The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

With a heavy heart, security researchers have early released the details of a set of vulnerabilities discovered in email clients for two widely used email encryption standards—PGP and S/MIME—after someone leaked their paper on the Internet, which was actually scheduled for tomorrow. PGP and S/MIME are popular end-to-end encryption standards used to encrypt emails in a way that no one, not even the company, government, or cyber criminals, can spy on your communication. Before explaining how the vulnerability works, it should be noted that the flaw doesn't reside in the email encryption standards itself; instead, it affects a few email clients/plugins that incorrectly implemented the technologies. Dubbed eFail by the researchers, the vulnerabilities, as described in our previous early-warning article , could allow potential attackers to decrypt the content of your end-to-end encrypted emails in plaintext, even for messages sent in the past. According to the paper released...

A critical remote code execution vulnerability has been discovered in the popular Electron web application framework that could allow attackers to execute malicious code on victims' computers. Electron is an open source app development framework that powers thousands of widely-used desktop applications including WhatsApp, Skype, Signal, Wordpress, Slack, GitHub Desktop, Atom, Visual Studio Code, and Discord. Besides its own modules, Electron framework also allows developers to create hybrid desktop applications by integrating Chromium and Node.js framework through APIs. Since Node.js is a robust framework for server-side applications, having access to its APIs indirectly gives Electron-based apps more control over the operating system installed on the server. To prevent unauthorised or unnecessary access to Node.js APIs, Electron framework by default sets the value of "webviewTag" to false in its "webPreferences" configuration file, which then sets ...

Note— the technical details of the vulnerabilities introduced in this article has now been released, so you should also read our latest article to learn how the eFail attack works and what users can do to prevent themselves. An important warning for people using widely used email encryption tools—PGP and S/MIME—for sensitive communication. A team of European security researchers has released a warning about a set of critical vulnerabilities discovered in PGP and S/Mime encryption tools that could reveal your encrypted emails in plaintext. What's worse? The vulnerabilities also impact encrypted emails you sent in the past. PGP, or Pretty Good Privacy, is an open source end-to-end encryption standard used to encrypt emails in a way that no one, not even the company, government, or cyber criminals, can spy on your communication. S/MIME, Secure/Multipurpose Internet Mail Extensions, is an asymmetric cryptography-based technology that allows users to send digitally signed ...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Security researchers have discovered a severe vulnerability in the popular end-to-end encrypted Signal messaging app for Windows and Linux desktops which could allow remote attackers to execute malicious code on recipients system just by sending a message—without requiring any user interaction. Discovered by Alfredo Ortega, a software security consultant from Argentina, the vulnerability was announced on Twitter just a few hours ago with a proof-of-concept video, demonstrating how a javascript payload sent over Signal for desktop app successfully got executed on the recipient's system. Although technical details of the vulnerability have not been revealed as of now, the issue appears to be a remote code execution vulnerability in Signal or at least something very close to persistent cross-site scripting (XSS) which eventually could allow attackers to inject malicious code onto targeted Windows and Linux systems. "For the time being, we can only confirm the execution ...

Security of Android devices has been a nightmare since its inception, and the biggest reason being is that users don't receive latest security patch updates regularly. Precisely, it's your device manufacturer (Android OEMs) actually who takes time to roll out security patches for your devices and sometimes, even has been caught lying about security updates , telling customers that their smartphones are running the latest updates. Since Google did not have direct control over the OEM branded firmware running on billions of devices, it brought some significant changes to the Android system architecture last year with Project Treble gain more control over the update process. Although Google and device manufacturers have made some progress in the past year, the problem with the security update remains because of OEMs not delivering all patches regularly and on a timely basis, leaving parts of the Android ecosystem exposed to hackers. But here's good news—starting wi...

Luring users on social media to visit lookalike version of popular websites that pop-up a legitimate-looking Chrome extension installation window is one of the most common modus operandi of cybercriminals to spread malware. Security researchers are again warning users of a new malware campaign that has been active since at least March this year and has already infected more than 100,000 users worldwide. Dubbed Nigelthorn, the malware is rapidly spreading through socially engineered links on Facebook and infecting victims' systems with malicious browser extensions that steal their social media credentials, install cryptocurrency miners, and engage them in click fraud. The malware was pushed through at least seven different Chrome browser extensions—all were hosted on Google's official Chrome Web Store. These malicious Chrome browser extensions were first discovered by researchers at cybersecurity firm Radware, after a "well-protected network" of one of its custo...

