The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical vulnerability ( CVE-2022-31199 ) in the widely used Netwrix Auditor server and its associated agents. This vulnerability enables unauthorized attackers to execute malicious code with the SYSTEM user's privileges, granting them unrestricted access to compromised systems. The TrueBot malware , linked with cybercriminal collectives Silence and FIN11, is deployed to siphon off data and disseminate ransomware, jeopardising the safety of numerous infiltrated networks. The cybercriminals gain their initial foothold by exploiting the cited vulnerability, then proceed to install TrueBot. Once they have breached the networks, they install the FlawedGrace Remote Access Trojan (RAT) to escalate their p...

The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint  said  in a new report. "When given the opportunity, TA453 ported its malware and attempted to launch an Apple flavored infection chain dubbed NokNok. TA453 also employed  multi-persona impersonation  in its unending espionage quest." TA453, also known by the names APT35, Charming Kitten, Mint Sandstorm, and Yellow Garuda, is a threat group linked to Iran's Islamic Revolutionary Guard Corps (IRGC) that has been active since at least 2011. Most recently, Volexity highlighted the adversary's use of an updated version of a Powershell implant called  CharmPower  (aka GhostEcho or POWERSTAR). In the attack sequence discov...

Gcore Radar is a quarterly report prepared by Gcore that provides insights into the current state of the DDoS protection market and cybersecurity trends. This report offers you an understanding of the evolving threat landscape and highlights the measures required to protect against attacks effectively. It serves as an insight for businesses and individuals seeking to stay informed about the latest developments in cybersecurity. As we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks. Here, we present the current state of the DDoS protection market based on Gcore's statistics. Key Highlights from Q1–Q2  The maximum attack power rose from 600 to 800 Gbps. UDP flood attacks were most common and amounted to 52% of total attacks, while SYN flood accounted for 24%. In third place was TCP flood. The most-attacked business sectors are gaming, telecom, and financial. The longest attack duration in the year's first half was sev...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed  StackRot  ( CVE-2023-3269 , CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date. "As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li  said . "However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging." Following  responsible disclosure  on June 15, 2023, it has been  addressed  in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort le...

As technology advances and organizations become more reliant on data, the risks associated with data breaches and cyber-attacks also increase. The introduction of data privacy laws, such as the GDPR, has made it mandatory for organizations to disclose breaches of personal data to those affected. As such, it has become essential for businesses to protect themselves from the financial and reputational costs of cyber incidents. One solution to help organizations protect themselves is cyber insurance, despite the rising costs of cyber insurance, where the average  price in the U.S. rose 79%  in the second quarter of 2022. Also, with strict eligibility requirements that have emerged in response to risk and sharp spikes in successful breaches during and post-COVID-19, cyber insurance remains essential for organizations to protect sensitive customer information and their own data from falling into the wrong hands. While cyber insurance is not a one-size-fits-all solution and may n...

Cybersecurity researchers have unearthed an attack infrastructure that's being used as part of a "potentially massive campaign" against cloud-native environments. "This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy  Tsunami malware , cloud credentials hijack, resource hijack, and further infestation of the worm," cloud security firm Aqua  said . The activity, dubbed  Silentbob  in reference to an AnonDNS domain set up by the attacker, is said to be linked to the infamous cryptojacking group tracked as  TeamTNT , citing overlaps in tactics, techniques, and procedures (TTPs). However, the involvement of an "advanced copycat" hasn't been ruled out. Aqua's investigation was prompted in the aftermath of an attack targeting its honeypot in early June 2023, leading to the discovery of four malicious cont...

A suspected senior member of a French-speaking hacking crew known as OPERA1ER has been arrested as part of an international law enforcement operation codenamed Nervone, Interpol has announced. "The group is believed to have stolen an estimated USD 11 million -- potentially as much as 30 million -- in more than 30 attacks across 15 countries in Africa, Asia, and Latin America," the agency  said . The arrest was made by authorities in Côte d'Ivoire early last month. Additional insight was provided by the U.S. Secret Service's Criminal Investigative Division and Booz Allen Hamilton DarkLabs. The financially motivated collective is also known by the aliases Common Raven, DESKTOP-GROUP, and NX$M$. Its modus operandi was  first exposed  by Group-IB and Orange CERT Coordination Center (Orange-CERT-CC) in November 2022, detailing its intrusions on banks, financial services, and telecom companies between March 2018 and October 2022. Earlier this January, Broadcom's S...

A sophisticated stealer-as-a-ransomware threat dubbed  RedEnergy  has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages. The .NET malware "possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for carrying out ransomware activities," Zscaler researchers Shatak Jain and Gurkirat Singh  said  in a recent analysis. The objective, the researchers noted, is to couple data theft with encryption with the goal of inflicting maximum damage to the victims. The starting point for the multi-stage attack is a  FakeUpdates  (aka SocGholish) campaign that tricks users into downloading JavaScript-based malware under the guise of web browser updates. What makes it novel is the use of reputable LinkedIn pages to target victims, redirecting users clicking on the website ...

Secrets are meant to be hidden or, at the very least, only known to a specific and limited set of individuals (or systems). Otherwise, they aren't really secrets. In personal life, a secret revealed can damage relationships, lead to social stigma, or, at the very least, be embarrassing. In a developer's or application security engineer's professional life, the consequences of exposing secrets can lead to breaches of security, data leaks, and, well, also be embarrassing. And while there are tools available for detecting source code and code repositories, there are few options for identifying secrets in plain text, documents, emails, chat logs, content management systems, and more. What Are Secrets? In the context of applications, secrets are sensitive information such as passwords, API keys, cryptographic keys, and other confidential data that an application needs to function but should not be exposed to unauthorized users. Secrets are typically stored securely and access...