The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164, has been credited with discovering and reporting the issue. The plugin is "vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter," Wordfence said in a report this week. "This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files." The vulnerability is rooted in a function named "give_process_donation_form()," which is used to vali...

As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise. AWS CloudTrail stands out as an essential tool for tracking and logging API activity, providing a comprehensive record of actions taken within an AWS account. Think of AWS CloudTrail like an audit or event log for all of the API calls made in your AWS account. For security professionals, monitoring these logs is critical, particularly when it comes to detecting potential unauthorized access, such as through stolen API keys. These techniques and many others I've learned through the incidents I've worked in AWS and that we built into SANS FOR509 , Enterprise Cloud Forensics.  1. Unusual API Calls and Access Patterns A. Sudden Spike in API Requests One of the first signs of a potential security breach is ...

Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an attempt to sidestep security protections and steal their banking account credentials. The attacks have targeted the Czech-based Československá obchodní banka (CSOB), as well as the Hungarian OTP Bank and a Georgian Bank, according to Slovak cybersecurity company ESET. "The phishing websites targeting iOS instruct victims to add a Progressive Web Application ( PWA ) to their home-screens, while on Android the PWA is installed after confirming custom pop-ups in the browser," security researcher Jakub Osmani said . "At this point, on both operating systems, these phishing apps are largely indistinguishable from the real banking apps that they mimic." What's notable about this tactic is that users are deceived into installing a PWA, or even WebAPKs in some cases on Android, from a third-party site without having to specificall...

I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn't have asked for a better kickoff panel: three cybersecurity leaders who don't just talk security, they live it. Let me introduce them. Alex Delay , CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead , Director of Cybersecurity at Avidity Biosciences, brings a forward-thinking security perspective that reflects the innovation behind Avidity's targeted RNA therapeutics. Last but not least, Michael Francess , Director of Cybersecurity Advanced Threat at Wyndham Hotels and Resorts, leads the charge in protecting the franchise. Each brought a unique vantage point to a common challenge: applying Continuous Threat Exposure Management (CTEM) to complex production environments. Gartner made waves in 2023 with a bold prediction: organizations that prioritize CTEM will be three times less likely to be breached by 2026. But here's the kicker -...

A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. The origins of the backdoor are presently unknown as are the objectives behind the attack. The initial access vector that likely facilitated the deployment of Msupedge is said to involve the exploitation of a recently disclosed critical flaw impacting PHP ( CVE-2024-4577 , CVSS score: 9.8), which could be used to achieve remote code execution . The backdoor in question is a dynamic-link library (DLL) that's installed in the paths "csidl_drive_fixed\xampp\" and "csidl_system\wbem\." One of the DLLs, wuplog.dll, is launched by the Apache HTTP server (httpd). The parent process for the second ...

In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using the infamous Log4Shell vulnerability as an example, and demonstrates how Application Detection and Response (ADR) technology effectively safeguards against such zero-day threats. View the Contrast ADR white paper The anatomy of a modern application attack: Log4Shell To illustrate the complexity and severity of modern application attacks, let's examine an attack against the infamous Log4Shell vulnerability ( CVE-2021-44228 ) that sent shockwaves through the cybersecurity world in late 2021. This attack is a prime example of attack chaining, leveraging JNDI Injection, Expression Language (EL) Injection and Command Injection. Technology note : The CVE program catalogs, which publicly...

Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster. "An attacker with command execution in a pod running within an affected Azure Kubernetes Services cluster could download the configuration used to provision the cluster node, extract the transport layer security (TLS) bootstrap tokens, and perform a TLS bootstrap attack to read all secrets within the cluster," Google-owned Mandiant said . Clusters using "Azure CNI" for the "Network configuration" and "Azure" for the "Network Policy" have been found to be impacted by the privilege escalation bug. Microsoft has since addressed the issue following responsible disclosure. The attack technique devised by the threat intelligence firm hinges on accessing a little-known component called Azure WireS...

Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the activity under the name TA453, which overlaps with activity tracked by the broader cybersecurity community under the monikers APT42 (Mandiant), Charming Kitten (CrowdStrike), Damselfly (Symantec), Mint Sandstorm (Microsoft), and Yellow Garuda (PwC). "The initial interaction attempted to lure the target to engage with a benign email to build conversation and trust to then subsequently click on a follow-up malicious link," security researchers Joshua Miller, Georgi Mladenov, Andrew Northern, and Greg Lesnewich said in a report shared with The Hacker News. "The attack chain attempted to deliver a new malware toolkit called BlackSmith, which delivered a PowerShell trojan dubbed Anv...

Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies. "Blind Eagle has demonstrated adaptability in shaping the objectives of its cyberattacks and the versatility to switch between purely financially motivated attacks and espionage operations," Kaspersky said in a Monday report. Also referred to as APT-C-36, Blind Eagle is believed to be active since at least 2018. The suspected Spanish-speaking group is known for using spear-phishing lures to distribute various publicly available remote access trojans such as AsyncRAT, BitRAT, Lime RAT, NjRAT, Quasar RAT, and Remcos RAT. Earlier this March, eSentire detailed the adversary's use of a malware loader called Ande Loader to propa...

Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. "A potential issue in NetSuite's SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record types (CRTs)," AppOmni's Aaron Costello said . It's worth emphasizing here that the issue is not a security weakness in the NetSuite product, but rather a customer misconfiguration that can lead to leakage of confidential data. The information exposed includes full addresses and mobile phone numbers of registered customers of the e-commerce sites. The attack scenario detailed by AppOmni exploits CRTs that employ table-level access controls with the "No Permission Required" access type, which grants unauthenticated users access to data by making use of NetSuite's record and search APIs. That sa...