#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks

Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks

Apr 10, 2017
Security researchers have confirmed that the alleged CIA hacking tools recently exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries. Since March, as part of its " Vault 7 " series, Wikileaks has published over 8,761 documents and other confidential information that the whistleblower group claims came from the US Central Intelligence Agency (CIA). Now, researchers at cybersecurity company Symantec reportedly managed to link those CIA hacking tools to numerous real cyber attacks in recent years that have been carried out against the government and private sectors across the world. Those 40 cyber attacks were conducted by Longhorn — a North American hacking group that has been active since at least 2011 and has used backdoor trojans and zero-day attacks to target government, financial, energy, telecommunications, education, aerospace, and natural resources sectors. Although the group's targets were a...
Hacker Caused Panic in Dallas by Turning ON Every Emergency Siren at Once

Hacker Caused Panic in Dallas by Turning ON Every Emergency Siren at Once

Apr 10, 2017
We have seen hackers flooding 911 emergency service with rogue requests to knock the service offline for an entire state, but some hacking incidents are worse than others. One such incident took place in Dallas on Friday night when hacker triggered a network of 156 emergency warning sirens for about two hours, waking up residents and sparking fears of a disaster. The emergency warning sirens — designed to warn citizens of the Texas about dangerous weather conditions, such as severe storms and tornados — were activated around 11:40 p.m. Friday and lasted until 1:20 a.m. Saturday. The city officials tried to inform residents not to call 911 as there was not any emergency situation in the city, but the 911 system was nevertheless flooded with over 4,400 calls from panicked residents. Rocky Vaz, director of Dallas Office of Emergency Management (OEM), told the Dallas Morning News that the alarms blasted about 15 times for 90-second durations. You can even watch video footage o...
Suspected Kelihos Botnet Operator Arrested in Spain

Suspected Kelihos Botnet Operator Arrested in Spain

Apr 10, 2017
Update (Tuesday, April 11):  The arrest of a Russian man in Spain was apparently for his role in Kelihos botnet responsible for sending hundreds of millions of spam emails worldwide. A Russian computer hacker and alleged spam kingpin was arrested in Barcelona, Spain, on Friday reportedly over suspicion of being involved in hacking attacks linked to alleged interference in last year's United States presidential election process . 36-year-old Peter Yuryevich Levashov  from St. Petersburg was detained by police in Barcelona after US authorities issued an international arrest warrant for his arrest. While the Russian embassy in Madrid announced Levashov's arrest on Sunday, it did not confirm the reason for his arrest. This is the second arrest made by the Spanish authorities since the US 2016 election. In January, the police detained Stanislav Lisov , 32, on suspicion of creating and operating the NeverQuest Banking Trojan and possibly influencing the presidential ele...
cyber security

New Webinar: Identity Attacks Have Changed — Have Your IR Playbooks?

websitePush SecurityThreat Detection / Identity Security
With modern identity sprawl, the blast radius of a breach is bigger than ever. Are you prepared? Sign up now.
The Unusual Suspect: Git Repos

The Unusual Suspect: Git Repos

Jul 14, 2025Secrets Management / SaaS Security
While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...
Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild

Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild

Apr 09, 2017
It's 2017, and opening a simple MS Word file could compromise your system. Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office. The Microsoft Office zero-day attack, uncovered by researchers from security firms McAfee and FireEye, starts simply with an email that attaches a malicious Word file containing a booby-trapped OLE2link object. When opened, the exploit code gets executed and makes a connection to a remote server controlled by the attacker, from where it downloads a malicious HTML application file (HTA) that's disguised as a document created in Microsoft's RTF (Rich Text Format). The HTA file then gets executed automatically with attackers gaining full code execution on the victim's machine, downloading additional payloads from "different well-known malware families" ...
Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits

Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits

Apr 08, 2017
Remember The Shadow Brokers ? They are back. A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back. Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to " Equation Group " – an elite cyber attack unit linked to the NSA. Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million). However, after failed auction , the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (fr...
WikiLeaks Reveals CIA's Grasshopper Windows Hacking Framework

