#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

Oct 13, 2022
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run arbitrary commands," Cisco Talos  said  in a report shared with The Hacker News. Written in GoLang, Alchimist is complemented by a beacon implant called Insekt, which comes with remote access features that can be instrumented by the C2 server. The discovery of Alchimist and its assorted family of malware implants comes three months after Talos also detailed another self-contained framework known as  Manjusaka , which has been  touted  as the "Chinese sibling of Sliver and Cobalt Strike." Even more interestingly, both Manjusaka and Alchimist pack in similar functionalities, ...
New Timing Attack Against NPM Registry API Could Expose Private Packages

New Timing Attack Against NPM Registry API Could Expose Private Packages

Oct 13, 2022
A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations'  scoped private packages  and then masquerade public packages, tricking employees and users into downloading them," Aqua Security researcher Yakir Kadkoda  said . The Scoped Confusion attack banks on analyzing the time it takes for the  npm API  (registry.npmjs[.]org) to return an HTTP 404 error message when querying for a private package, and measuring it against the response time for a non-existing module. "It takes on average less time to get a reply for a private package that does not exist compared to a private package that does," Kadkoda explained. The idea, ultimately, is to identify packages internally used by companies, which could then be used by threat actors to...
Does the OWASP Top 10 Still Matter?

Does the OWASP Top 10 Still Matter?

Oct 13, 2022
What is the OWASP Top 10, and – just as important – what is it not? In this review, we look at how you can make this critical risk report work for you and your organisation. What is OWASP? OWASP  is the Open Web Application Security Project, an international non-profit organization dedicated to improving web application security.  It operates on the core principle that all of its materials are freely available and easily accessible online, so that anyone anywhere can improve their own web app security. It offers a number of tools, videos, and forums to help you do this – but their best-known project is the OWASP Top 10. The top 10 risks The  OWASP Top 10  outlines the most critical risks to web application security. Put together by a team of security experts from all over the world, the list is designed to raise awareness of the current security landscape and offer developers and security professionals invaluable insights into the latest and most widespread sec...
cyber security

Master SaaS AI Risk: Your Complete Governance Playbook

websiteReco AIArtificial Intelligence / SaaS Security
95% use AI, but is it secure? Master SaaS AI governance with standards-aligned frameworks.
Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them

Designing Identity for Trust at Scale—With Privacy, AI, and Seamless Logins in Mind

Jul 24, 2025
Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...
Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization

Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization

Oct 13, 2022
An advanced persistent threat (APT) actor known as  Budworm  targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software,  said  in a report shared with The Hacker News. Other "strategically significant" intrusions mounted over the past six months were directed against a government of a Middle Eastern country, a multinational electronics manufacturer, and a hospital in South East Asia. Budworm , also called APT27, Bronze Union, Emissary Panda, Lucky Mouse, and Red Phoenix, is a threat actor that's believed to operate on behalf of China through attacks that leverage a mix of custom and openly available tools to exfiltrate information of interest. "Bronze Union maintains a high degree of operational flexibility in order to adapt to the environments it operates in," Secureworks  notes  in a profil...
Modified WhatsApp App Caught Infecting Android Devices with Malware

Modified WhatsApp App Caught Infecting Android Devices with Malware

Oct 13, 2022
An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "allow the use of a WhatsApp account  without the app ," Kaspersky  said  in a new report. "If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account." YoWhatsApp offers the ability for users to lock chats, send messages to unsaved numbers, and customize the app with a variety of theming options. It's also said to share overlaps with other modded WhatsApp clients such as FMWhatsApp and HeyMods. The Russian cybersecurity company said it found the malicious functionality in YoWhatsApp version 2.22.11.75. Typically spread through fraudulent ads on Snaptube and Vidmate, the app, upon installation, requests the victims to grant it permissions to access SMS messages, enabling the malware to enroll them to paid subscriptions without their...
Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers

Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers

Oct 13, 2022
A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. The intrusions were aimed at organizations in various verticals, such as engineering, information technology, law, communications, branding and marketing, media, insurance, and social services, cybersecurity firm ESET said. Polonium  is the chemical element-themed moniker given by Microsoft to a sophisticated operational group that's believed to be based in Lebanon and is known to exclusively strike Israeli targets. Activities undertaken by the group first came to light earlier this June when the Windows maker disclosed it suspended more than 20 malicious OneDrive accounts created by the adversary for command-and-control (C2) purposes. Core to the attacks has been the use of implants coined CreepyDrive and CreepyBox for their ability to exfiltrate sensitive data to actor-controlled OneDrive ...
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware

Hackers Using Vishing to Trick Victims into Installing Android Banking Malware

Oct 12, 2022
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as the social engineering technique is called, involves calling the victims using previously collected information from the fraudulent websites. The caller, who purports to be a support agent for the bank, instructs the individual on the other end of the call to install a security app and grant it extensive permissions, when, in reality, it's malicious software intended to gain remote access or conduct financial fraud. In this case, it leads to the deployment of an Android malware dubbed  Copybara , a mobile trojan first detected in November 2021 and is primarily used to perform on-devic...
Expert Insights Articles Videos
Cybersecurity Resources
//]]>