#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Oh Gosh! Four Zero Day Vulnerabilities Disclosed in Internet Explorer

Oh Gosh! Four Zero Day Vulnerabilities Disclosed in Internet Explorer

Jul 24, 2015
How many Zero-Days do you think could hit Microsoft today? Neither one nor two; this times its Four. The Hewlett-Packard's Zero-Day Initiative (ZDI) has disclosed four new zero-day vulnerabilities in Microsoft's Internet Explorer browser that could be exploited to remotely execute malicious code on victim's machine. All the four zero-days originally were reported to Microsoft, affecting Internet Explorer on the desktop. However, later it was discovered that the zero-day vulnerabilities affected Internet Explorer Mobile on Windows Phones as well. Each of the four zero-day flaws affects different components of the browser, and all are remotely exploitable through typical drive-by attacks. Four Zero-day vulnerabilities Disclosed by ZDI Here are the zero-day vulnerabilities, as reported by ZDI: ZDI-15-359: AddRow Out-Of-Bounds Memory Access Vulnerability ZDI-15-360: Use-After-Free Remote Code Execution Vulnerability ZDI-15-361: Use-After-Free Rem...
WordPress 4.2.3 Security Update Released, Patches Critical Vulnerability

WordPress 4.2.3 Security Update Released, Patches Critical Vulnerability

Jul 23, 2015
WordPress has just released the new version of its content management system (CMS), WordPress version 4.2.3 , to fix a critical security vulnerability that could have been exploited by hackers to take over websites, affecting the security of its Millions of sites. WordPress version 4.2.3 resolves a Cross-Site Scripting (XSS) flaw that could allow any user with the Contributor or Author role to compromise a website, Gary Pendergast of the WordPress team wrote in a blog post on Thursday. Cross-site scripting is actually a vulnerability in the Web applications' code that opens up the target website to attacks. The vulnerability is one of the most favorite and commonly used flaws by cyber criminals. According to the company, the vulnerability could allow hackers to embed maliciously-crafted HTML, JavaScript, Flash, or other code to bypass WordPress's kses protection by fooling users into executing a malicious script on their computer system. This, in turn, le...
Bug in OpenSSH Opens Linux Machines to Password Cracking Attack

Bug in OpenSSH Opens Linux Machines to Password Cracking Attack

Jul 23, 2015
A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems. Generally, the software allows 3 to 6 Password login attempts before closing a connection, but a new vulnerability lets attackers perform thousands of authentication requests remotely . OpenSSH servers with keyboard-interactive authentication enabled , including FreeBSD Linux, can be exploited to carry out the brute force attack on OpenSSH protocol, a security researcher with online alias KingCope explained in a blog post . Exploit for the Vulnerability RELEASED  Hackers could widely exploit the vulnerability because the keyboard-interactive authentication is by default enabled on most of the systems. Researcher has also released a proof-of-concept exploit code, whi...
cyber security

Free Tool: Help Desk Verification Codes

websitePush SecurityThreat Detection / Identity Security
Get secure, rotating codes in employee browsers to verify their identity and stop Scattered Spider breaches.
BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally

BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally

Jul 08, 2025Financial Scams / Online Security
A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...
Apple Mac OS X Vulnerability Allows Attackers to Hack your Computer

Apple Mac OS X Vulnerability Allows Attackers to Hack your Computer

Jul 23, 2015
A security researcher has discovered a critical vulnerability in the latest version of Apple's OS X Yosemite  that could allow anyone to obtain unrestricted root user privileges with the help of code that fits in a tweet. The privilege-escalation vulnerability initially reported on Tuesday by German researcher Stefan Esser , could be exploited by to circumvent security protections and gain full control of Mac computers. The most worrying part is that this critical vulnerability is yet to be fixed by Apple in the latest release of its operating system. This could make it easier for hackers to surreptitiously infect Macs with rootkits and other types of persistent malware. Thanks to an environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite. Apple Mac OS X Vulnerability Gives Full Control of your Mac This environment variable specifies where in the file system an operating system component called the OS X dynamic linker dyld ...
Hacking Team: We're Victim of a Criminal Cyber Attack

Hacking Team: We're Victim of a Criminal Cyber Attack

Jul 22, 2015
Hacking Team , the Italy-based spyware company that sells spying software to law enforcement agencies worldwide, says the company has always operated with the law and regulation in an ethical manner. However, there was only one Violation of Law in this entire event, and that is – " the massive cyber attack on the Hacking Team. " company stated. The recent hack on Hacking Team exposed nearly 500GB of massive internal documents including internal emails, hacking tools, zero-day exploits , surveillance tools, source code for Spyware and a spreadsheet listing every government client with date of purchase and amount paid. Hacking Team Hack and Media Reports: The attack on Hacking Team was really huge in every sense. The team finally shows its disappointment with media on its hacking incident saying, the company that helps government fight crimes is being treated as the culprits, and the criminals who attacked the company are not. " Had a media company ...
Expert Insights Articles Videos
Cybersecurity Resources