#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

CrySyS Duqu Detector Open source Toolkit Released

CrySyS Duqu Detector Open source Toolkit Released

Nov 10, 2011
CrySyS Duqu Detector Open source Toolkit Released Two weeks ago Researchers at the Laboratory of Cryptography and System Security (CrySyS) in Hungary confirmed the existence of the zero-day vulnerability in the Windows kernel , according to security researchers tracking the Stuxnet-like cyber-surveillance Trojan. The Laboratory of Cryptography and System Security (CrySyS) has released an open-source toolkit that can find traces of Duqu infections on computer networks.The open-source toolkit, from the Laboratory of Cryptography and System Security (CrySyS), contains signature- and heuristics-based methods that can find traces of Duqu infections where components of the malware are already removed from the system. They make a release that " The toolkit contains signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system.The intention behind the tools is to find different typ...
w3af v.1.1 - Web Application Attack and Audit Framework Released

w3af v.1.1 - Web Application Attack and Audit Framework Released

Nov 10, 2011
w3af v.1.1 - Web Application Attack and Audit Framework Released w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives. w3af is much more than a piece of software, w3af is a community that breathes Web Application Security. Change Log: * Considerably increased performance by implementing gzip encoding * Enhanced embedded bug report system using Trac's XMLRPC * Fixed hundreds of bugs * Fixed critical bug in auto-update feature * Enhanced integration with other tools (bug fixed and added more info to the file) Download Here Get Video Tutorial and Help to Use w3af here
Cross Site Scripting Vulnerability in Speed Bit Search Engine

Cross Site Scripting Vulnerability in Speed Bit Search Engine

Nov 09, 2011
Cross Site Scripting Vulnerability in Speed Bit Search Engine Debasish Mandal, A hacker from India , Found that there is a XSS through JavaScript Injection vulnerability in the Home page of Speed Bit Search Engine.The XSS filter is filtering normal html /script /iframe tags but XSS can be achieved by injecting JavaScript event "onmouseover()".Technical Description is below. Debasish have reported the vulnerability to the Speed Bit Team but haven't yet got any response from their side. Proof Of Concept: 1) Visit this URL https://search.speedbit.com/?aff=grbr" onmousemove="alert(document.cookie) 2) Bring mouse cursor over the hyperlink shown in the image and you should see a POP up box showing the browser cookies. Submitted By :  Debasish Mandal, India.
cyber security

Master SaaS AI Risk: Your Complete Governance Playbook

websiteReco AIArtificial Intelligence / SaaS Security
95% use AI, but is it secure? Master SaaS AI governance with standards-aligned frameworks.
Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them

Designing Identity for Trust at Scale—With Privacy, AI, and Seamless Logins in Mind

Jul 24, 2025
Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...
Computerized Prison doors hacked with vulnerabilities used by Stuxnet worm

Computerized Prison doors hacked with vulnerabilities used by Stuxnet worm

Nov 09, 2011
Computerized Prison doors hacked with vulnerabilities used by Stuxnet worm Security holes in the computer systems of federal prisons in the United States can effectively allow hackers to trigger a jailbreak by remote control. The discovery of the Stuxnet worm has alerted governments around the world about the possibility of industrial control systems being targeted by hackers. A team of researchers with John Strauchs, Tiffany Rad and Teague Newman presented their findings at a recent security conference. They said the project wasn't really all that difficult -- it just took a little time, some equipment bought online and a basement workspace. The idea for the research came about from work that Strauchs had done previously. " I designed a maximum security prison security system. That is, I did the engineering quite a few years ago and literally on Christmas Eve, the warden of that prison after it was occupied, called me and told me all the doors had popped open, including ...
UMP French Political Party got hacked & personal information leaked

UMP French Political Party got hacked & personal information leaked

Nov 08, 2011
UMP French Political Party got hacked & personal information leaked The personal data of several political parliamentarians, ministers, Minister of UMP French Political Party employees were released online by an unknown source. The leak contain the details of  Bernard Accoyer, Lionel Tardy, Jean Tiberi, Georges Tron, Christian Vanneste, Jean Luc Warsmann, Laurent Wauquiez, Michèle Alliot-Marie, Patrick Balkany, Jean Francois Cope, etc.. Korben  publish  that , The leak available in 4 files posted on Pastebin under the name " French Right Wing Hacked "which includes personal information on over 1000 frames of the UMP. Database Dumps: -  https://pastebin.com/kpGWv9qD -  https://pastebin.com/WG7Ffh5t -  https://pastebin.com/jWA4RkCG -  https://pastebin.com/9tcqrFBX The first four of these files reveals all the potential variables specified for each record. Status, title, date and place of birth, education, employees, telephone numbers, business ...
Anonymous Hackers hack neo-Nazis website & leak personal info of 16,000 Finns

