#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

VPN provider 'Proxy.sh' sniffed the traffic of US based server to Catch Hackers

VPN provider 'Proxy.sh' sniffed the traffic of US based server to Catch Hackers

Sep 30, 2013
The very first question we always try to figure before choosing a trusted VPN service - Can't a VPN provider just look at my traffic all they want and see what I'm doing? Well, a reputated  VPN provider today answers the Question and admitted that they sniffed the traffic on one of its United States-based servers in order to catch an alleged hacker. Proxy.sh , a quality VPN service with no-logging policy, made a surprise announcement : " We are unfortunate to announce that there have been abuses complaints about hacking activities on our U.S. Illinois 1 node. We have been saddened to learn that these actions were harmful to individuals (human beings). As a result, we will open this node again and monitor it with Wireshark for a period of 7 days. Torrentfreak  noticed that there was no mention of any legal process, court order, police action or other similar outside influence compelling Proxy. sh to do so. The monitoring was triggered after Proxy....
US news agency GlobalPost's twitter and website hacked by Syrian Electronic Army

US news agency GlobalPost's twitter and website hacked by Syrian Electronic Army

Sep 30, 2013
In a series of high profile hacks, ' Syrian Electronic Army (SEA) ' just a few minutes before took control twitter account and website of ' GlobalPost ', a US based news agency. 'Syrian Electronic Army is an organized hacking group loyal to the Syrian President Bashar al-Assad and known for their high profile cyber attacks. The hacker posted two tweets from the victim's account, saying " Think twice before you publish untrusted information about Syrian Electronic Army " and " This time we hacked your website and your Twitter account, the next time you will start searching for new job :) " (as shown in the screenshot). GlobalPost's Deputy Social Media and News Desk Editor 'Kyle Kim' also tweeted that " We've been hacked ". At this point it is unclear that How group managed to access the website and twitter account. We are connecting to the hackers for further information, stay tuned to the page f...
Another iPhone lockscreen bypass vulnerability found in iOS 7.02

Another iPhone lockscreen bypass vulnerability found in iOS 7.02

Sep 30, 2013
Here we go again! Earlier this week, Apple released iOS 7.0.2 just to fix some Lockscreen bugs in iOS 7 and but a researcher has found a new Lockscreen bug in new iOS 7.0.2. This new Lockscreen bug is found by Dany Lisiansky , and he uploaded a proof of concept video on YouTube with the complete step by step guide. Unlike the previous bugs it will not expose your Email, Photos, Facebook and Twitter but allows attackers to access your phone call history, voicemails and entire list of contacts. A step by step guide released by iDownloadblog : Make a phone call (with Siri / Voice Control) Click the FaceTime button When the FaceTime App appears, click the Sleep button Unlock the iPhone Answer and End the FaceTime call at the other end Wait a few seconds Done. You are now in the phone app Video demonstration  It would be easy for someone who knows you or your love partner or your business partner to obtain your phone and call themselve...
cyber security

Master SaaS AI Risk: Your Complete Governance Playbook

websiteReco AIArtificial Intelligence / SaaS Security
95% use AI, but is it secure? Master SaaS AI governance with standards-aligned frameworks.
Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them

Designing Identity for Trust at Scale—With Privacy, AI, and Seamless Logins in Mind

Jul 24, 2025
Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...
Iranian Hackers infiltrated US Navy computers

Iranian Hackers infiltrated US Navy computers

Sep 30, 2013
The Wall Street Journal reported that Iranian hackers have successfully penetrated unclassified US Navy computers , the allegations were made by US officials that consider the attacks a serious intrusion within the Government network. " The U.S. Officials said the attacks were carried out by hackers working for Iran's government or by a group acting with the approval of Iranian leaders. The most recent incident came in the week starting Sept. 15, before a security upgrade, the officials said. Iranian officials didn't respond to requests to comment." US officials revealed that a group of Iranian state-sponsored hackers have repeatedly violated US Navy computer systems for cyber espionage purpose, despite no sensitive information has been leaked the event is considered very concerning. US Intelligence fears that such attacks could expose confidential information like the blueprints of a new cyber weapon. US officials added that Congress has been bri...
Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints

Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints

Sep 29, 2013
The Iranian group defeated the very basic phenomenon of an iPhone Fingerprinting scanner, which allows them to unlock an iPhone device with multiple Fingerprints. Apple's iPhone 5s , was launched just available in stores two weeks before with a new feature of biometrics-based security system called " Touch ID ", that involves analyzing a user's fingerprint and using that to unlock the phone. Apple launched the technology that it promises will better protect devices from criminals and snoopers seeking access. With this you can purchase things from the iTunes App Store. Basically, you can now use it in place of your password. " Fingerprint is one of the best passcodes in the world. It's always with you, and no two are exactly alike, " according to the Apple's website. Last week Germany Hackers showed that how they were able to deceive Apple's latest security feature into believing they're someone they're not, using a well-honed technique for...
Chinese APT Espionage campaign, dubbed 'Icefog' targeted Military contractors and Governments