WikiLeaks Reveals CIA's Grasshopper Windows Hacking Framework

Apr 07, 2017
As part of its Vault 7 series of leaked documents, whistleblowing website WikiLeaks today released a new cache of 27 documents allegedly belonged to the US Central Intelligence Agency (CIA). Named Grasshopper , the latest batch reveals a CLI-based framework developed by the CIA to build "customised malware" payloads for breaking into Microsoft's Windows operating systems and bypassing antivirus protection. All the leaked documents are basically a user manual that the agency flagged as "secret" and that are supposed to be only accessed by the members of the agency, WikiLeaks claims. Grasshopper: Customized Malware Builder Framework According to the leaked documents, Grasshopper framework allows the agency members to easily create custom malware, depending upon the technical details, such as what operating system and antivirus the targets are using. The Grasshopper framework then automatically puts together several components sufficient for attack...
U.S. Trade Group Hacked by Chinese Hackers ahead of Trump-Xi Trade Summit

U.S. Trade Group Hacked by Chinese Hackers ahead of Trump-Xi Trade Summit

Apr 06, 2017
Researchers have uncovered a Chinese cyber-espionage against the United States ahead of the trade summit on Thursday between US President Donald Trump and China's President Xi Jinping. According to a new report published today by Fidelis Cybersecurity firm, the Chinese APT10 hacking group implanted a piece of malware on the "Events" page of the US National Foreign Trade Council (NFTC) website in February. Dubbed ' Operation TradeSecret ,' the attack against the NFTC site is seen as an attempt to conduct surveillance on the main industry players and lobbyists closely associated with U.S trade policy activities. Researchers say hackers placed a malicious link on the NFTC website, inviting the organization's board of directors to register for a meeting in Washington DC on March 7. But clicking on the link deployed a spying tool called " Scanbox ." Dates back to 2014, Scanbox – previously used by nation-state threat actors associated with the...
Microsoft Finally Reveals What Data Windows 10 Collects From Your PC

Microsoft Finally Reveals What Data Windows 10 Collects From Your PC

Apr 06, 2017
Since the launch of Windows 10, there has been widespread concern about its data collection practices , mostly because Microsoft has been very secretive about the telemetry data it collects. Now, this is going to be changed, as Microsoft wants to be more transparent on its diagnostics data collection practices. Till now there are three options ( Basic, Enhanced, Full ) for Windows 10 users to select from under its diagnostics data collection section, with no option for users to opt out of sending their data to Microsoft. Also, the company has never said precisely what data it collects behind these options, which raised huge privacy concerns among privacy-conscious users. But now for the first time, Microsoft has revealed what data Windows 10 is collecting from your computer with the release of the Windows 10 Creators Update , bringing an end to nearly two years of its mysterious data collection practices . The Windows 10 Creators Update, which will be available from Apri...
No More Ransom — 15 New Ransomware Decryption Tools Available for Free

No More Ransom — 15 New Ransomware Decryption Tools Available for Free

Apr 05, 2017
No More Ransom, so is the Ransomware Threat. Launched less than a year ago, the No More Ransom (NMR) project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware. Started as a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals. The online website not just educates computer users to protect themselves from ransomware, but also provides a collection of free decryption tools. Since December, more than 10,000 victims from all over the world have been able to decrypt their locked up devices without spending a penny, using ransomware decryption tools available free of charge on this platform. Statistics show that most of the website visitors were from Russia, the Netherlands, the U.S., Italy, and Germany. The pla...
Millions Of Smartphones Using Broadcom Wi-Fi Chip Can Be Hacked Over-the-Air

Millions Of Smartphones Using Broadcom Wi-Fi Chip Can Be Hacked Over-the-Air

Apr 05, 2017
Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction. Just yesterday, Apple rushed out an emergency iOS 10.3.1 patch update to address a serious bug that could allow an attacker within same Wifi network to remotely execute malicious code on the Broadcom WiFi SoC (Software-on-Chip) used in iPhones, iPads, and iPods. The vulnerability was described as the stack buffer overflow issue and was discovered by Google's Project Zero staffer Gal Beniamini, who today detailed his research on a lengthy blog post , saying the flaw affects not only Apple but all those devices using Broadcom's Wi-Fi stack. Beniamini says this stack buffer overflow issue in the Broadcom firmware code could lead to remote code execution vulnerability, allowing an attacker in the smartphone's WiFi range to send and execute code on th...
Tim Berners-Lee, Inventor of the Web, Wins $1 Million Turing Award 2016

