The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The search engine giant Google will soon come up with its next version of Android operating system, dubbed as Android L , with full-disk encryption enabled by default, Google confirmed Thursday. This will be for the first time that Google's Android OS will be encrypting your information, preventing both hackers and law enforcement agencies from gaining access to users' personal and highly sensitive data on their devices running the Android operating system. While Android has been offering data encryption options for some Android devices since 2011. However the options are not enabled by default, so users have had to activate the functionality manually. But Android L will have new activation procedures that will encrypt data automatically. Although Google is yet to provide more details about Android L, which is set to be released next month. But the move by the web giant will surely provide an extra layer of security on the personal data that users typically have on t...

Four month ago, a massive data breach on the eBay website affected 145 million registered users worldwide after its database was compromised. Meanwhile, another critical vulnerability on the eBay website was reported, allowing an attacker to hijack millions of user accounts in bulk. An Egyptian security researcher ' Yasser H. Ali ' informed The Hacker News about this vulnerability 4 months ago, which could be used by the cyber criminals in the targeted attacks. At that time, Mr.Yasser secretly demonstrated the vulnerability step-by-step to ' The Hacker News ' team and we confirmed - IT WORKS . Since it was not addressed by the eBay security team, we kept the technical details of this vulnerability hidden from our readers. But, as we promised to share the technical details of this interesting flaw, once after eBay team patch it. So, Here we go! The vulnerability Yasser found could allow you to Reset Password of any eBay user account and that too without any user interaction or d...

From last week, Google began paving the way to run Android apps on Chrome Operating System through the project named " App Runtime for Chrome ", but the release came with a lot of limitations – it only supported certain Android apps and on Chrome OS only. At the launch, initially only 4 Android apps – Vine, Evernote, Duolingo and Sight Words – were added to the Chrome Web Store. That was pretty exciting, but it merely whet the appetite of users hungry for more functionality. So, what if you could run more than just 4 Android apps on Chrome OS? And Also could run them on other operating systems as well? A developer by the name of " Vlad Filippov " began working on it to stripped away the limits Google has imposed. He successfully figured out a way to bring more Android apps to Chrome , instead of just the four that are officially supported by Google. The bigger success was that when Filippov got Android apps to work on any desktop Operating System tha...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Cyber criminals have exploited the power of two online advertising networks, Google's DoubleClick and popular Zedo advertising agency , to deliver malicious advertisements to millions of internet users that could install malware on a user's computer. A recent report published by the researcher of the security vendor Malwarebytes suggests that the cyber criminals are exploiting a number of websites, including The Times of Israel, The Jerusalem Post and the Last.fm music streaming website, to serve malicious advertisements designed to spread the recently identified Zemot malware . Malvertising is not any new tactic used by cybercriminals, but Jerome Segura, a senior security researcher with Malwarebytes, wrote in a blog post that his company " rarely see attacks on a large scale like this. " "It was active but not too visible for a number of weeks until we started seeing popular sites getting flagged in our honeypots," Segura wrote. "That's ...

So far people have not forgotten about the recent celebrity iCloud hacking scandal , a new wave of photographs of celebrities have been leaked in what appears to be the second edition of the massive leak related to the celebrities intimate-images on Internet earlier this month. Among the victims of the most recent leak were reality television star Kim Kardashian , 33, actor Vanessa Hudgens , 25, and U.S. national women's soccer team goalie Hope Solo , 33. Mary-Kate Olsen, Avril Lavigne, Hayden Panettiere, Lake Bell, Leelee Sobieski and former Disney stars Aly and AJ Michalka are other potential victims of this hacking scandal. A video of Aubrey Plaza and previously unreleased photographs of celebrities included in the last leak, such as Oscar-winner Jennifer Lawrence and The Big Bang Theory star Kaley Cuoco , were also released with the recent privacy breach . The leaked Celebrity Photos first appeared Saturday morning on the image-sharing site 4Chan and were also post...

Yahoo! was recently impacted by a critical web application vulnerabilities which left website's database and server vulnerable to hackers. A cyber security expert and penetration tester, Ebrahim Hegazy a.k.a Zigoo from Egypt , has found a serious SQL injection vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on its server with Root Privileges. According to Hegazy blog post , the SQLi vulnerability resides in a domain of Yahoo! website i.e. https://innovationjockeys.net/tictac_chk_req.php . Any remote user can manipulate the input to the " f_id " parameter in the above URL, which could be exploited to extract database from the server. While pentesting, he found username and password ( encoded as Base64 ) of Yahoo!' admin panel stored in the database. He decoded the Administrator Password and successfully Logged in to the Admin panel. Furthermore, SQL injection flaw also facilitate the attacker to exploit Remote Cod...