Exploitation of Rowhammer attack just got easier. Dubbed ' Throwhammer ,' the newly discovered technique could allow attackers to launch Rowhammer attack on the targeted systems just by sending specially crafted packets to the vulnerable network cards over the local area network. Known since 2012, Rowhammer is a severe issue with recent generation dynamic random access memory (DRAM) chips in which repeatedly accessing a row of memory can cause "bit flipping" in an adjacent row, allowing anyone to change the contents of computer memory. The issue has since been exploited in a number of ways to achieve remote code execution on the vulnerable computers and servers. Just last week, security researchers detailed a proof-of-concept Rowhammer attack technique, dubbed GLitch , that leverages embedded graphics processing units (GPUs) to carry out Rowhammer attacks against Android devices. However, all previously known Rowhammer attack techniques required privilege escal...

Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use of the GPON exploit in the wild. As detailed in our previous post, Gigabit-capable Passive Optical Network (GPON) routers manufacturer by South Korea-based DASAN Zhone Solutions have been found vulnerable to an authentication bypass ( CVE-2018-10561 ) and a root-RCE ( CVE-2018-10562 ) flaws that eventually allow remote attackers to take full control of the device. Shortly after the details of the vulnerabilities went public, 360 Netlab researchers warned of threat actors exploiting both the flaws to hijack and add the vulnerable routers into their botnet malware networks. Now, the researche...

It turns out that macOS client for the popular end-to-end encrypted messaging app Signal fails to properly delete disappearing (self-destructing) messages  from the recipient's system, leaving the content of your sensitive messages at risk of getting exposed. For those unaware, the disappearing messages in Signal self-destruct after a particular duration set by the sender, leaving no trace of it on the receiver's device or Signal servers. However, security researcher Alec Muffett noticed that the messages that are supposed to be "disappearing" can still be seen—even if they are deleted from the app. Another security researcher Patrick Wardle reproduced the issue and explained that macOS makes a copy (partial for long messages) of disappearing messages in a user-readable database of macOS's Notification Center, from where they can be recovered anytime later. If you want to keep an on your incoming messages without having to check your inbox obsessively...

Shortly after Microsoft announced support for custom JavaScript functions in Excel, someone demonstrated what could possibly go wrong if this feature is abused for malicious purposes. As promised last year at Microsoft's Ignite 2017 conference, the company has now brought custom JavaScript functions to Excel to extend its capabilities for better work with data. Functions are written in JavaScript for Excel spreadsheets currently runs on various platforms, including Windows, macOS, and Excel Online, allowing developers to create their own powerful formulae. But we saw it coming: Security researcher Charles Dardaman leveraged this feature to show how easy it is to embed the infamous in-browser cryptocurrency mining script from CoinHive inside an MS Excel spreadsheet and run it in the background when opened. "In order to run Coinhive in Excel, I followed Microsoft's official documentation and just added my own function," Dardaman said . Here is an official doc...

It's time to gear up for the latest May 2018 Patch Tuesday. Microsoft has today released security patches for a total of 67 vulnerabilities, including two zero-days that have actively been exploited in the wild by cybercriminals, and two publicly disclosed bugs. In brief, Microsoft is addressing 21 vulnerabilities that are rated as critical, 42 rated important, and 4 rated as low severity. These patch updates address security flaws in Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office Exchange Server, Outlook, .NET Framework, Microsoft Hyper-V, ChakraCore, Azure IoT SDK, and more. 1) Double Kill IE 0-day Vulnerability The first zero-day vulnerability ( CVE-2018-8174 ) under active attack is a critical remote code execution vulnerability that was revealed by Chinese security firm Qihoo 360 last month and affected all supported versions of Windows operating systems. Dubbed " Double Kill " by the researchers, the vulnera...

Security researchers revealed a way around that some hacking groups have been found using in the wild to bypass a security feature of Microsoft Office 365, which is originally designed to protect users from malware and phishing attacks. Dubbed Safe Links, the feature has been included in Office 365 software as part of Microsoft's Advanced Threat Protection (ATP) solution that works by replacing all URLs in an incoming email with Microsoft-owned secure URLs. So, every time a user clicks on a link provided in an email, it first sends the user to a Microsoft owned domain, where the company immediately checks the original URL for anything suspicious. If Microsoft's scanners detect any malicious element, it then warns users about it, and if not, it redirects the user to the original link. However, researchers at cloud security company Avanan have revealed how attackers have been bypassing the Safe Links feature by using a technique called, " baseStriker attack ." ...