Chinese APT Espionage campaign, dubbed 'Icefog' targeted Military contractors and Governments

Sep 27, 2013
Kaspersky Lab has identified another Chinese APT campaign , dubbed ' Icefog ', who targeted Governmental institutions, Military contractors, maritime / shipbuilding groups, telecom operators, industrial and high technology companies and mass media. The Hacking group behind the attack who carry out surgical hit and run operations , is an advanced persistent threat (APT) group, used a backdoor dubbed Icefog that worked across Windows and Mac OS X to gain access to systems. " The Mac OS X backdoor currently remains largely undetected by security solutions and has managed to infect several hundred victims worldwide ," the report  (PDF) said. This China-based campaign is almost two years old and follows the pattern of similar APT-style attacks where victims are compromised via a malicious attachment in a spear-phishing email, or are lured to a compromised website and infected with malware . The attackers embed exploits for several known vulnerabilities (CV...
16-Year-Old Teenager arrested for World's biggest cyber attack ever

16-Year-Old Teenager arrested for World's biggest cyber attack ever

Sep 27, 2013
16-Year-Old Teenager has been arrested over his alleged involvement in the World's biggest largest DDoS attacks against the Dutch anti-spam group Spamhaus . The teenager, whose name is unknown at this point, was arrested by British police in April, but details of his arrest were just leaked to the British press on Thursday. He was taken into custody when police swooped on his south-west London home after investigations identified significant sums of money were flowing through his bank account. The suspect was found with his computer systems open and logged on to various virtual systems and forums. The March 20 attack on Spamhaus has been dubbed as the " biggest cyber attack in the history of the Internet " which saw server of the Dutch anti-spam organization being bombarded with traffic in tune of 300 billion bits per second (300Gbps). A DDoS attack takes place when hackers use an army of infected computers to send traffic to a server, causing a shutdown in the process. I...
FBI arrested 19-Year-old Hacker Who Hacked into Miss Teen USA's Webcam

FBI arrested 19-Year-old Hacker Who Hacked into Miss Teen USA's Webcam

Sep 27, 2013
A College 19-year-old college student and Hacker from Temecula, California has been arrested for hacking the webcams of Miss Teen USA ' Cassidy Wolf ' and other women to extort nude photos and videos from them. Earlier this year Cassidy Wolf received an anonymous email in which the sender claimed to have stolen images from the camera on her home computer. According to the complaint, he threatened to turn her " dream of being a model ... into a ..... " Jared James Abrahams , 19 years-old man forced several women to strip. Based on an investigation launched in March the FBI raided THE suspect's home in June, seizing computers, cell phones and hacking software. Abrahams is accused of hacking the computers of several young women and charged with extortion, that could send him to federal prison for up to two years. Abrahams used malicious software to disguise his identity in order to capture nude photos or videos of victims through remote operat...
Hacker sold personal data of 4 million US citizens online; risk of potential Identity Theft

Hacker sold personal data of 4 million US citizens online; risk of potential Identity Theft

Sep 27, 2013
An illegal service that sells personal data of US citizens online, which can then be used for identity theft hacked into the networks of three major data brokers and Hacker stole their databases. Cyber attack has given them access to Social Security Numbers , dates of birth, and other personal details that could put all our finances at risk. Krebs's blog revealed that the service, known as SSNDOB ( ssndob.ms)  (Social Security Number Date of Birth) used malware to obtain secret access to the databases of LexisNexis, Dun & Bradstreet and Kroll Background America. Hackers are charging from 50 cents to $2.50 per record and from $5 to $15 for credit and background checks. It was discovered in March that another website, exposed.su was using data collected by SSNDOB to sell to its customers.  Through the use of a botnet Malware, ID thieves the ID thieves gained access to the networks of LexisNexis, that it provides coverage of more than 5...
Mailbox iPhone app vulnerability executes any Javascript from HTML mail body

Mailbox iPhone app vulnerability executes any Javascript from HTML mail body

Sep 26, 2013
Italian Researcher Michele Spagnuolo recently revealed a serious vulnerability in the popular Mailbox iPhone app . Mailbox is a tidy iOS the email app recently purchased by Dropbox , has a pretty wide-open hole that could allow bad actors to hijack your device. The flaw occurs in the latest version of Mailbox (1.6.2) currently available from the App Store, that  executes any Javascript which is present in the body of HTML emails. With exploitation of this vulnerability, users could be subject to account hijacking, spam and phishing attacks by simply opening an HTML email containing embedded javascript. You can see a video demonstration below: The good news is that the problem is probably not as bad as it looks, because iOS is tightly sandboxed, its security features are built with this functionality in mind and normally do not allow any potentially harmful operation to take place without the user's permission. Mailbox's statement on this issue,...
22 years-old Chartered Accountant student hacks into Celebrities E-taxation Accounts

