The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The United States government today filed a lawsuit against Edward Snowden , a former contractor for the CIA and NSA government agencies who made headlines worldwide in 2013 when he fled the country and leaked top-secret information about NSA's global and domestic surveillance activities. And you would be more surprised to know the reason for this lawsuit—No, Snowden has not been sued for leaking NSA secrets, instead for publishing a book without submitting it to the agencies for pre-publication review. In his latest book, titled " Permanent Record " and released today on September 17th, Edward Snowden for the first time revealed the story of his life, including how he helped the agency to built that surveillance system. Permanent Record also details about the aftermath of Snowden decision to disclose hundreds of thousands of sensitive documents exposing the United States mass surveillance programs to the world. According to a press release U.S. Department of J...

"Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?" Remember this security warning? No? If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you should immediately go back to your Google settings and check if you're exposing all your events and business activities on the Internet accessible to anyone. At the time of writing, there are over 8000 publicly accessible Google Calendars, searchable using Google engine itself, that allow anyone to not only access sensitive details saved to them but also add new events with maliciously crafted information or links, security researcher Avinash Jain told The Hacker News. Avinash Jain , a security researcher from India working in an e-commerce company, Grofers, who previously found vulnerabilities in other platforms like NASA, Google, Jira, and Yahoo. "I was able...

The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it? As we connect everything from coffee maker to front-door locks and cars to the Internet, we're creating more potential—and possibly more dangerous—ways for hackers to wreak havoc. Believe me, there are over 100 ways a hacker can ruin your life just by compromising your wireless router —a device that controls the traffic between your local network and the Internet, threatening the security and privacy of a wide range of wireless devices, from computers and phones to IP Cameras, smart TVs and connected appliances. In its latest study titled " SOHOpelessly Broken 2.0 ," Independent Security Evaluators (ISE) discovered a total of 125 different security vulnerabilities across 13 small office/home office (SOHO) routers and Network Attached Storage (NAS) de...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Mistakenly sent a picture to someone via WhatsApp that you shouldn't have? Well, we've all been there, but what's more unfortunate is that the 'Delete for Everyone' feature WhatsApp introduced two years ago contains an unpatched privacy bug, leaving its users with false sense of privacy. WhatsApp and its rival Telegram messenger offer "Delete for Everyone," a potentially life-saving feature on which millions of people today rely to escape the awkwardness of mistakenly sending messages / pictures / videos to the wrong person. As the name indicates, the ' Delete for Everyone ' feature is intended to unsend mistakenly sent inappropriate messages—including text, photos and videos—from the recipient's phone, or from the phones of all members of a group. In the case of WhatsApp, the feature is only available within 1 hour, 8 minutes, and 16 seconds of sending a message you want to delete, which is fine and a fair use case. However, it tur...

The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. Ironically, the incident, which exposed some 106 million Capital One customers' accounts , has only reinforced the belief that the cloud remains the safest way to store sensitive data. "You have to compare [the cloud] not against 'perfect' but against 'on-premises.'" Ed Amoroso, a former chief security officer at AT&T, told Fortune magazine this week. He wasn't the only voice defending cloud computing in the wake of a hack attack. In an article titled "Don't Doubt the Cloud," Fortune columnist Robert Hackett , wrote: "The cloud is undeniably convenient and, more importantly, better in terms of security than what the majority of companies can achieve alone." The problem, experts said, was not cloud computing but rather the tendency for...

The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world to ultimately fund the North Korean government's illicit weapons and missile programs. The three North Korean hacking groups in question are the well-known Lazarus Group , and its two sub-groups, Bluenoroff and Andariel . The sanctions announced by the Treasury Department's Office of Foreign Assets Control (OFAC) claim that all the three groups are "agencies, instrumentalities, or controlled entities of the Government of North Korea" based on their relationship with Pyongyang's central intelligence bureau called the Reconnaissance General Bureau (RGB). Specifically, the sanctions aim to lock any fore...

Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system. Yes, we're excited about, but here comes the bad news... iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information. Jose Rodriguez , a Spanish security researcher, contacted The Hacker News and revealed that he discovered a lockscreen bypass bug in iOS 13 that allowed him to access the full list of Contacts on his iPhone—and every piece of information saved on them. Rodriguez told The Hacker News that he discovered the new lockscreen bypass bug on his iPhone running iOS 13 beta version and reported it to Apple on July 17. However, unfortunately, Apple failed to patch the bug even after being informed months ago, and the bypass is still working on the Gold Master (GM) version of iOS 13, the final version of the software that will be rolled out to everyone on Septembe...