Tim Berners-Lee, Inventor of the Web, Wins $1 Million Turing Award 2016

Apr 05, 2017
Sir Tim Berners-Lee — the inventor of the World Wide Web — has won this year's A.M. Turing Award, which is frequently described as the "Nobel Prize of Computing," by the Association for Computing Machinery (ACM). Turing Award is named after Alan Mathison Turing , the British mathematician and computer scientist who was a key contributor to the Allied cryptanalysis of German Enigma cipher and German "Tunny" encoding machine in World War II. The ACM announced the 2016 Turing Award on Tuesday, which also includes the top prize of $1 Million that has been awarded to Sir Berners-Lee, who is long known for inventing World Wide Web, which becomes a way for scientists to share information on the Internet. "I'm humbled to receive the namesake award of a computing pioneer who showed that what a programmer could do with a computer is limited only by the programmer themselves," Sir Berners-Lee said on receiving the award.  "It's an hon...
Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi

Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi

Apr 04, 2017
Note:  We have published a follow-up article with more technical details about this vulnerability which resides in Broadcom WiFi SoC equipped not only in Apple devices, but also in Android devices from various manufacturers. Less than a week after Apple released iOS 10.3 with over 100 bug fixes and security enhancements; the company has just pushed an emergency patch update – iOS 10.3.1 – to addresses a few critical vulnerabilities, one of which could allow hackers to "execute arbitrary code on the Wi-Fi chip." The vulnerability, identified as CVE-2017-6975, was discovered by Google's Project Zero staffer Gal Beniamini, who noted on Twitter that more information about the flaw would be provided tomorrow. Apple also did not provide any technical details on the flaw, but urged Apple iPhone, iPad and iPod Touch users to update their devices as soon a possible. In the security note accompanying iOS 10.3.1, Apple describes the issue as a stack buffer overflow vuln...
Google just discovered a dangerous Android Spyware that went undetected for 3 Years

Google just discovered a dangerous Android Spyware that went undetected for 3 Years

Apr 04, 2017
An Android version of one of the most sophisticated mobile spyware has been discovered that remained undetected for at least three years due to its smart self-destruction capabilities. Dubbed Chrysaor , the Android spyware has been used in targeted attacks against activists and journalists mostly in Israel, but also in Georgia, Turkey, Mexico, the UAE and other countries. Chrysaor espionage malware, uncovered by researchers at Lookout and Google, is believed to be created by the same Israeli surveillance firm NSO Group Technologies, who was behind the Pegasus iOS spyware initially detected in targeted attacks against human rights activists in the United Arab Emirates last year. NSO Group Technologies is believed to produce the most advanced mobile spyware on the planet and sold them to governments, law enforcement agencies worldwide, as well as dictatorial regimes. The newly discovered Chrysaor spyware has been found installed on fewer than three-dozen Android devices, al...
Hackers stole $800,000 from ATMs using Fileless Malware

Hackers stole $800,000 from ATMs using Fileless Malware

Apr 04, 2017
Hackers targeted at least 8 ATMs in Russia and stole $800,000 in a single night, but the method used by the intruders remained a complete mystery with CCTV footage just showing a lone culprit walking up to the ATM and collecting cash without even touching the machine. Even the affected banks could not find any trace of malware on its ATMs or backend network or any sign of an intrusion. The only clue the unnamed bank's specialists found from the ATM's hard drive was — two files containing malware logs. The log files included the two process strings containing the phrases: "Take the Money Bitch!" and "Dispense Success." This small clue was enough for the researchers from the Russian security firm Kaspersky, who have been investigating the ATM heists, to find malware samples related to the ATM attack. In February, Kaspersky Labs reported that attackers managed to hit over 140 enterprises, including banks, telecoms, and government organizations, in th...
Android Beats Windows to Become World's Most Popular Operating System

Android Beats Windows to Become World's Most Popular Operating System

Apr 03, 2017
It's an impressive milestone for Google — For the first time in decades, Android has been crowned as the world's most popular operating system in terms of Internet usage, knocking Microsoft Windows off the top spot. According to a new report from web traffic analytics firm StatCounter, Google's Android is the most popular operating system worldwide in terms of total internet usage across desktop, laptop, tablet, and mobile combined. Looking at overall internet usage, Android represented 37.93 percent of the global OS Internet usage market share in March, while Windows accounted for 37.91 percent. Although Windows is still not far behind, Android taking the lead is being described by StatCounter CEO Aodhan Cullen as a "milestone in technology history." This achievement is due to the fact that mobile devices are used to connect to the Internet far more frequently than desktops and laptops, and people are spending more time on smartphones surfing the Inter...
Microsoft is Shutting Down CodePlex, Asks Devs To Move To GitHub

