The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address that, when processed by the underlying operating systems, get automatically converted "to the dotted decimal quad representation to initiate the request from the remote servers," Trend Micro's Threat Analyst, Ian Kenefick,  said  in a report Friday. The infection chains, as with previous Emotet-related attacks, aim to trick users into enabling document macros and automate malware execution. The document uses Excel 4.0 Macros, a feature that has been  repeatedly   abused  by malicious actors to deliver malware. Once enabled, the macro invokes a URL that's obfuscated with carets, with the host incorporating a hexadecimal representation of the IP address — "h...

The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete," the Rust Security Response working group (WG)  said  in an  advisory  published on January 20, 2021. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability. The flaw, which is tracked as  CVE-2022-21658  (CVSS score: 7.3), has been credited to security researcher Hans Kratz, with the team pushing out a fix in  Rust version 1.58.1  shipped last week. Specifically, the issue stems from an improperly implemented check to prevent recursive deletion of symbolic links (aka  symlinks ) in a standard library function named "std::fs::remove_dir...

Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to  NotPetya malware  that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed  WhisperGate , was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, and information technology entities in the nation, attributing the intrusions to an emerging threat cluster codenamed "DEV-0586." "While WhisperGate has some strategic similarities to the notorious NotPetya wiper that attacked Ukranian entities in 2017, including masquerading as ransomware and targeting and destroying the master boot record (MBR) instead of encrypting it, it notably has more components designed to inflict additional damage," Cisco Talos  said  in a report detailing its response efforts. Stating that stolen credentials were likely used i...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021,  according  to cloud-based information security company Zscaler, continuing  previous efforts  by the hacking group to conduct reconnaissance on the target hosts and plunder sensitive information. Molerats , also tracked as TA402, Gaza Hackers Team, and Extreme Jackal, is an advanced persistent threat (APT) group that's largely focused on entities operating in the Middle East. Attack activity associated with the actor has leveraged geopolitical and military themes to entice users to open Microsoft Office attachments and click on malicious links. The latest campaign detailed by Zscaler is no different in that it ma...

In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based company that boasts of no fewer than 360,000 active website installations. "The infected extensions contained a dropper for a web shell that gives the attackers full access to the infected sites," security researchers from JetPack, a WordPress plugin suite developer, said in a  report  published this week. "The same extensions were fine if downloaded or installed directly from the WordPress[.]org directory." The vulnerability has been assigned the identifier  CVE-2021-24867 . Website security platform Sucuri, in a separate analysis,  said  some of the infected websit...

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467 , the issue concerns a case of a  file inclusion vulnerability , which occurs when a web application is tricked into exposing or running arbitrary files on the web server. Control Web Panel, previously CentOS Web Panel, is an open-source Linux control panel software used for deploying web hosting environments. Specifically, the issue arises when two of the unauthenticated PHP pages used in the application — "/user/login.php" and "/user/index.php" — fail to adequately validate a path to a script file, according to Octagon Networks'  Paulos Yibelo , who discovered and reported the flaws. This means that in order to exploit the vulnerability, all an attacker has to do is to alter the  include statement , which is used...

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group ( APT41 ). Kaspersky, which codenamed the rootkit  MoonBounce ,  characterized  the malware as the "most advanced  UEFI  firmware implant discovered in the wild to date," adding "the purpose of the implant is to facilitate the deployment of user-mode malware that stages execution of further payloads downloaded from the internet." Firmware-based rootkits, once a rarity in the threat landscape, are fast becoming lucrative tools among sophisticated actors to help achieve long standing foothold in a manner that's not only hard to detect, but also difficult to remove. The first firmware-level rootkit — dubbed  LoJax  — was discovered in the wild in 2018. Since then, three different instances of UEFI malware have been unearthed so far, including ...