The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014 , where "CL" refers to "cluster" and "CRI" stands for "criminal motivation." It's suspected that the end goal of the attacks is to obtain initial access and then sell it to other criminal actors on underground forums, making the threat actor an initial access broker (IAB). "The threat actor copies signatures from legitimate applications to forge file signatures , to disguise their toolset and mask their malicious activities," researchers Tom Fakterman and Guy Levi said . "Threat actors often spoof legitimate products for malicious purposes." The attacks are characterized by the deployment of tools like PoshC2 fo...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing vulnerability in the Redfish Host Interface of AMI MegaRAC SPx that could allow a remote attacker to take control CVE-2024-0769 (CVSS score: 5.3) - A path traversal vulnerability in D-Link DIR-859 routers that allows for privilege escalation and unauthorized control (Unpatched) CVE-2019-6693 (CVSS score: 4.2) - A hard-coded cryptographic key vulnerability in FortiOS, FortiManager and FortiAnalyzer that's used to encrypt password data in CLI configuration, potentially allowing an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data Firmwar...

Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States, with plans to bring it to other regions and languages later this year. It "uses Meta AI to privately and quickly summarize unread messages in a chat, so you can get an idea of what is happening, before reading the details in your unread messages," WhatsApp said in a post. Message Summaries is optional and is disabled by default. The Meta-owned service said users can also enable " Advanced Chat Privacy " to choose which chats can be shared for providing AI-related features. Most importantly, it's made possible by Private Processing , which WhatsApp launched back in April as a way to enable AI capabilities in a privacy-preserving manner. Private Processing is de...

New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID , potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse. First disclosed by Descope in June 2023, nOAuth refers to a weakness in how SaaS applications implement OpenID Connect ( OIDC ), which refers to an authentication layer built atop OAuth to verify a user's identity. The authentication implementation flaw essentially allows a bad actor to change the mail attribute in the Entra ID account to that of a victim's and take advantage of the app's "Log in with Microsoft" feature to hijack that account. The attack is trivial, but it also works because Entra ID permits users to have an unverified email address, opening the door to user imperson...

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543 , carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the appliance to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The shortcoming impacts the below versions - NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-47.46  NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-59.19 NetScaler ADC and NetScaler Gateway 12.1 and 13.0 (vulnerable and end-of-life) NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.236-FIPS and NDcPP "Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities," Citrix ...

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January 2025 . "The research discovered that SAP GUI input history is stored insecurely, both in the Java and Windows versions," Pathlock researcher Jonathan Stross said in a report shared with The Hacker News. SAP GUI user history allows users to access previously entered values in input fields with the goal of saving time and reducing errors. This historical information is stored locally on devices. This can include usernames, national IDs, social security numbers (SSNs), bank account numbers, and internal SAP table names. The vulnerabilities identified by Pathlock are rooted in th...

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation "carried out by Iran and its proxies." "The actors gained unauthorized access to phpMyAdmin (backend) and exfiltrated stored records," Resecurity said . "This is an example of Iran using data breaches as part of a larger anti-U.S., anti-Israel, and anti-Saudi propaganda activity in cyberspace, targeting major sports and social events." It's believed that the data is likely pulled from the Saudi Games 2024 official website and then shared on DarkForums , a cybercrime forum that has gained attention in the wake of BreachForums' repeated takedowns. The information was published by a forum user named ZeroDay...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company network," SonicWall researcher Sravan Ganachari said . "Users can upload and download files, access network drives, and use other resources as if they were on the local network." The malicious payload delivered via the rogue VPN software has been codenamed SilentRoute by Microsoft, which detected the campaign along with the network security company. SonicWall said the malware-laced NetExtender impersonates the latest version of the software (10.3.2.27) and has been found to be distributed via a fake website that has since been taken down. The installer is digitally signed by CITYLIGHT MEDIA PRIVATE LIMITED." This suggests that the campaign is targeting users searching for NetExten...

Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket , the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript libraries is below - react-plaid-sdk sumsub-node-websdk vite-plugin-next-refresh vite-plugin-purify nextjs-insight vite-plugin-svgn node-loggers react-logs reactbootstraps framer-motion-ext serverlog-dispatch mongo-errorlog next-log-patcher vite-plugin-tools pixel-percent test-topdev-logger-v1 test-topdev-logger-v3 server-log-engine logbin-nodejs vite-loader-svg struct-logger flexible-loggers beautiful-plugins chalk-config jsonpacks jsonspecific jsonsecs util-buffers blur-plugins proc-watch node-orm-mongoose prior-config use-videos lucide-node, and router-parse ...

Microsoft on Tuesday announced that it's extending Windows 10 Extended Security Updates ( ESU ) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant's upcoming October 14, 2025, deadline , when it plans to officially end support and stop providing security updates for devices running Windows 10. The desktop operating system was launched in July 2015. The Windows maker describes ESU as a "last resort option" for customers who need to run legacy Microsoft software that has reached end-of-life (EoL) status. This is meant to be a temporary solution while migrating to a newer supported platform. According to StatCounter data as of May 2025, Windows 10's market share stands at 53.19% globally, making it the most widely used version of Windows. This is followed by Windows 11 at 43%. As part of the new enrollment options announced by Microsoft, individuals can opt-...

The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said every visa application review is a "national security decision." "Effective immediately, all individuals applying for an F, M, or J nonimmigrant visa are requested to adjust the privacy settings on all of their personal social media accounts to 'public' to facilitate vetting necessary to establish their identity and admissibility to the United States," the embassy said in a post on X. Under the new rules, Indian students and others planning to pursue academia or enroll in vocational or exchange programs are mandated to ensure that their social media profiles are set to public before submitting their visa applications. A refusal to set the accounts to "public" could be g...