The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A group of China-backed hackers believed to be responsible for high-profile data breaches, including the U.S. Office of Personnel Management and the insurance giant Anthem , has now hit another high-profile target –  United Airlines . United detected a cyber attack into its computer systems in May or early June; Bloomberg reported , citing some unnamed sources familiar with the matter. The same sources say that the hackers responsible for the data breach in United's systems are the same group of China-backed hackers that successfully carried out several other large heists, including the United States' Office of Personnel Management and the health insurer Anthem Inc. Dangerous Intentions: United Airlines Data Breach The stolen data includes manifests, which contain information on flights' passengers and their origins and destinations, meaning that the hackers have " data on the movements of Millions of Americans ." Since United Airlines ...

Are you the one who simply punch your wallet against a reader to get into your office? Then surely your office is using Radio-Frequency Identification (RFID) cards to manage building access and security. However, these most common access control systems are incredibly easy to hack — and now more than ever before. Thanks to a $10 tiny device developed by two security researchers that can easily circumvent these RFID cards. Dubbed BLEkey or Bluetooth Low Energy device is a tiny little device designed to be embedded in an RFID card reader, a small box you swipe or touch your card to open doors. BLEkey exploits a vulnerability in the Wiegand communication protocol used by the majority of RFID card readers today in order to clone and skim your RFID-equipped cards. Grab your BLEkey for Just $10 Mark Baseggio from security firm Accuvant and Eric Evenchick from Faraday Future who developed BLEkey are going to present their findings at next week's Black Hat se...

The National Security Agency will restrict access to, and ultimately destroy, millions of US phone records previously collected by the spy agency, the Office of the Director of National Intelligence (ODNI) announced Monday. The federal law was passed in June ending the NSA's bulk collection of U.S. Citizen's Telephone records and destroying the data it collected under a controversial global spying program disclosed by former NSA contractor Edward Snowden. So far, the ODNI didn't specify when the agency would destroy these metadata records , but noted that the metadata must be retained until the lawsuits around the metadata collection program are ongoing. NSA's Bulk Metadata Collection is illegal Section 215 of the Patriot Act legally authorizes the law enforcement agencies to collect "any tangible things" that the government proves are connected or linked to an investigation into any suspected terrorist. However, the verdict in May ruled that the mas...

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...

A critical vulnerability has been discovered in the official Apple's App Store and iTunes Store, affecting millions of Apple users. Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in the Apple App Store invoice module and is remotely exploitable by both sender as well as the receiver. The vulnerability, estimated as high in severity, has been reported to Apple Security team on June 9, 2015 and the company patched the issue within a month. How the vulnerability works? By exploiting the flaw, a remote hacker can manipulate the name value ( device cell name ) by replacing it with a malicious script code. Now, if the attacker buys any product in the App Store or iTunes Store, the internal app store service takes the device value ( which is actually the malicious code ) and generates the invoice which is then sends to the seller account. This results in...

Wanna Hack an extremely secure Computer? You do not need sophisticated techniques or equipment to do so. To hack an Air-Gapped computer – All you need is a cell phone; even old-fashioned, dumb phones from the past decade will work. Yes, Hacking Air-Gapped Computers is possible using a basic low-end mobile phone. Israeli security researchers have devised a new attack to steal data from a computer that is isolated from the internet and other computers that are connected to external networks, also known as an air-gapped computer. This new hack attack that could steal data from a highly secured computer uses: The GSM network Electromagnetic waves A basic low-end mobile phone The research was conducted by lead security researcher Mordechai Guri, along with Yuval Elovici, Assaf Kachlon, Ofer Hasson, Yisroel Mirsky, and Gabi Kedma – the same researchers who developed a previous attack that used a smartphone to wirelessly extract data from Air-Gapped computers . ...