The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Danish Government database of 1,000,000 companies private info leaked by #Antisec Anonymous Hackers upload a file on Torrent contain of the snapshot the the Danish Government database of companies. The contents of the database is currently browsable on the cvr.dk website, but the database is not available in bulk unless you purchase a license. The snapshot was obtained during the summer of 2011 by systematically harvesting data from the public parts of the cvr.dk website. The Leak Include : CVRfull.zip : Archive containing xml files with company information, including html from cvr.dk CVRCompact: As above, but without html cvr: CVR-number (8-digit unique id, last digit is a checksum) corporationtype: Integer denoting type of company incorporated: Date of registration dissolved: Date of dissolution, if dissolved industry: Code of the company main areas of business documentcontent: Html of company page from cvr.dk (minus header and footer) The other fields are...

350,000 Epson Korea customers data breached Epson Korea Co., Ltd. said that hackers had breached the personal data of its 350,000 registered customers last week. An official at the South Korean affiliate of Seiko Epson Corp. said the company has reported the case to the communications regulator. It said personal information, including phone numbers, email addresses, names and coded data of customers registered on its website had been compromised. " We are still investigating the case and tracking down the attackers, " said the official, who declined to be named. Late last month, hackers who the state-run Korea Communications Commission alleged were from China attacked the Nate Internet portal and the Cyworld blogging site, both run by SK Comms, accessing the personal information of up to 35 million users in the country's biggest cyber attack so far.

Nepal Telecommunications Authority Hacked by w3bd3f4c3r Hacker with name "w3bd3f4c3r" or "T34mT!g3R" today hack into the Nepal Telecommunications Authority website using SQL injection Vulnerability. The Vulnerability Information and screenshot is posted by hacker on pastebin : The Leaked info include the various database and tables of Nepal Telecommunications Authority website and Administrator password in Hashes as shown below:

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Skype zero day HTML/(Javascript) code injection Noptri Public Security Advisory has publised a working skype zero day vulnerability with POC for skype. Skype users need be aware of this vulnerability. Affected Software: Software: Skype <= 5.5.0.113 Affected Platforms: Windows (XP, Vista, 7) Problem Description: Skype suffers from a persistent code injection vulnerability due to a lack of input validation and output sanitization of following profile entries:     [+] home     [+] office     [+] mobile Proof of Concept: The following HTML codes can be used to trigger the described vulnerability: --- SNIP ---     [+] Home Phone Number:     <b>INJECTION HERE</b>     [+] Office Phone Number:     <center><i>INJECTION HERE</i></center>     [+] Mobile Phone Number:     <a href="#">INJECTION HERE</a> Impact: An attacker could for ...

Libya Registry & Telecom websites hacked by Electr0n A Hacker with codename " Electr0n " has deface the two Important websites of Libya. One is Domain Registry website and Other one is Telecom Website . Both sites had same deface page as shown above. You can check cache link here . Its not confirm that  Electr0n is in support of Anonymous or not, But According to Defacement page, the hack is performed for some other reason, rather than operation Libya by Anonymous.

Israel Radio is hacked by  Egyptian hacker Egyptian hacker defaced the website of  Israel Radio  , and Write a message on homepage as shown: Hi to greatest son of the bitches of the world ... This Msg From Egypt " Mother Of The World "We Never Forgot And Never Forgive Any Isrealian Bitch3Z you Started The War Attack Us 0n The borders of Egypt For Nothing Reason .. So You Have Bear Our Attacks Fuck To All Isreal ./3x!t

Idea Cellular Web Portal Hacked, Customers Info may be exposed ! Again a critical SQL Injection Vulnerability has been discovered by zSecure Team in a high profile web portal. This time it's Ideacellular web portal which compromises the entire site database. Any malicious smart black hats can create much more devastating attacks using this critical flaw such as: complete access to various database's as shown in screen-shots under proof of vulnerability which can later be misused to access various confidential information; complete database dump; possibility of uploading shell (not fully certain) and much more. Target Website :  https://www.ideacellular.com Attack Type : Hidden SQL Injection Vulnerability Database Type :   MySql 5.0.27 Alert Level : Critical Threats : Database Access, Database Dump Credit : zSecure Team     Previous Vulnerability Discolsures:  Dukascopy, Sify, TimesofMoney, Sharekhan Proof of Vulnerability : About the Company Ide...

25 Year old UK Student hacker penetrated Facebook‎ A 25 year old Brit allegedly used "considerable technical expertise" to hack into Facebook's servers. The student, from York, faces five charges, including that he "made, adapted, supplied or offered to supply" a computer program to hack into a Facebook server, Westminster magistrates' court heard. Mangham, a resident of York, was arrested by the e-Crime Unit of the Metropolitan Police in June this year; and has been charged with five offences under the Computer Misuse Act. Mangham is currently on bail, and like all accused hackers has been prohibited from accessing anything even resembling a computer. " The court feels it will be safer if there was no access to the internet which will reduce the temptation for your son to go on to Facebook ," said Judge Evans. As per Facebook, no personal information had been compromised during the hacks attempted by Mangham. The social network also added that it had been ...

PDD - Packet Dump Decode Released PDD is an open-source program created by Srivats.Packet Dump Decode (pdd) is a simple convenient GUI wrapper around the Wireshark/Ethereal tools to convert packet hexdumps into well formatted xml containing the decoded protocols and protocol contents.You need to have Wireshark installed, because PDD is only a wrapper around Wireshark. Convert hexdumps to - Tree-View (within application) Pcap file and open with Wireshark/Ethereal Text description of packet contents XML description of packet contents Download

Cross Site Scripting Vulnerability at Google Appspot The Google Appspot " ClickDesk " login page is vulnerable to Cross Site Scripting attack. Cross Site scripting attack is a critical issue in web application. When an attacker gets a user's browser to execute his/her XSS code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read (keylogging), modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. The vulnerability can easily be amplified by publicly available tools like Cross Site Scripting framework (XSSF), Cross Site Scripting harvest perl (XSS-Harvest) and so on. Proof of concept: The following proof-of concept sample will do a HTTP POST to trigger the XSS vuln...

Korean HSBC bank hacked TurkGuvenligi (TG) TurkGuvenligi (TG) Hacker Hack and deface the  Korean HSBC bank website. Mirror of Hack is also available here . Same hacker deface the Websites of Free Gary McKinnon Campaign last week.

Biggest ISP in Kuwait Qualitynet Side-Server Database Leaked AnonKuwait claim to hack the Biggest ISP in Kuwait " Qualitynet " and leaked  14MB of data in sql format  server-side database. Penetration of one of Qualitynet servers working for Ministry of Education having a database containing high school graduating students information. The server is moe.qualitynet.net . Hacker have hacked the whole server and extracted an SQL dump. Qualitynet is the biggest internet service provider in Kuwait. It owns a very big network connected to other countries in Middle East. Qualitynet shocked us all in InfoConnect exhibition when it increased the pricing of their services by 70% and it shocked us again by applying the unfair downstream cap policy. Qualitynet is one of the major factors in setting the decision of cap policy which angered people of Kuwait toward these unlawful unacceptable decisions. Qualitynet does not provide the perfect security so we encourage differen...

THC-ipv6 Toolkit – Attacking the IPV6 Protocol A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches, tools and feedback to the thc-ipv6 project. Tools Included : parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite) alive6: an effective alive scanng, which will detect all systems listening to this address dnsdict6: parallized dns ipv6 dictionary bruteforcer fake_router6: announce yourself as a router on the network, with the highest priority redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer toobig6: mtu decreaser with the same intelligence as redir6 detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan t...