The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

It's Microsoft Patch Tuesday, and time of the month in which we gather round, hold hands, and see just how much of Microsoft's software needs patching. Prepare your systems, Microsoft is expected to issue seven bulletins affecting all versions of its Windows operating system (OS), some Office components and also Mac OS X, through Silverlight and Office and 4 out of 7 are critical patches. Critical :  The first bulletin will address a remote code execution vulnerability affecting Windows and Internet Explorer. Critical : The second bulletin addresses a remote code execution vulnerability affecting Microsoft Silverlight. Critical :  The third bulletin addresses a remote code execution vulnerability affecting Office. The fourth security bulletin addresses a critical elevation of privilege vulnerability affecting both the Office and Server suites. Important : The fifth and sixth security bulletins address an information disclosure vulnerability affectin...

If hackers want to get into your computer network, they will find a way. You can make it harder but you can't stop them. According to  Australian Financial Review report on Monday, the Reserve Bank of Australia (RBA) was hacked by hackers who infiltrated its networks and allegedly stole information using a Chinese piece of malware. After investigations they found multiple computers had been compromised by malicious software seeking intelligence. Several RBA staffers including heads of department were sent the malicious emails over two days, but it isn't known if the malware executed and succeeded in capturing information from the compromised computers.  The malware consisted of a web address that linked to a zip file that contained a Trojan which at the time was not detected by the anti-virus program, according to the bank.  A Defence department spokesperson said: " The government does not discuss specific cyber incidents, activities or capabilitie...

Today a cyber attack on Pakistan Government servers crash many Government departments's official websites including Ministry of Information Technology, Ministry of Railways, Ministry of Economic Affairs & Statistics, Ministry of Interior, Ministry of Religious Affairs, Ministry of Science and Technology, Ministry of Environment and many more. Indian Hacker ' Godzilla ' continue to strike Pakistan Government because of their support to terrorism activities. Hacker said," all network owned including switches because they deserve it, I have not touched any innocent website because target is only Government " While Pakistani official are already aware about the risk from the newest viruses, worms and cyber attacks, so they having their servers running through a proxy server located at  https://202.83.164.6/ , but flawed cyber security practices once again results to messed up whole setup and hacker successfully breach into cen...

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...

A Google developer helps Apple to fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications. Security loophole allowed attacker to hijack the connection, because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store. Researcher Elie Bursztein revealed on his blog that he had alerted Apple of numerous security issues last July but that Apple had only turned on HTTPS for the App Store last week. An attacker only needs to be on the same network as the person who is using the App Store. From there, they can intercept the communications between the device and the App Store and insert their own commands. The malicious user could take advantage of the unsecure connection to carry out a number of different attacks i.e steal a password, force someone to purchase an app by swapping it with a different app that the buyer actually intende...

Google Drive is the new home for Google Docs , that users can access everywhere for Storing files safely. In a recent demonstration hacker successfully performed an attack on Google Docs to trick users to grab their Facebook, Gmail, Yahoo credentials with Credit Card Information. Security researcher Christy Philip Mathew came up with combination of  Clickjacking and CSRF vulnerabilities in Google's Docs that can allow a hacker to create a document in victim's Drive for further phishing attack. For those who are not aware about Clickjacking, It is a technique where an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe. He explain how this technique can be executed to pwn a Google user to steal victim's all type of credentials with a phishing attack. Here attacker need to send a Malicious URL to the victim, where victim needs to interact with some buttons only. Vulnera...