Anonymous Hackers hack neo-Nazis website & leak personal info of 16,000 Finns

Nov 08, 2011
Anonymous Hackers hack neo-Nazis website & leak personal info of 16,000 Finns Anonymous Hackers have successfully hacked the neo-Nazi website and published the database of its 16000 membership application database containing personal data of some applicants from all around the country. The hack was motivated by an apparent desire to shame the Finnish government into improving data security. In a Statement Anonymous says " We have no tolerance for any group based on racial, sexual and religion discrimination as well as for all the people belonging to them and sharing their ideologies, which is the reason why we decided to carry out last Monday's attack. ". Authorities are investigating the security breaches, according to an online message attributed to Anonymous Finland. According to the Helsingin Sanomat, the published information seems stolen from several sources: the Work Efficiency Institute, Student Alliance Osku, WinNova Länsirannikon koulutus Ltd, and Adu...
Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw

Nov 08, 2011
Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert "Charlie Miller ". Charlie Miller gets a kick of out defeating Apple's security mechanisms, using his hacking skills to break into Macbooks and iPhones. Now, Apple has kicked the security researcher out of its iOS developer program after word got out that he built a proof-of-concept iPhone app to showcase a bypass of the code signing mechanism. Hours before, a YouTube video that Miller released went viral. In it, he demonstrated how he hijacked an iPhone to run malicious code after installing his Instastock app, which was admitted into the App Store in September. According to the report, Miller plans to reveal the issue in a presentation at the SysCan security conference in Taiwan next week. As...
The Hacker News arrived on Google+ Pages

The Hacker News arrived on Google+ Pages

Nov 07, 2011
The Hacker News arrived on Google+ Pages Google has finally added Google+ Pages feature in their social network which allow brands, products, companies, businesses, places, groups, and everyone else to establish a presence on the service. We've gone ahead and set up our very own ' The Hacker News ' Google+ page for all of our Readers . How you can help us to Grow Us ? Use " Share This Page " button available below the profile picture to share THN page with your friends and Family.  Add THN in your Circle Now  ! Find Us on: Twitter Facebook Page
International Foreign Government E-Mails Hacked by TeaMp0isoN

International Foreign Government E-Mails Hacked by TeaMp0isoN

Nov 07, 2011
International Foreign Government  E-Mails Hacked by TeaMp0isoN TeaMp0isoN group of hackers claim to hack more than 150 Email Id's of International Foreign Governments. They Release the Email List with Password on Pastebin note . Hex000101 Hacker, A member of TeaMp0isoN team got these Login credentials from various Government sites after hacking their databases such as armynet.mod.uk and website of Parliament of Australia (aph.gov.au) .
China is the birth place for most of malicious Android apps

China is the birth place for most of malicious Android apps

Nov 07, 2011
China is the birth place for most of malicious Android apps Mobile malware is rising, and there have been explosions in the world of viruses and Trojans. Virus makers are now targeting mobile platforms- thanks to their growing popularity. If we take the statistics from last 6 months, the chances of Android smart phones to be infected have doubled. A new report by TrendMicro says that " China is the birth place for most of malicious Android applications " . Even Android OS is also becoming more and more popular in China. This growth of Android users in China, however, seems to do little for the rocky relationship between Google and the Chinese government. It has been reported that access to the Google Android Market has been intermittent since 2009. According to a Report by TrendMicro, The inconvenience in accessing the Android Market, one not experienced by users from other countries, can be considered a big factor in the Chinese users' preference in terms of where to dow...
Brazil ISP servers under Massive DNS poisoning attacks

Brazil ISP servers under Massive DNS poisoning attacks

Nov 07, 2011
Brazil ISP servers under Massive DNS poisoning attacks Kaspersky Lab expert Fabio Assolini Report that A massive DNS cache poisoning attack attempting to infect users trying to access popular websites is currently under way in Brazil. Several large ISPs in the highly connected country have been affected by the attack, and police have made at least one arrest in connection with the operation. Attackers have been able to poison the DNS cache records for several major Web sites at some large ISPs. Last week Brazil's web forums were alive with desperate cries for help from users who faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened. It asks the customer to download and install the so-called " Google Defence " software required to use the search engine. In reality, though, this ...
Sqlninja 0.2.6 is now available

Sqlninja 0.2.6 is now available

Nov 07, 2011
Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network.  Here's what it does: Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode) Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental) Privilege escalation to sysadmin group if 'sa' password has been found Creation of a custom xp_cmdshell if the original one has been removed Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed) TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port th...
Anonymous attack on Israeli government & security services websites

Anonymous attack on Israeli government & security services websites

Nov 06, 2011
Anonymous attack on Israeli government  & security services websites Several Israeli government websites crashed on Sunday in what appeared to be a cyber-attack by Anonymous hackers. The websites of the IDF, Mossad and the Shin Bet security services were among the sites that went down, as well as several government portals and ministries.The Israeli army and intelligence agencies' websites were offline. In a video that was uploaded to YouTube, Anonymous warns that if the siege on Gaza is maintained, it will have no choice but to go on the attack.. " Your actions are illegal, against democracy, human rights, international, and maritime laws ," the statement addressed to the government of Israel and posted on Youtube and Anonymous-affiliated sites said. " Justifying war, murder, illegal interception, and pirate-like activities under an illegal cover of defense will not go unnoticed by us or the people of the world. " " If you continue blocking human...
Expert Insights Articles Videos
Cybersecurity Resources
//]]>