The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Tor anonymizing network Compromised by French researchers French researchers from ESIEA , a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible publicly and directly with the system's source code. They demonstrated that it is possible to take control of the network and read all the messages that circulate. But there are also hidden nodes, the Tor Bridges, which are provided by the system that in some cases. Researchers have developed a script that, once again, to identify them. They found 181. " We now have a complete picture of the topography of Tor ," said Eric Filiol. The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards ...

Bleeding Life 2 Exploit Pack Released Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version. Exploits Adobe CVE-2008-2992 CVE-2010-1297 CVE-2010-2884 CVE-2010-0188 Java CVE-2010-0842 CVE-2010-3552 Signed Applet Features Advanced Statistical Information Stylish Progress Bars Full User-Friendly Admin Panel Referer Stats Secure Panel - Login/Logout Ability To Set and Save Passwords On Panel Ability To Allow Guest Access - Guest Can Only View Stats Page, Clicking and Other Pages Disabled. Ability To Add and/or Remove Exploits Used Ability To Add Scan4You Credentials For Built-In Scanner Use Ability To Filter Browsers Ability To Filter Operating Systems Attempt To Detect and Filter HTTP Proxies Ability To Blacklist by IP/Range Ability To Import Blacklist On Pan...

Microsoft 's official Youtube channel hacked It appears that someone has hacked into Microsoft's account on Youtube and removed all videos. As can be seen in the picture, there are currently no videos at all anymore (see the red arrow in the screenshot) and the comment about the website is not " Wish to Become Sponsored ? Message me ". Also the hometown has been changed to "Hey". In their place are short clips soliciting advertisers, not surprisingly, as the channel has some 24,000+ subscribers.As of 1:30 p.m. ET, four videos have been uploaded to the account, all time-stamped within the past two hours. A fifth video, most recently uploaded, seems to have been removed. The video, "Garry's Mod – Escape the Box," featured what appeared to be an animated gunman shooting at the inside of a construction box.The channel's description reads, " I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/. " Neither Microsoft nor Google (which owns YouTube) have disclosed info...

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...

XSS Vulnerability in Interactive YouTube API Demo Beta There is a Critical Cross site XSS Vulnerability in Interactive YouTube API Demo Beta, Discovered by various sources. One of the White Hat Hacker " Vansh Sharma " Inform us about this XSS Vulnerability with proof of concept. Proof Of Concept : Open  https://gdata.youtube.com/ Enter script <img src="<img src=search"/onerror=alert("xss")//"> in the keyword area. Press ADD

Apache Server  2.3.14  Denial of Service (DDOS) Vulnerability exploit Latest version of Apache Server 2.3.14 fails.The Egyptian Hacker and Exploit writer " Xen0n " discovered this Vulnerability and Develop an perl exploit for (DDOS) Vulnerability. The Exploit is available on Inj3ct0r 's Website.

OpenVAS - Advanced Open Source vulnerability scanner OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis. An overview of the vulnerability handling process is: The reporter reports the vulnerability privately to OpenVAS. The appropriate component's developers works privately with the reporter to resolve the vulnerability. A new release of the OpenVAS component concerned is made that includes the fix. The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateless OpenVAS Management Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement variou...

Phishing Site hacked for teaching lesson to Scam Lovers Researchers at the security firm GFI Labs found an email used to lure people to a phishing site called " canal-i. " The message attempts to scare unsuspecting readers by telling them they have exceeded the storage limit on their inbox, and says, " You will not be able to send or receive new mail until you upgrade your email. Click below link and fill the form to upgrade your account. " When clicked, that link directs users to a Web page that asks for their username, email address and password. For one hacker he or she has not been identified this was not just an ordinary phishing scam, but also a chance to teach others. The white-hat hacker "white hat" refers to hackers who exploit security bugs to improve security stripped the phishing page of its malicious content and replaced it with a stern educational message about the perils lurking in the online world. Hackers have created a fake tool es...