this problem does not expose any way to break into the server itself. What it allows is for malicious attackers to potentially take control of the interaction between a user and a website. It is likely that the most serious thing that an attacker can potentially do in this situation is chang...
Chinese spied on NATO officials using Facebook Friends

Chinese spied on NATO officials using Facebook Friends

Mar 12, 2012
Chinese spied on NATO officials using Facebook Friends An online scam has been exposed in which senior British military and government officials were tricked into becoming Facebook friends with someone masquerading as U.S. Admiral James Stavridis, NATO's Supreme Allied Commander and lead officer on the Libyan mission, thereby exposing their own personal information to unknown hackers. Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. Nato will not officially say who was behind the cyber-fraud or who accepted friend requests but it is understood that evidence points to Chinese state-sponsored hackers. NATO has advised senior officers and officials, including Admiral Stirvis to open their own social networking pages to prevent a repeat of such incident. the Supreme Headquarters Allied Powers Europe (Shape...
cyber security

SaaS Security Made Simple

websiteAppomniSaaS Security / SSPM
Simplify SaaS security with a vendor checklist, RFP, and expert guidance.
Beware the Hidden Risk in Your Entra Environment

Beware the Hidden Risk in Your Entra Environment

Jun 25, 2025Identity Management / Enterprise Security
If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...
[POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37

[POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37

Mar 11, 2012
Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 Ucha Gobejishvili (longrifle0x)  from The Vulnerability Laboratory Research Team  discover Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37. GOM Player (Gretech Online Movie Player) is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In this case, The vulnerability can be exploited by local or remote attackers and Vulnerable module is GomU+0x125cb7. ...
Call for Article - THN Magazine "Cyber Warfare" April Issue

Call for Article - THN Magazine "Cyber Warfare" April Issue

Mar 10, 2012
Call for Article - THN Magazine "Cyber Warfare" April Issue As we move through March Madness and the recent arrests of our cyber soldiers, it is time for all good Anons and our faithful readers to take keyboards to Word and send in your articles on the topic of CYBER WARFARE. What do you know of this unconventional method of taking down governments and corporations and what does this mean for the world at large?   Send your articles to  admin@thehackernews.com
Symantec's Norton anti-virus 2006 source code Leaked by Anonymous

Symantec's Norton anti-virus 2006 source code Leaked by Anonymous

Mar 10, 2012
Symantec's Norton anti-virus 2006 source code Leaked by Anonymous Security firm Symantec confirmed Friday that the hacker group Anonymous has just posted some of its product source code, but strongly downplays any risk, because it's old code from a 2006 version of Norton security software. Anonymous claimed to have the information for a while but they finally published it on The website Pirate Bay . The information is a source code for the Symantec Norton Antivirus 2006 edition,which includes files that serve as a source code for software products like the corporate edition, the consumer version, and files for NetWare, Windows and Unix. The download file is 1.07GB. The file has a note that asks for the liberation of the LulzSec members that were arrested. Symantec the anti-virus and Security Company previously stated that the breach will " not affect any current Norton product ". Then added: " The current version of Norton Utilities has been completely rebuilt and shares ...
'The New York Iron Works' police supplier Hacked by Anonymous

'The New York Iron Works' police supplier Hacked by Anonymous

Mar 10, 2012
' The New York Iron Works ' police supplier Hacked by Anonymous Anonymous Hackers with the Antisec movement have attacked the site of a company that sells equipment to US law enforcers such as the police. Members of Anonymous recently hacked the official site for law enforcement equipment supplier New York Iron Works . Defaced page include the message, " To our fallen brothers Your work has not been forgotten, your skills and teachings has spawn another generation of an elite squander. Like the knights at the round table, we have shared may common interests but let us not forget the game we play. AntiSec is still alive and well ,". The leaked data includes usernames, clear-text passwords and email addresses. The message posted to the New York Ironwork's homepage called the attack a " tribute to Jeremy Hammond ," the LulzSec member arrested in Chicago on Monday and one of the men responsible for the attack on the intelligence firm Stratfor on December 25 last year....
Bugtraq-I : Distribution for Pentesting and forensics