22 years-old Chartered Accountant student hacks into Celebrities E-taxation Accounts

Sep 26, 2013
Last week a 21-year-old chartered accountant student from Hyderabad was arrested for hacking into E-taxation Account of Industrialist Anil Ambani. During the probe Mumbai Police's crime branch has emerged that Anil Ambani's account was also fraudulently accessed from Noida. After investigation, Police were able to track another CA student who not only accessed Ambani's account,  but also of popular cricketers and film stars including Sachin Tendulkar, MS Dhoni, Shah Rukh Khan and Salman Khan. 22 years-old CA student named, Sanchit Katiyal -- who is doing his articleship at  Vishal Kaushal Company, an accountancy firm in Noida,  had hacked into Ambani's account on 26th June.  His computer and hard disks were seized by Cyber Crime Cell. He first accessed the accounts of Shah Rukh and Salman on 22nd June, Dhoni's account on 24th June and then broke into Ambani's account.  He again accessed Dhoni's account on June 28, and Tendulkar's on July ...
Thousands of Wordpress blogs compromised to perform DDOS attack

Thousands of Wordpress blogs compromised to perform DDOS attack

Sep 25, 2013
There is currently a Mega cyber attack campaign being launched on a large number of WordPress websites across the Internet.  In April, 2012 we reported about a large distributed brute force attack against millions of WordPress sites were occurring, out of that hackers are successful to compromise 90,000 servers to create a large Botnet  of Wordpress hosts. According to the DDOS attack logs report  received from a ' The Hacker News ' reader ' Steven Veldkamp ', victim's website was under under heavy DDOS attack recently, coming from various compromised Wordpress based websites. Possibly using the brute force attack on WordPress administrative portals with the a world list of the most commonly used username and password combinations, attackers are taking control of many poorly secured WordPress Hosts. After analyzing the piece of a DDOS attack Log file from timing 23/Sep/2013:13:03:13 +0200 to 23/Sep/2013:13:02:47 +0200, we found that in 26 second att...
NSA Chief, General Alexander defends US surveillance programs as a Noble Mission

NSA Chief, General Alexander defends US surveillance programs as a Noble Mission

Sep 25, 2013
On Wednesday, Chief of National Security Agency (NSA) , General Keith Alexander defended US surveillance programs as part of a Noble Mission to protect the nation. He said that the collection of bulk phone records by U.S. Intelligence agencies are essential to preventing terrorist attacks. He referenced the criticism thrown at the intelligence services in late 2001 for not connecting the dots that led up to the Sept. 11 attacks. " We need our nation to understand why we need these tools, and what those tools mean for civil liberties and privacy and what they mean to defend this country, " General Keith Alexander said during a keynote speech at the Billington Cyber Security Summit in Washington. In recent months NSA has been targeted for severe criticism from privacy advocates, members of Congress and foreign allies of America, whose citizens may have been targets of this surveillance. Alexander pleaded for support of NSA programs during his speech at ...
Android Device Manager allows user to Lock, Wipe and Locate device remotely

Android Device Manager allows user to Lock, Wipe and Locate device remotely

Sep 24, 2013
If you lose your device, Google lets you secure it instantly from afar through Android Device Manager, that let you locate and remotely wipe your phones and tablets. The latest update to Android Device Manager enables remote password locking, overrides the built-in Pattern, PIN code, Face unlock or password-based security, making sure your data doesn't fall into wrong hands. To get started, go to google.com/android/devicemanager on your computer and go through your list of devices that are connected to your Google account. I tried the process with my Samsung Galaxy S4, and it worked like a charm. Google's new feature is a very useful one for those who don't have a lock on their phone and want to make sure their data is protected. A lock request will immediately secure any device connected to Wi-Fi or a cellular network, even if it's actively being used. If a thief has turned off a phone or enabled Airplane Mode, the lock will take effect as soon as a data co...
iPhone 5s Users Fooled By Apple, NSA and A Fake middle finger

iPhone 5s Users Fooled By Apple, NSA and A Fake middle finger

Sep 24, 2013
Last week Apple releases the iPhone 5S  with Touch ID , a fingerprint-scanning feature, promoted by the company as " Your fingerprint is one of the best passwords in the world ". Just after the launch of iOS7 , Hackers around the world come up with a series of security issues and privacy concerns. One of the most embarrassing hack released yesterday, when a group of German Hackers fooled the iPhone 's biometric fingerprint security by just using a high resolution photo of someone's fingerprint. Now, We all are aware about many secret surveillance projects of NSA like PRISM , where U.S. government is collecting data from these Internet companies including - Apple. Apple claimed that, iPhone will never upload fingerprints to their server, but can we believe them anymore ? It is already proven that, During Surveillance operations and for Backup purpose, Smartphone applications can upload anything from your device to their online servers without any...
New Mac OS Malware exploited two known Java vulnerabilities

