The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

When it comes to security updates, Android is a real mess. Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their customers. To deal with this issue, Google at its I/O Developer Conference May 2018 revealed the company's plan to update its OEM agreements that would require Android device manufacturers to roll out at least security updates regularly. Now, a leaked, unverified copy of a new contract between Google and OEMs obtained by The Verge reveals some terms of the agreement that device manufacturers have to comply with or otherwise they have to lose their Google certification for upcoming Android devices. Google's New Terms for Android Security Updates According to the leaked contract, Android OEMs will now be required to regularly roll out security updates for popular devices—lau...

Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON , also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric which are often used in oil and gas facilities. Triconex Safety Instrumented System is an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically if a dangerous state is detected. Since malware of such capabilities can't be created by a computer hacker without possessing necessary knowledge of Industrial Control Systems (ICS), researchers believe with "high confidence" that Moscow-based lab Central Scientific Research Institute of Chemistry and...

A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. SandboxEscaper posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the vulnerability that appears to be a privilege escalation flaw residing in Microsoft Data Sharing (dssvc.dll). The Data Sharing Service is a local service that runs as LocalSystem account with extensive privileges and provides data brokering between applications. The flaw could allow a low-privileged attacker to elevate their privileges on a target system, though the PoC exploit code (deletebug.exe) released by the researcher only allows a low privileged user to delete critical system files—that otherwise would only be possible via admin level privileges. "Not the same bug I posted a while back, this doesn't write garbage to files...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

Are you looking for The Pirate Bay, Piratebay proxies, or alternatives to thepiratebay.se? You've come to the right place for the latest Piratebay news and a list of the best torrent sites. The Pirate Bay is one of the world's most famous and best torrent search engines. It allows users to download free software, movies, and music. Piratebay.se operates on 21 raid-proof servers hosted with various cloud hosting servers. Watching TV series or movies online is a great way to entertain yourself, and it's even better if it's free and hassle-free. Torrents are excellent, but downloading copyright-protected content is not a good idea. Torrenting, trackers, or using torrent client software like uTorrent and BitTorrent is not illegal. However, downloading copyrighted content without permission is against the law. If found guilty of copyright infringement, you can be ordered to pay damages, face hefty fines, or even imprisonment. For instance, in India, you could be sentenced to ...

Security researchers have discovered a serious code execution vulnerability in the LIVE555 streaming media library—which is being used by popular media players, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks , is a set of C++ libraries companies and application developers use to stream multimedia over open standard protocols like RTP/RTCP, RTSP or SIP. The LIVE555 streaming media libraries support streaming, receiving, and processing of various video formats such as MPEG, H.265, H.264, H.263+, VP8, DV, and JPEG video, and several audio codecs such as MPEG, AAC, AMR, AC-3, and Vorbis. UPDATE: LIVE555 streaming media library supports both server and client, and is internally being used by many well-known media software such as VLC and MPlayer, security researchers at Talos mentioned in the advisory. Though researchers didn't specify if the vulnerable component (a server-side library) ...