The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source project maintainers  noted  in an advisory published Tuesday. "If files outside of the document root are not protected by 'require all denied' these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts." The flaw, tracked as  CVE-2021-41773 , affects only Apache HTTP server version 2.4.49. Ash Daulton and cPanel Security Team have been credited with discovering and reporting the issue on September 29, 2021. Source: PT SWARM Also resolved by Apache is a null pointer dereference vulnerability observed during pr...

Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to target victims in India.  "The image we uncovered was that of a state-sponsored campaign that plays on people's hopes for a swift end to the pandemic as a lure to entrap its victims," the BlackBerry Research and Intelligence team said in a report shared with The Hacker News. "And once on a user's machine, the threat blends into the digital woodwork by using its own customized profile to hide its network traffic." APT41 (aka Barium or Winnti) is a moniker assigned to a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in conjunction with financially motivated operations for personal gain as far back as 2012. Calling the gro...

Law enforcement agencies have announced the arrest of two "prolific ransomware operators" in Ukraine who allegedly conducted a string of targeted attacks against large industrial entities in Europe and North America since at least April 2020, marking the latest step in combating ransomware incidents. The joint exercise was undertaken on September 28 by officials from the French National Gendarmerie, the Ukrainian National Police, and the U.S. Federal Bureau of Investigation (FBI), alongside participation from the Europol's European Cybercrime Centre and the INTERPOL's Cyber Fusion Centre. "The criminals would deploy malware and steal sensitive data from these companies, before encrypting their files," Europol  said  in a press statement on Monday. "They would then proceed to offer a decryption key in return for a ransom payment of several millions of euros, threatening to leak the stolen data on the dark web should their demands not be met." B...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

A newly discovered data exfiltration mechanism employs Ethernet cables as a "transmitting antenna" to stealthily siphon highly-sensitive data from air-gapped systems, according to the latest research. "It's interesting that the wires that came to protect the air-gap become the vulnerability of the air gap in this attack," Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, told The Hacker News. Dubbed " LANtenna Attack ," the novel technique enables malicious code in air-gapped computers to amass sensitive data and then encode it over radio waves emanating from Ethernet cables just as if they are antennas. The transmitted signals can then be intercepted by a nearby software-defined radio (SDR) receiver wirelessly, the data decoded, and sent to an attacker who is in an adjacent room. "Notably, the malicious code can run in an ordinary user-mode process and successful...

Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe. "These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology (IT), biotech, e-commerce, health, energy, cybersecurity, and transportation industries," Intezer said in a report shared with The Hacker News. Originally launched in June 2015,  Apache Airflow  is an open-source workflow management platform that enables programmatic scheduling and monitoring of workflows on AWS, GCP, Microsoft Azure, and other third-party services. It's also one of the most popular task orchestration tools, followed by Luigi, Kubeflow, and MLflow. It...

A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. Cybersecurity company Positive Technologies dubbed the advanced persistent threat (APT) group ChamelGang — referring to their chameleellonic capabilities, including disguising "its malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google."  "To achieve their goal, the attackers used a trending penetration method—supply chain," the researchers  said  of one of the incidents investigated by the firm. "The group compromised a subsidiary and penetrated the target company's network through it. Trusted relationship attacks are rare today due to the complexity of their execution. Using this method […], the ChamelGang group was able to achieve its goal a...

Security teams at mid-sized organizations are constantly faced with the question of "what does success look like?". At ActZero, their continued data-driven approach to cybersecurity invites them to grapple daily with measuring, evaluating, and validating the work they do on behalf of their customers.  Like most, they initially turned toward the standard metrics used in cybersecurity, built around a "Mean Time to X" (MTTX) formula, where X indicates a specific milestone in the attack lifecycle. In this formula, these milestones include factors like Detect, Alert, Respond, Recover, or even Remediate when necessary. However, as they started to operationalize their unique  AI and machine-learning approach , they realized that "speed" measures weren't giving them a holistic view of the story. More importantly, simply measuring just speed wasn't as applicable in an industry where machine-driven alerts and responses were happening in fractions of secon...