The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. Recently, cyber crooks managed to infiltrate the update mechanism for a popular server management software package and altered it to include an advanced backdoor, which lasts for at least 17 days until researchers discovered it. Dubbed ShadowPad , the secret backdoor gave attackers complete control over networks hidden behind legit cryptographically signed software sold by NetSarang —used by hundreds of banks, media firms, energy companies, and pharmaceutical firms, telecommunication providers, transportation and logistics and other industries—for 17 days starting last month. Important Note — If you are using any of the affected product (listed below), we highly recommend you stop using it until you update them. Hacker Injected Backdoor Through Software Update Mechani...

More features, more problems! Today, we are living in a digital age that is creating a digital headache for people by connecting every other unnecessary home appliance to the Internet. Last week, nearly hundreds of Internet-connected locks became inoperable after a faulty software update hit some models. Users of remotely accessible smart locks made by Colorado-based company LockState have taken to social media platforms including Twitter to complain that their $469 Lockstate 6000i locks started to fail from last Monday, leaving the keypad entirely useless. LockState's RemoteLock 6i (6000i) is an Internet-connected smart lock that connects to your home Wi-Fi network for remote control and monitoring as well as firmware updates. LockState is even a partner with Airbnb, allowing Airbnb hosts' to give their guests entry code in order to get into hotel properties without having to share physical keys. However, last week many Airbnb customers were unable to use the bu...

Ransomware has been around for a few years but has become an albatross around everyone's neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars. In just past few months, we saw a scary strain of ransomware attacks including WannaCry , Petya and LeakerLocker , which made chaos worldwide by shutting down hospitals, vehicle manufacturing, telecommunications, banks and many businesses. Before WannaCry and Petya , the infamous Mamba full-disk-encrypting ransomware and the Locky ransomware had made chaos across the world last year, and the bad news is—they are back with their new and more damaging variants than ever before. Diablo6: New Variant of Locky Ransomware First surfaced in early 2016, Locky has been one of the largest distributed ransomware infections, infecting organisations across the globe. By tricking victims into clicking on a malicious attachment, Locky ransomware encrypt...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

A few months back we reported how opening a simple MS Word file could compromise your computer using a critical vulnerability in Microsoft Office . The Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided in the Windows Object Linking and Embedding (OLE) interface for which a patch was issued in April this year, but threat actors are still abusing the flaw through the different mediums. Security researchers have spotted a new malware campaign that is leveraging the same exploit, but for the first time, hidden behind a specially crafted PowerPoint (PPSX) Presentation file. According to the researchers at Trend Micro, who spotted the malware campaign, the targeted attack starts with a convincing spear-phishing email attachment, purportedly from a cable manufacturing provider and mainly targets companies involved in the electronics manufacturing industry. Researchers believe this attack involves the use of a sender address disguised as a legitimate ema...

Phishing — is an older style of cyber-attack but remains one of the most common and efficient attack vectors for attackers, as a majority of banking malware and various ransomware attacks begin with a user clicking on a malicious link or opening a dangerous attachment in an email. Phishing has evolved than ever before in the past few years – which is why it remains one of those threats that we have been combating for many years. We have seen phishing campaigns that are so convincing and effective that even tech-savvy people can be tricked into giving away their credentials to hackers. And some that are " almost impossible to detect " and used to trick even the most careful users on the Internet. To help combat this issue, Google has introduced a security defence for it's over a billion users that will help users weed out phishing emails from their Gmail inbox. Google has rolled out new anti-phishing security checks for its Gmail app for iPhone users that will...