The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Source Code of Crypo.com Available to Download ! The Source Code of Crypo.com , One of the Famous Free Online Encryption Service is now available to download form a File sharing website . This Script will encrypt your messages using a strong encryption algorithm, and then your information will be secure for sending.  Download Here

Fully Undetectable Backdoor generator for Metasploit Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. Below you can find the modified version and a simple presentation on how it works: In order to be able to compile the generated payload we must install the following packages ; Mingw32 gcc which you can install by : root@bt:~# apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils After the installation we must move our shell-script - Vanish.sh - to default Metasploit folder  (/pentest/exploits/framework) and execute it. Recommended Seed Number = 7000 and Number of Encode = 14 . Note:  By default Script Generates Reverse TCP Payload but you can change it some modifications in Script [vanish.sh]. Virus Scan Report of Backdoor shows that its almost undetectable by most of the Antivirus programs. Download Link ...

Russian hackers hit Twitter with automated hashtags tweets Russian hackers have taken aim at Twitter in recent days to hamper communication between opposition activists as outrage against the conduct of last week's general elections grows. The pro-government messages were generated by thousands of Twitter accounts that had little activity beforehand. The hashtag is #триумфальная (Triumfalnaya), the name of the square where many protesters gathered. Maxim Goncharov, a senior threat researcher at Trend Micro, observed that " if you currently check this hash tag on twitter you'll see a flood of 5-7 identical tweets from accounts that have been inactive for month and that only had 10-20 tweets before this day. To this point those hacked accounts have already posted 10-20 more tweets in just one hour. " Brian Krebs, the author of the blog Krebs on Security, noted that the 'bot accounts he lists them here  appear to follow a single account called @master_boot , as well as following e...

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom. This isn't just about poor hygiene; it's a systemic and growing supply chain risk. As cyber threats become more sophisticated, so do compliance requirements. Security frameworks like NIS2, SOC2, and ISO 27001 now demand proof that software delivery pipelines are hardened and third-party risk is controlled. The message is clear: securing your Git repositories is no longer optional, it's essential. Below, we look at the ris...

BeEF 0.4.2.12 alpha Browser Exploitation Framework Released The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing. BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors. BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include metasploit, port sc...

The Mole - Another Automatic SQL Injection exploitation tool The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command line interface. Different commands trigger different actions. Auto-completion for commands, command arguments and database, table and columns names. Support for query filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily. Exploits SQL Injections through GET and POST methods. Developed in python 3. Video Demonstration: 1.)  Installation Guide 2.) Tutorial to Use 3.) Download Mole

Note : This Article is taken from Most Comprehensive and Informative IT Security Magazine by The Hacker News - December Edition [ Download Here ] "Be Social" is the imperative of the last years. We live alternative lives, weave dense networks of relationships; we feel the irrepressible urge to be part of a group, to fill the void that we carry within. But this human propensity to aggregation is now the foundation of the concept of "social network", a community of people, each of them defined "node" by researches, which are united by friendship, kinship, passions, interests, religious beliefs. The whole world is represented by a lattice structure that scientists have long taken to study, to achieve the classification of that human "node", classify its customs, and especially to predict the behavior and through it influence the response of the community a particular event. The philosophy is that of the control. In May Pierluigi Paganini defined the ter...

Six arrested for Million Pounds phishing scam Six people from London and the North West were being questioned by police on Friday in connection with a £1 million phishing scam that drained the bank accounts of hundreds of UK students. That is a lot of beer and book money, and the police said that hundreds of students had been caught out by the scammers. Today the Metropolitan Police said its Police Central e-Crime Unit (PCeU) arrested the suspects yesterday after four months of investigation. On Thursday, the police arrested a 38 year old man in Bolton; a 26 year old man and a 25 year old woman in Manchester; a 25 year old man in Deptford, London; and a 49 year old woman and a 31 year old man in Stratford, London. Police also seized computers and equipment from premises in London, Manchester and Bolton. The police said that on average the scammers, four men and two women, took amounts of money ranging from £1,000 to £5,000 at a time. They have been arrested on suspicion of consp...