The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Israel's Prime Minister officially opened a new national program to train teenagers in the art of cyberwarfare. The program named "Magshimim Le'umit", is to prepare them for their future role in the military and intelligence community. Israel Prime Minister Binyamin Netanyahu said the country's computer systems are facing attacks from Iran and other countries, and such attacks are set to increase in the digital age. The new program will accept outstanding pupils aged between 16 and 18 and train them to intercept malicious attacks through a three-year course. Cyber security has become a national priority in Israel, with significant resources being invested in protecting the military and civilian computing networks. Benjamin Netanyahu revealed plans to create a "digital Iron Dome" to protect vital infrastructure from hackers and viruses like last November, Israeli was under heavy cyber attacks from hacktivist group Anonymous as the latte prot...

The TopTV website and Reliance Netconnect broadband provider websites compromised today by Brazilian hacking crew named " HighTech Brazil HackTeam ". Index.php from Reliance Netconnect and few internal pages of TopTV defaced. Heather Kennedy from TopTV said that they are aware of the breach of security on its website," The IT department was working on the problem all day yesterday, New Year's Day. The site will be restored shortly " Recently the official website of Interpol Indonesia National Central Bureau (interpol.go.id) and many Singapore websites were also hacked by same hackers. The same hacker or group of hackers have also defaced the PG Glass website. The PG Glass home page currently (2 January at 09:30) displays the message " Hackeado por HighTech Brazil HackTeam… " Defaced URLs: https://www.toptv.co.za/index.php?option=com_tvguide&Itemid=29 https://www.reliancenetconnect.co.in/index.php

Last week Council on Foreign Relations website was compromised and recently hit by a drive-by attack using a zero day Internet Explorer 6 vulnerability for Cyber Espionage attack, suspected by Chinese Hackers. Later Microsoft confirmed that  Internet Explorer 6, 7, and 8 are vulnerable to remote code execution hacks. According to researcher  Eric Romang , CFR watering hole attack (CVE-2012-4969 and CVE-2012-4792) has also target Capstone Turbine Corporation website since mid-September. He was able to find a cached version of the first JavaScript that starts the drive-by attack. Then on further search finds that by doing a Google dork search site:capstoneturbine.com "_include"  we can see something strangely like CFR.org "news_14242aa.html" file. Capstone Turbine Corporation is the world's leading producer of low-emission microturbine systems, and was first to market with commercially viable microturbine energy products. Capstone Turbine has shipped tho...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

Google Play Developer Console enables developers to easily publish and distribute their applications directly to users of Android-compatible phones. Recently someone posted on Reddit that a developer is trying to spread malware by masquerading infected programs as legitimate software. The account of the developer called, " apkdeveloper " and readers spotted that they are posting fake malware apps by names of famous android games and apps, using the word "Super" as suffix to them, making them seem as an upgraded version of the game. The users can find the difference between the real app and malicious app by observing the device permissions, like as compared to the simple permissions like network access and read write access of the original Temple Run app, the ' Temple Run Super ' app asks for sensitive information like location, phone status, identity and access to user accounts. After many report abuse Google Play has removed the developer from th...

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.*.* or 172.16.*.* , can really Impact ? Most security researchers call it as "bull shit" vulnerability. But when it comes to impact calculation even if the server is behind a firewall or NAT, an attacker can see internal IP of the remote host and this may be used to further attacks. Internet Giants like Facebook, Google, PayPal and Serious National Security organizations like FBI, Pentagon and NASA are taking initiatives for their Security Issues. At same, we at ' The Hacker News ' stand together for organizations that talk about national security in a serious way. I guess,its the time to understand about the flaws and its impacts where I would like to share my findings about our Internet Giants and Organiza...

Last Friday, we reported that the website of the U.S. Council of Foreign Relations was allegedly compromised by Chinese hackers who exploited the zero-day bug that was only discovered that same day. The CFR website was compromised with JavaScript that served malicious code to older IE browsers and the code then created a heap-spray attack using Adobe Flash Player. Yesterday former hacker Bryce Case Jr (YTCracker) tweeted about a new zero day exploit threatening all users of IE8, " internet explorer 6-8 0day making the rounds force them toolbar installs and keyloggers on exgf while you still can... ". On Saturday, Microsoft published a security advisory warning users of Internet Explorer 6, 7, and 8 that they could be vulnerable to remote code execution hacks. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vuln...