Microsoft is Shutting Down CodePlex, Asks Devs To Move To GitHub

Apr 03, 2017
Microsoft has announced to shut down CodePlex -- its website for hosting repositories of open-source software projects -- on December 15, 2017. Launched in 2006, CodePlex was one of the Microsoft's biggest steps towards the world of open source community -- where any programmer, anywhere can share the code for their software or download and tweak the code to their liking. However, Microsoft says that the service has dramatically fallen in usage and that fewer than 350 projects seeing a source code commit over the last 30 days, pointing to GitHub as the "de-facto place for open source sharing." GitHub – 'Facebook for Programmers' In a blog post published Friday, Microsoft Corporate VP Brian Harry wrote that the shutdown of CodePlex is because the open source community has almost entirely moved over to GitHub, which provides similar functionality for sharing code that people can collaborate on. "Over the years, we have seen a lot of amazing opti...
Over 85% Of Smart TVs Can Be Hacked Remotely Using Broadcasting Signals

Over 85% Of Smart TVs Can Be Hacked Remotely Using Broadcasting Signals

Apr 01, 2017
The Internet-connected devices are growing at an exponential rate, and so are threats to them. Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks. We have seen IoT botnets like Mirai – possibly the biggest IoT-based malware threat that emerged late last year and caused vast internet outage by launching massive DDoS attacks against DynDNS provider – which proves how easy it is to hack these connected devices. Now, a security researcher is warning of another IoT threat involving Smart TVs that could allow hackers to take complete control of a wide range of Smart TVs at once without having any physical access to any of them. Researcher Shows Live Hacking Demonstration   The proof-of-concept exploit for the attack, developed by Rafael Scheel of cyber security firm Oneconsult, uses a low-cost...
WikiLeaks Reveals 'Marble' Source Code that CIA Used to Frame Russia and China

WikiLeaks Reveals 'Marble' Source Code that CIA Used to Frame Russia and China

Mar 31, 2017
WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran. Dubbed " Marble ," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware. The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation. The leaked files indicate that the Marble's source code includes Chinese, Russian, Korean, Arabic and Farsi languages, as well as English, which shows that the CIA has engaged in clever hacking games. "Marble is used to hamper[ing] forensic investigators and anti-virus companies from attributin...
Telegram Messenger Adds AI-powered Encrypted Voice Calls

Telegram Messenger Adds AI-powered Encrypted Voice Calls

Mar 31, 2017
Joining the line with rival chat apps WhatsApp, Viber, Facebook Messenger, and Signal, the Telegram instant messaging service has finally rolled out a much-awaited feature for the new beta versions of its Android app: Voice Calling . And what's interesting? Your calls will be secured by Emojis, and quality will be better using Artificial Intelligence. No doubt the company brought the audio calling feature quite late, but it's likely because of its focus on security — the voice calls on Telegram are by default based on the same end-to-end encryption methods as its Secret Chat mode to help users make secure calls. Unlike Signal or WhatsApp, Telegram does not support end-to-end encryption by default; instead, it offers a 'Secret Chat' mode, which users have to enable manually, to completely secure their chats from prying eyes. However, the voice calling feature in Telegram supports end-to-end encryption by default, enabling users to secure their chats in a way ...
Samsung Galaxy S8's Facial Unlocking Feature Can Be Fooled With A Photo

Samsung Galaxy S8's Facial Unlocking Feature Can Be Fooled With A Photo

Mar 31, 2017
Samsung launched its new flagship smartphones, the Galaxy S8 and Galaxy S8 Plus, at its Unpacked 2017 event on Wednesday in New York, with both IRIS and Facial Recognition features, making it easier for users to unlock their smartphone and signing into websites. All users need to do is simply hold their Galaxy S8 or S8 Plus in front of their eyes or their entire face, as if they were taking a selfie, in order to unlock their phone. Biometric technology – that involve person's unique identification (ID), such as Retinal, IRIS, Fingerprint or DNA – is now being integrated into more consumer devices for improved security. But, we have seen a number of hacks involving Biometric security systems in the past, which prove that fingerprint scanner and IRIS scanner  are less secure than a passcode and can be fooled by anyone, perhaps, using a photograph of the user. But how secure is the built-in sensor from Samsung to allow for facial recognition? Not so much...at least for now...
Expert Insights Articles Videos
Cybersecurity Resources