The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A sophisticated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, more than 1.5 years after  expanding to Europe . "Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data," Group-IB  said  in a report shared with The Hacker News. The cybersecurity firm called the operators a "well-coordinated and technologically advanced scammer criminal network." Classiscam refers to a  Russia-based cybercrime operation  that was first recorded in summer 2019 but only came under spotlight a year later coinciding with a surge in activity owing to an increase in online shopping in the aftermath of COVID-19 outbreak. Called the  most widely used fraud scheme  during the pandemic, Classiscam targets people who use marketplaces and services relating to property rentals, hotel bookings, online bank transfers, online retail, ride-sharing, ...

Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertaken by a hacking group tracked under the moniker Bitter APT (aka APT-C-08 or T-APT-17) targeting individuals in New Zealand, India, Pakistan, and the U.K. "Bitter used various malicious tactics to target people online with social engineering and infect their devices with malware," Meta  said  in its Quarterly Adversarial Threat Report. "They used a mix of link-shortening services, malicious domains, compromised websites, and third-party hosting providers to distribute their malware." The attacks involved the threat actor creating fictitious personas on the platform, masquerading as attractive young women in a bid to build trust with targets and lure them into cl...

A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original  Mirai source code , but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai," Fortinet FortiGuard Labs  said  in a report. The malware, which gets its name from an embedded URL to a YouTube rap music video in an earlier version, is said to have amassed a growing collection of compromised SSH servers, with over 3,500 unique IP addresses used to scan and brute-force their way into the servers. RapperBot's current implementation also delineates it from Mirai, allowing it to primarily function as an SSH brute-force tool with limited capabilities to carry out distributed denial-of-service (DDoS) attacks. The deviation from traditional Mirai behavior is further ...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. "As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any," the company  said  in an advisory. Twitter said the bug, which it was  made aware  of in January 2022, stemmed from a code change introduced in June 2021. No passwords were exposed as a result of the incident. The six-month delay in making this public stems from new evidence last month that an unidentified actor had potentially taken advantage of the flaw before the fix to scrape user information and sell it for profit on  Breach Forums . Although Twitter didn't reveal the exact number of impacted users, the forum post made by the threat actor shows that the flaw was ...

Slack said it took the step of resetting passwords for about 0.5% of its users after a flaw exposed salted password hashes when creating or revoking shared invitation links for workspaces. "When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members," the enterprise communication and collaboration platform  said  in an alert on 4th August. Hashing refers to a cryptographic technique that transforms any form of data into a fixed-size output (called a hash value or simply hash).  Salting  is designed to add an extra security layer to the hashing process to make it resistant to brute-force attempts. The Salesforce-owned company, which reported more than  12 million daily active users  in September 2019, didn't reveal the exact  hashing algorithm  used to safeguard the passwords. The bug is said to have impacted all users who created or revoked shared invitation links between 17 ...

A threat actor working to further Iranian goals is said to have been behind a set of damaging cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant  said  the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive cyber operations." The  July 17 attacks , according to Albania's National Agency of Information Society, forced the government to "temporarily close access to online public services and other government websites" because of a "synchronized and sophisticated cybercriminal attack from outside Albania." The politically motivated disruptive operation, per Mandiant, entailed the deployment of a new ransomware family called ROADSWEEP that included a ransom note with the text: "Why should our taxes be spent on the benefit of DURRES terrorists?" A front named HomeLand Justice has since claimed responsibility for the cyber offensive, with the group als...

The U.S. Department of Homeland Security (DHS) has warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. If left unpatched, the issues could allow an adversary to issue fraudulent emergency alerts over TV, radio, and cable networks. The August 1 advisory comes courtesy of DHS' Federal Emergency Management Agency (FEMA). CYBIR security researcher Ken Pyle has been credited with discovering the shortcoming. EAS is a U.S. national  public warning system  that enables state authorities to disseminate information within 10 minutes during an emergency. Such alerts can interrupt radio and television to broadcast emergency alert information. Details of the flaw have been kept under wraps to prevent active exploitation by malicious actors, although it's expected to be publicized as a proof-of-concept at the DEF CON conference to be held in Las Vegas next week. "In short, the vulnerability is public knowledge and will be demons...