The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In.com Hacked and Defaced by Mr52 One of the Leading Indian website " In.com " has been defaced by Indian Hacker Mr52 .This is the 3rd Biggest Site Hit by Mr52. He Upload shell on the Server for Defacing site. Readers can check the Linux Kernel and Username even also from Screenshot. Defaced Url :  https://mobile18.in.com/ Mirror of Hack :   https://zone-h.com/mirror/id/14643631

NERC - National Syrian energy research center Defaced by Cocain Team Cocain Hackers Team once again Hit Syrian. This time they hack and deface the website of  National Syrian energy research center . Site was defaced Yesterday and administrator again backup the site, But Readers can check hack mirror here .  Last week Official site of NDRRMC  and  Youth Peer Education Network (YPEER) Of Syria were hacked by Cocain TeaM.

SpyEye 1.3.45 Download - Loader source code A new fresh and sophisticated web-based bot named SpyEye is around in the markets and looks like to be the possible successor of the famous Zeus Trojan due to its very interesting features, with the main objective to steal bank accounts, credit cards, ftp accounts and other sensitive data from the victim's computer. SpyEye was written in C++ and the size of the compiled binary is of 60 KB, the operating systems supported are from Windows 2000 to the recent Windows 7, it works in ring3 mode (same as Zeus Trojan). It is sold as undetected from most Antivirus Software and it is invisible from the task managers and other user-mode applications, it hides the files from the regular explorer searches and it hides also its registry keys. Snorre Fagerland, Senior Virus Analyst at Norman, briefly explains what the SpyEye online banking trojan is and what you need to be on the lookout for when banking online. SpyEye is actually sold by its au...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

FireCAT 2.0 Released - Firefox Catalog of Auditing Extensions FireCAT (Firefox Catalog of Auditing exTensions) is a mindmap collection of the most efficient and useful Firefox extensions oriented application security auditing and assessment. FireCAT is not a replacement of other security utilities and software as well as fuzzers, proxies and application vulnerabilities scanners. FireCAT v2.0 - Firefox Catalog of Auditing exTensions Information Gathering Proxies & Web Utilities Editors Network Utilities Misc IT Security Related Application Auditing Download FireCAT here

University of Wisconsin-Milwaukee hacked - 75,000 social security numbers exposed University of Wisconsin-Milwaukee was the target. Malicious code was discovered on a document management database server. The university contacted law enforcement and after a month-long investigation realized that the database on the system contained over 75,000 records that included social security numbers for both students and employees. Nobody is sure how long the malware was running on the server, but it was shutdown once the breach was found. It's suspected that the software was being used to identify cutting edge research that the school is working on, but that has yet to be confirmed. It's also good to know that while students may have had their identity stolen, the database contained no " academic information such as student grades ," so at least the attackers won't be able to identify whether students passed their criminology courses.