The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Instagram is growing quickly—and with the second most popular social media network in the world (behind just Facebook), the photo-sharing network absolutely dominates when it comes to user interactions. And with great success comes great responsibility—responsibility to keep users' accounts safe, responsibility to fight fake accounts and news, and responsibility of being transparent. You might know that the Facebook-owned photo-sharing network has recently been a victim of a widespread hacking campaign that has affected thousands of Instagram users, leaving them locked out of their accounts. In the wake of the security mishappening, Instagram has announced a trio of security updates intended to discourage trolls, stop misinformation, and make the platform a little safer for its one billion users. In an official blog post , titled "New Tools to Keep Instagram Safe," published by Instagram Co-Founder & CTO Mike Krieger on August 28, the company announced thr...

A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft's Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine. And guess what? The zero-day flaw has been confirmed working on a "fully-patched 64-bit Windows 10 system." The vulnerability is a privilege escalation issue which resides in the Windows' task scheduler program and occured due to errors in the handling of Advanced Local Procedure Call (ALPC) systems. Advanced local procedure call (ALPC) is an internal mechanism, available only to Windows operating system components, that facilitates high-speed and secure data transfer between one or more processes in the user mode. The revelation of the Windows zero-day came earlier today from a Twitter user with online alias SandboxEscaper, who also posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the ...

Security researchers from Google have publicly disclosed an extremely serious security flaw in the first Fortnite installer for Android that could allow other apps installed on the targeted devices to manipulate installation process and load malware, instead of the Fortnite APK. Earlier this month, Epic Games announced not to make its insanely popular game ' Fortnite for Android ' available through the Google Play Store, but via its own app. Many researchers warned the company that this approach could potentially put Android users at a greater risk, as downloading APKs outside of the Play Store is not recommended and requires users to disable some security features on Android devices as well. And it seems like those fears and concerns were true. Google developers discovered a dangerous security flaw as soon as the Fortnite game launched on Android. Fortnite Android Installer Vulnerable to Man-in-the-Disk Attack In a proof-of-concept video published by Google, r...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers. The leaked information includes customers' name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid). However, the good news is that no financial information like credit card numbers, social security numbers, or passwords, were compromised in the security breach. According to a brief blog post published by the company detailing the incident, its cybersecurity team detected and shut down an "unauthorized capture of some information" on Monday, August 20. Although the company has not revealed how the hackers managed to hack into its servers neither it disclosed the exact number of customers affected by the data breach, a T-Mobile spokesperson told Motherboard that less than 3 percent of its 77 m...

A former NSA contractor, who pleaded guilty to leaking a classified report on Russian hacking of the 2016 U.S. presidential election to an online news outlet last year, has been sentenced to five years and three months in prison. Reality Winner , a 26-year-old Georgia woman who held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International, initially faced 10 years in prison and a $250,000 fine. However, in the U.S. District Court in Augusta, Georgia on Thursday, Winner agreed to a plea agreement that called for five years and three months in prison with three years of supervision after release. Back in May 2017, Winner printed out a top-secret document detailing about the Russian hacking into U.S. voting systems, smuggled the report out of the agency in her underwear, and then mailed it anonymously to The Intercept. The Intercept, an online publication that has been publishing classified NSA documents leaked by Edward Snow...

Facebook yesterday removed its mobile VPN app called Onavo Protect from the iOS App Store after Apple declared the app violated the iPhone maker's App Store guidelines on data collection. For those who are unaware, Onavo Protect is a Facebook-owned Virtual Private Network (VPN) app that was primarily designed to help users keep tabs on their mobile data usage and acquired by Facebook from an Israeli analytics startup in 2013. The so-called VPN app has been the source of controversy earlier this year, when the social media giant offered it as a free mobile VPN app, promised to "keep you and your data safe when you browse and share information on the web." However, Onavo Protect became a data collection tool for Facebook helping the company track smartphone users' activities across multiple different applications to learn insights about how Facebook users use third-party apps. Why Did Apple Remove Facebook's Free VPN App? Now according to a new report ...

Security researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities—as part of what seems to be a targeted espionage campaign. Legitimate Android applications when bundled with the malware framework, dubbed Triout, gain capabilities to spy on infected devices by recording phone calls, and monitoring text messages, secretly stealing photos and videos, and collecting location data—all without users' knowledge. The strain of Triout-based spyware apps was first spotted by the security researchers at Bitdefender on May 15 when a sample of the malware was uploaded to VirusTotal by somebody located in Russia, but most of the scans came from Israel. In a white paper (PDF) published Monday, Bitdefender researcher Cristofor Ochinca said the malware sample analyzed by them was packaged inside a malicious version of an Android app which was available on Google Pla...