The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A 17 year old alleged hacker accused of being associated with Anonymous hacker appeared in Parramatta Children's Court on Friday, over multiple unauthorised access crime on the behalf of hacktivist collective Anonymous. The Australian Federal Police ( AFP ) issued a statement over the matter, saying that a search warrant was issued at the youth's home in Glenmore Park, New South Wales, in November last year. The youth has been charged with six counts of unauthorised modification of data to cause impairment, one count of unauthorised access with intent to commit a serious offence, one count of possession of data with intent to commit a computer offence, and 12 counts of unauthorised access to restricted data.  " Australian Federal Police investigates various types of cybercrime and will continue to take a strong stance against these perpetrators " Suspected hacker faces a maximum of 10 years jail time if convicted and will face court again ...

Cybercriminals, underground hacking communities, hacker's market and Exploit packs.... Russian  cyberspace is well known for such crazy hacking stuff. Recently, the original Carberp botnet developer   ring that stole millions from bank accounts worldwide has been arrested. According to a report from Russian newspaper, a group of 20 people who served as its malware development team, were arrested by the Sluzhba Bezpeky Ukrayiny and the Federalnaya sluzhba bezopasnosti Rossiyskoy Federatsii (federal security service of Russia, FSB) in cities around Ukraine. Over $250 million has been stolen by the members of the botnet ring, which had roughly 20 members aged between 25 and 30. " Our experts did an enormous amount of work, which resulted in identifying the head of this criminal group, the owner and operator of a specialized banking botnet, identifying the control servers, and identifying the directing of traffic from popular websites in order t...

World's largest Digital documents library 'Scribd' announced that, they were hacked in a recent attack and  hacker potentially able to compromise general user information, which includes usernames, emails, and encrypted passwords of partial database. " Even though this information was accessed, the passwords stored by Scribd are encrypted " They emailed every user whose password was potentially compromised with details of the situation and instructions for resetting their password. " Earlier this week, Scribd's Operations team discovered and blocked suspicious activity on Scribd's network that appears to have been a deliberate attempt to access the email addresses and passwords of registered Scribd users. " Scribd team said on blog post. If your account was among those affected, visit https://www.scribd.com/password/check and Check that you are one of the lucky victim or not, I got " Good news - your password was not among thos...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

The digital currency Bitcoin has suffered yet another hack. Bitcoin wallet site Instawallet has been taken offline after a security compromise, has suspended its service indefinitely. Instawallet didn't say in a notice on its website how many bitcoins were stolen after hackers fraudulently accessed company database. " The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture. Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is. " Bitcoin is a virtual currency that uses a peer-to-peer system to confirm transactions through public key cryptography. The company also announced it will accept claims for individual Instawallets for the first 90 days, using the wallets' URL and key to file the claim. Clients will then be refunded the currency value if the balance is less than 50 BTC. The breach follows a series of attacks targeting bitcoin services. In Sep...

In earlier posts, our Facebook hacker ' Nir Goldshlager ' exposed two serious Facebook oAuth Flaws. One, Hacking a Facebook account even without the user installing an application on their account and second, various ways to bypassing the regex protection in Facebook OAuth. This time, Nir illustrated a scenario attack  " what happens when a application is installed on the victim's account and how an attacker can manipulate it so easily " According to hacker, if the victim has an installed application like Skype or Dropbox, still hacker is able to take control over their accounts.  For this, an attacker required only a url redirection or cross site scripting  vulnerability on the Facebook owner app domain i.e in this scenario we are talking about skype facebook app. In many bug bounty programs URL redirection is not considered as an valid vulnerability for reward i.e Google Bug bounty Program. Nir also demonstrated...