New Mac OS Malware exploited two known Java vulnerabilities

Sep 24, 2013
A new Mac OS Malware has been discovered called OSX/Leverage . A , which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user's machine. The Trojan named ' Leverage ' because the Trojan horse is distributed as an application disguised as a picture of two people kissing, possibly a scene from the television show " Leverage ". The attack launched via a Java applet from a compromised website and which drops a Java archive with the backdoor to the visitor's computer and launches it without a user intercation. To perform the attack, Malware uses two recently disclosed Java vulnerabilies  known as CVE-2013-2465 and CVE-2013-2471. Once it's installed, the Trojan connects to the C&C server on port 7777. Security vendor Intego said that Malware linked to Syrian Electronic Army (SEA) , because after installation Malware attempt to download an image associated with the Syrian Electronic...
Internet Explorer zero-day exploit used watering hole attacks to target Japanese users

Internet Explorer zero-day exploit used watering hole attacks to target Japanese users

Sep 24, 2013
Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft's Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye , at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation DeputyDog , appears to target manufacturers, government entities and media organizations in Japan. The compromised sites recorded more than 75,000 page views before the exploits were discovered. The zero-day vulnerability in IE 8 and 9 allows the stealthy installation of software in the users' computers which then can be remotely accessed by the hackers. The hackers typically use Trojans designed specifically for a pay-to-order attack to steal intellectual property. Researchers saw a payload executable file used against a Japanese target posing as an image file hosted on a Hong Kong server. The attack in Japan was discovered two days after Microsoft disclosed the ...
Fake Grand Theft Auto V iFruit Android app fools thousands

Fake Grand Theft Auto V iFruit Android app fools thousands

Sep 23, 2013
Android malware is continuing to cause problems for end users with huge amounts of fraud and Malware campaigns going on. A lot of fake apps are currently on Google Play Store fooling thousands of consumers. Grand Theft Auto 5 , which hit stores last Tuesday and is shaping up to be the most lucrative video game release ever. Now, Rockstar Game do plan to bring their Grand Theft Auto V iFruit app for Android devices, but before official released, it's fake malicious versions are out in Google Play Market. Rockstar have confirmed that they haven't released the Android version yet, only the iOS version is available right now and Android owners are warned not to download them, because some could contain malicious malware . There are at least two fake apps have surfaced on the Google Play Store that use the same icon as iFruit in an attempt to mimic the real thing. The deceptive part about these apps is that the developer publicly listed appears as "...
Finally, iPhone's Fingerprint Scanner 'TouchID' hacked first by German Hackers

Finally, iPhone's Fingerprint Scanner 'TouchID' hacked first by German Hackers

Sep 23, 2013
Apple has marketed TouchID both as a convenience and as a security feature. " Your fingerprint is one of the best passwords in the world ," says an Apple promotional video. A European hacker group has announced a simple, replicable method for spoofing Apple's TouchID fingerprint authentication system. The Apple TouchID it the technology developed by Apple to replace passcode on its mobile and help protect users' devices, it is based on a sensor placed under the home button and it is designed to substitute the four-digit passcode to unlock the handset and authorize iTunes Store purchases. But is it really so? Hackers members of the Chaos Computer Club claim to have defeated Apple TouchID fingerprint sensor for the iPhone 5S, just after the start of its sale to the public. " Fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints, " a hacker named Starbug was quoted as sa...
Turning your iPhone or Android camera into Microscope

Turning your iPhone or Android camera into Microscope

Sep 22, 2013
Have you ever been wanting to take a picture of something you're looking at under your microscope but you just can't? Well, but now the Microphone Lens turns your iPhone or Android camera phone into a portable handheld microscope. By attaching a lightweight, inexpensive device to the back of a smart phone, researchers at the University of California (UCLA) can convert the phone into a sensitive fluorescence microscope. Microphone Lens allows the phone's camera to take pictures of single nanoparticles and viruses, possibly providing a portable diagnostic tool for health care workers in developing countries. In an experiment, A Nokia 808 PureView smartphone has been used to do fluorescent imaging on individual nanoparticles and viruses. By clipping on a 3D-printed attachment that included a laser bought on eBay Their work is funded by Nokia university research funding, the Army Research Office, the National Science Foundation, and other sources.
Expert Insights Articles Videos
Cybersecurity Resources
//]]>