The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The users of WordPress , a free and open source blogging tool as well as content management system (CMS), are being informed of a widespread malware attack campaign that has already compromised more than 100,000 websites worldwide and still counting. The news broke throughout the WordPress community earlier Sunday morning when Google blacklisted over 11,000 domains due to the latest malware campaign , that has been brought by SoakSoak.ru , thus being dubbed the ' SoakSoak Malware ' epidemic. While there are more than 70 million websites on the Internet currently running WordPress, so this malware campaign could be a great threat to those running their websites on WordPress. Once infected, you may experience irregular website behavior including unexpected redirects to SoakSoak.ru web pages. You may also end up downloading malicious files onto your computer systems automatically without any knowledge. The search engine giant has already been on top of this infection a...

British government surveillance agency GCHQ – counterpart of NSA – has fired-up another debate over the Internet by launching Android application to encourage teenagers to tackle emerging cybersecurity threats. The newly launched Android app , dubbed " Cryptoy ", was developed by STEM (science, technology, engineering and maths) students on an industrial year placement at GCHQ. The Cryptoy app was highly appreciated and liked by GCHQ at the Cheltenham Science Festival that they made it available to download today. The app is designed mainly to tempt youngsters between the ages of 14 and 16 into trying their hand in cryptography and code-breaking, but can be used by anyone interested in cryptography. According to GCHQ , Cryptoy app will help users to understand basic encryption methods, teach the codes of the past, and create their own encrypted messages. The app allows users to share these encoded messages by using four code-breaking techniques – Shift, Subs...

Alibaba Group has patched a major security vulnerability in one of its e-commerce portals that exposed account details of tens of millions of Merchants and shoppers to cyber criminals. An Israeli application security firm, AppSec Labs, found a Cross site scripting (XSS) vulnerability in AliExpress, the company's English language e-commerce site that was found vulnerable to similar flaw a week ago that compromised personal information of Alibaba customers. The flaw was fixed shortly after Cybermoon security firm disclosed it to Alibaba. AliExpress is an online marketplace owned by Chinese E-Commerce giant Alibaba.com, also known as Google of China. The company serves more than 300 Million active users from more than 200 countries including the U.S., Russia and Brazil. But the critical vulnerability found by the researcher could allow an attacker to hijack merchant's account. Using AliExpress XSS vulnerability an attacker can inject any malicious payload script as v...

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible" non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have become one of the ripest targets for attackers. Astrix's Field CTO Jonathan Sander put it bluntly in a recent Hacker News webinar : "One dangerous habit we've had for a long time is trusting application logic to act as the guardrails. That doesn't work when your AI agent is powered by LLMs that don't stop and think when they're about to do something wrong. They just do it." Why AI Agents Redefine Identity Risk Autonomy changes everything: An AI agent can chain multiple API calls and modify data without a human in the loop. If the underlying credential is exposed or overprivileged, each addit...

Sony Pictures Entertainment hack that started at the end of the last month and so far has caused a severe damage to its reputation as well as resources, from internal system shutdown to upcoming movies and scripts leak. Now, a similar cyber attack against Casino operator Las Vegas Sands Corp has been revealed that occurred on February 2014. The cyber attack occurred on this year's February but the details of damages to the casino was not publicized until Bloomberg Businessweek exposed it in a story on Thursday. Hackers crippled thousands of servers and computers across the network of the giant Las Vegas Sands Corp. by wiping them with highly destructive malware. The hack attack was believed to be in response to the statement given by the chief executive officer and largest shareholder of Las Vegas Sands Corp., Sheldon Adelson . On October 2013, the billionaire made a statement at the Manhattan campus of Yeshiva University that Iran should be bombed to get the country to ...

We are living in an era of smart devices that we sync with our smartphones and make our lives very simple and easy, but these smart devices that inter-operates with our phones could leave our important and personal data wide open to hackers and cybercriminals. Security researchers have demonstrated that the data sent between a Smartwatch and an Android smartphone is not too secure and could be a subject to brute force hacks by attackers to intercept and decode users' data, including everything from text messages to Google Hangout chats and Facebook conversations. Well this happens because the bluetooth communication between most Smartwatches and Android devices rely on a six-digit PIN code in order to transfer information between them in a secure manner. Six-digit Pin means approx one million possible keys, which can be easily brute-forced by attackers into exposing entire conversations in plain text. Researchers from the Romania-based security firm Bitdefender ca...

The massive hacking attack against Sony Pictures Entertainment has reached a more scarier phase following another huge leak of sensitive, confidential documents revealing celebrity contact details and upcoming film scripts. The so-called Guardians of Peace (GoP) group taking responsibility for the massive hack attack against Sony Pictures Entertainment claimed to have released a new trove of more confidential data including private information of its employees, celebrity phone numbers and their travel aliases, film budgets, upcoming film scripts and many more. By the end of past two weeks before Sony Pictures Entertainment faced cyber attacks that shut down the company's computer system, the group revealed nearly 40 GB of data which contained confidential information of Sony employees such as salaries, addresses, and the US Social Security Numbers. Also, high-quality versions of five newest films distributed by Sony Pictures were also leaked online. On Monday, s...