The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Clickjacking Vulnerability in Telegram Web Client The official Telegram web-client that allows its users to access messenger account over desktop's web browser is vulnerable to clickjacking web application vulnerability. Egyptian security researcher Mohamed A. Baset told The Hacker News about a flaw in Telegram that could allow an attacker to change sensitive information of a Telegram user, including password and the recovery e-mail. [ Watch Video Demo ] "Telegram web client is not protecting itself from clickjacking with the typical X-Frame-Options header but uses a JS frame busting technique to prevent the website to be iframed," Mohamed says. However, by exploiting one of HTML5 Features, Mohamed was able to open the Telegram account's settings page with a sandboxed iframe to prevent redirecting to top window, which also allows him to execute cross-site request forgery (csrf) vulnerability on the web-client. " I sent [bug report] it to them [Telegram team]...

In Brief A suspect of child pornography possession, Francis Rawls, who is a former Philadelphia Police Department sergeant, has been in solitary confinement without charges for last seven months and will remain until he complies with a court order forcing him to decrypt his password-protected hard drives seized in connection with a child pornography investigation. Remember Ramona Fricosu? In 2012, a Colorado woman was ordered to unlock her laptop while investigating financial fraud, but she refused to unlock it saying that she did not remember the password. Later the US Court ruled that Police can force defendants to decrypt their electronic devices, of course, as it does not violate the Fifth Amendment that prevents any citizen from having to incriminate themselves. Forget the password? It might be a smart way to avoid complying with a court order, but not every time. A Philadelphia man has been in jail for seven months and counting after being refused to comply with a c...

In Brief According to an investigation, Matthew Edman, a cyber security expert and former employee of the Tor Project, helped the FBI with Cornhusker a.k.a Torsploit malware that allowed Feds to hack and unmask Tor users in several high-profile cases, including Operation Torpedo and Silk Road. Do you know who created malware for the FBI that allowed Feds to unmask Tor users? It's an insider's job… A former Tor Project developer. In an investigation conducted by Daily Dot journalists, it turns out that  Matthew J. Edman , a former part-time employee of Tor Project, created malware for the Federal Bureau of Investigation (FBI) that has been used by US law enforcement and intelligence agencies in several investigations, including Operation Torpedo . Matthew Edman is a computer scientist who specializes in cyber security and investigations and  joined the Tor Project in 2008 to build and enhance Tor software's interactions with Vidalia software, cross-platform ...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

In Brief The Microsoft's Windows Defender Advanced Threat Hunting team detected that a cyber espionage group of hackers, known as PLATINUM, has found a way to turn the Windows's Hotpatching technique (a way of updating the operating system without requiring a restart) to hide its malware from Antivirus products. PLATINUM group has been active since 2009 and launching large-scale attacks against governmental organizations, intelligence agencies, defense institutes and telecommunication providers in South and Southeast Asia. Practically speaking, the most important thing for a sophisticated APT hacker and a cyber-espionage group is to remain undetected for the longest possible period. Well, that's exactly what an APT (Advanced Persistent Threat) group has achieved. The Microsoft's Windows Defender Advanced Threat Hunting team has discovered that an APT group, dubbed Platinum, has been spying on high-profile targets by abusing a " novel " technique called...

No matter how smart and fast your devices would be, the biggest issue is always with the battery technology. Whenever you go to buy any electronic gadget — smartphone, laptop, or any wearable — the most important specification isn't its processor speed or its camera quality but its Battery Backup , which is not getting better any time soon. What if you could eliminate the very thing entirely? Well, that's exactly what the electrical engineers from the University of Washington has developed. A team of researchers from the University of Washington's Sensor Lab and the Delft University of Technology has developed a new gadget that doesn't need a battery or any external power source to keep it powered; rather it works on radio waves. So, this means you have to turn on your radio every time to keep this device charged. Right? No, you don't need to do this at all, because the device sucks radio waves out of the air and then converts them into electricity. Wireless Ident...