Bugtraq-I : Distribution for Pentesting and forensics

Mar 10, 2012
Bugtraq-I : Distribution for Pentesting and forensics Bugtraq system offers the most comprehensive distribution, optimal, stable and automatic security to date. Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can be installed from a Live DVD or USB drive, the distribution is customized to the last package, configured and updated the kernel. The kernel has been patched for better performance to recognize a variety of hardware, including wireless injection patches pentesting that other distributions do not recognize. Some of the special features that you can appreciate are: · Administrative improvements of the system for better management of services. · Expanded the range of recognition for injection wireless drivers. · Patching the kernel 2.6.38 to recognize 4 gigs of RAM in 32-bit. · Tools perfectly configured, automated installation scripts and tools like Nessus, OpenVAS, Greenbone, ...
Duqu Trojan developed in unknown programming language

Duqu Trojan developed in unknown programming language

Mar 08, 2012
Duqu Trojan developed in unknown programming language Researchers at Kaspersky have reached out for assistance after an investigation into the Duqu Trojan uncovered a section that is written in an unknown programming language. The Russian security company says this new information could help them discover how the worm was able to communicate with its Command and Control (C&C) servers. The C&C servers essentially tell the worm what to do once it has accessed a system. While the majority of Duqu is written in C++, the Framework was not and was not compiled with Microsoft's Visual C++ 2008. Other languages ruled out include Python, Java, Objective C, Ada and Lua." Given the size of the Duqu project, it's possible that an entirely different team was responsible for creating the Duqu Framework as opposed to the team that created the drivers and wrote the system infection exploits ," said Alexander Gostev, chief security expert at Kaspersky Lab, in a statement . The mysterious...
Albania is the most Malware infected Nation

Albania is the most Malware infected Nation

Mar 08, 2012
Albania is the most Malware infected Nation Researchers at Security firms Norman and Microsoft Analyse data from their security products that Albania is the most Malware infected Nation, with 65% of scanned computers reporting infections.  Rest Most Infected Countries are South Korea, Guatemala, Vietnam, Indonesia, Argentina, Thailand, Georgia, the Philippines, Algeria, Venezuela, Lithuania and Pakistan according to Norman Report . Where as Microsoft also shows such reports that the most common category in Albania in Second quarter of 2011 was Worms, which affected 43.7 percent of all computers cleaned in Albania, down from 44.9 percent in First quarter of 2011. The most common threat family in Albania in Second quarter of 2011  was Win32/Autorun, which affected 25.2 percent of computers cleaned in Albania. Win32/Autorun is a family of worms that spreads by copying itself to the mapped drives of an infected computer. The mapped d...
Anonymous Takedown several Vatican Websites

Anonymous Takedown several Vatican Websites

Mar 08, 2012
Anonymous Takedown several Vatican Websites The Italian Anonymous Hackers took down the Vatican's website ( Vatican.va ) on Wednesday in retaliation for the "corruption" of the Roman Catholic Church. On an Italian-language website Anonymous accused the Catholic Church of being responsible for various misdeeds throughout history including the burning of heretics during the inquisition. In their statement the group noted : " Anonymous decided today to besiege your site in response to the doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organisation spreads around the world ." " This attack is not against the Christian religion or the faithful around the world but against the corrupt Roman Apostolic Church. " Meanwhile, late on Tuesday hackers associated with LulzSec took down and defaced more than 25 websites belonging to Panda Security , claiming the security firm had been " earning money working with Law Enforcement to lu...
THE “TRUTH” SIMMERS THE POT OF SABU

THE "TRUTH" SIMMERS THE POT OF SABU

Mar 08, 2012
THE " TRUTH " SIMMERS THE POT OF SABU By:  Patti Galle, Editor  THN. As I look at my guy fawkes mask and reflect on the recent arrest of several lulzsec members, I have a wrenching feeling in my gut to tell the "truth." Gather around anonymous , lulzsec , FBI, passionate supporters, liberal haters, and people without a clue. I have something to tell you and although the truth may hurt, it is time to find that wrenching in your own gut and step up. Today all focus is on sabu and his taboo relationship with the FBI that caused the arrest of: Ryan ackroyd a.k.a. Kayla, lol, lolsoon jake davis a.k.a. Topiary, atopiary darren martyn a.k.a. Pwnsauce, raepsauce, networkkitten donncha o'cearrbhail a.k.a. Palladium Jeremy hammond a.k.a. Anarchaos, sup_g, burn, yohoho, pow As should yours, my heart goes out to these brave men and their families as they work their way through the corrupt and ill focused justice system for leading the only movement existing in our mis-shapened world...
Expert Insights Articles Videos
Cybersecurity Resources