-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Improve Your Hacking Skills with 9 Python Courses for Just $39

Improve Your Hacking Skills with 9 Python Courses for Just $39

Mar 30, 2022
For anyone with interest in  cybersecurity , learning Python is a must. The language is used extensively in white hat hacking, and professionals use  Python  scripts to automate tests. It also has a use in the “soft” side of cybersecurity — like scraping the web for compromised data and detecting bugs.  Featuring nine full-length video courses,  The Complete 2022 Python Programmer Bundle  helps you come to grips with this powerful programming language. The included training is worth $1,791 altogether. But thanks to a special price drop, readers of The Hacker News can  get the bundle today for just $39 . Special Offer — This library of Python video training includes 46 hours of content, and you can get lifetime access today  for just $39 ! When each new year of computer science talent arrives at MIT and Stanford, one of the first languages they learn is Python.  Why? Well, it’s relatively easy to read. But just as importantly, it’s super...
IT Firm Globant Confirms Breach after LAPSUS$ Leaks 70GB of Data

IT Firm Globant Confirms Breach after LAPSUS$ Leaks 70GB of Data

Mar 30, 2022
The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel – which has nearly around 54,000 members as of writing – posting images of extracted data and credentials belonging to the company's DevOps infrastructure. The screenshots depict a folder listing for what appears to be different companies from across the world, including Arcserve, Banco Galicia, BNP Paribas Cardif, Citibanamex, DHL, Facebook, Stifel, among others. Also shared is a torrent file purported to contain around 70GB of Globant's source code as well as administrator passwords associated with the firm's Atlassian suite, including Confluence and Jira, and the Crucible code review tool. As malware research group  VX-Underground  points out, the passwords are not only easily guessable, but they...
CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices

CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices

Mar 30, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DoE) are jointly warning of attacks against internet-connected uninterruptible power supply (UPS) devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet," the agencies  said  in a bulletin published Tuesday. UPS devices, in addition to offering power backups in mission-critical environments, are also equipped with an internet of things (IoT) capability, enabling the administrators to carry out power monitoring and routine maintenance. But as is often the case, such features can also open the door to malicious attacks. To mitigate against such threats, CISA and DoE are advising organizations to enumerate and disconnect all UPS systems from the internet and gate them behind a...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances

Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances

Mar 30, 2022
SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition. Tracked as  CVE-2022-22274  (CVSS score: 9.4), the issue has been described as a stack-based buffer overflow in the web management interface of SonicOS that could be triggered by sending a specially crafted HTTP request, leading to remote code execution or DoS. The flaw impacts 31 different SonicWall Firewall devices running versions 7.0.1-5050 and earlier, 7.0.1-R579 and earlier, and 6.5.4.4-44v-21-1452 and earlier. ZiTong Wang of Hatlab has been credited with reporting the issue. The network security company  said  it's not aware of any instance of active exploitation in the wild leveraging the weakness, and that no proof-of-concept (PoC) or malicious use of the vulnerability has been publicly reported to date. That said,...
New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials

New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials

Mar 29, 2022
A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. "Transparent Tribe has been a highly active APT group in the Indian subcontinent," Cisco Talos researchers  said  in an analysis shared with The Hacker News. "Their primary targets have been government and military personnel in Afghanistan and India. This campaign furthers this targeting and their central goal of establishing long term access for espionage." Last month, the advanced persistent threat expanded its malware toolset to compromise Android devices with a backdoor named  CapraRAT  that exhibits a high "degree of crossover" with CrimsonRAT. The latest set of attacks detailed by Cisco Talos involves making use of fake domains that mimic legitimate government and related organizations to deliver the malicious payloads, including a Pytho...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources