The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Google has made several new announcements for its Chrome Web Store that aims at making Chrome extensions more secure and transparent to its users. Over a couple of years, we have seen a significant rise in malicious extensions that appear to offer useful functionalities, while running hidden malicious scripts in the background without the user's knowledge. However, the best part is that Google is aware of the issues and has proactively been working to change the way its Chrome web browser handles extensions. Earlier this year, Google banned extensions using cryptocurrency mining scripts and then in June, the company also disabled inline installation of Chrome extensions completely. The company has also been using machine learning technologies to detect and block malicious extensions. To take a step further, Google announced Monday five major changes that give users more control over certain permissions, enforces security measures, as well as makes the ecosystem more t...

Looking for a hack to bypass the passcode or screen lock on iPhones? Jose Rodriguez, an iPhone enthusiast, has discovered a passcode bypass vulnerability in Apple's new iOS version 12 that potentially allows an attacker to access photos and contacts, including phone numbers and emails, on a locked iPhone XS and other recent iPhone models. Rodriguez, who also discovered iPhone lock screen hacks in the past, has posted two videos (in Spanish) on his YouTube channel under the account name Videosdebarraquito demonstrating a complicated 37-step iPhone passcode bypass process. The iPhone authorization screen bypass flaw works on the latest iPhones, including the iPhone XS, running Apple's latest iOS 12 beta and iOS 12 operating systems. Video Demonstrations: Here's How to Bypass iPhone Passcode As you can watch in the video demonstrations, the iPhone hack works provided the attacker has physical access to the targeted iPhone that has Siri enabled and Face ID either disa...

When you search for "free movie download" or "watch free movies online," search engines present a long list of websites. However, be cautious. Many free movie sites can lead to harmful computer viruses that could infect or, in the worst case, take control of your computer. Additionally, many popular torrent sites like Kickass Torrents and Pirate Bay are illegal due to copyright violations. Ensure that the movies you download are legal. There are hundreds of legal torrents available on the Internet. We often receive emails from readers asking for legal sites like Tubi TV to download free movies and TV series. This demand is understandable as finding free streaming sites or free movie download websites that comply with the law is challenging. Best Free Movie Download Websites (Legally) To assist our readers, we have compiled a list of movie sites where you can download movies legally. Streaming movies for free can be an alternative to downloading. You can wat...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed GhostDNS , the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings on an infected device, allowing attackers to route the users' internet traffic through malicious servers and steal sensitive data. According to a new report from cybersecurity firm Qihoo 360's NetLab, just like the regular DNSChanger campaign, GhostDNS scans for the IP addresses for routers that use weak or no password at all, accesses the routers' settings, and then changes the router's default DNS address to the one controlled by the attackers. GhostDNS System: List of Modules and Sub-Modules The GhostDNS system mainly includes four modules: ...

The desktop version of the security and privacy-focused, end-to-end encrypted messaging app, Telegram , has been found leaking both users' private and public IP addresses by default during voice calls. With 200 million monthly active users as of March 2018, Telegram promotes itself as an ultra-secure instant messaging service that lets its users make end-to-end encrypted chat and voice call with other users over the Internet. Security researcher Dhiraj Mishra uncovered a vulnerability (CVE-2018-17780) in the official Desktop version of Telegram (tdesktop) for Windows, Mac, and Linux, and Telegram Messenger for Windows apps that was leaking users' IP addresses by default during voice calls due to its peer-to-peer (P2P) framework. To improve voice quality, Telegram by default uses a P2P framework for establishing a direct connection between the two users while initiating a voice call, exposing the IP addresses of the two participants. Telegram Calls Could Leak Your ...