The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection. "A malicious user with network access may be able to use specially crafted SQL queries to gain database access," the company said in an advisory issued Tuesday. Security researchers Daniel Kukuczka and Mateusz Darda have been acknowledged for discovering and reporting the vulnerability. It affects the following version of the software - VMware Avi Load Balancer 30.1.1 (Fixed in 30.1.2-2p2) VMware Avi Load Balancer 30.1.2 (Fixed in 30.1.2-2p2) VMware Avi Load Balancer 30.2.1 (Fixed in 30.2.1-2p5) VMware Avi Load Balancer 30.2.2 (Fixed in 30.2.2-2p2) Broadcom further noted that versions 22.x and 21.x are not susceptible to CVE-2025-22217, and that users running version 30.1.1 must...

Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. "Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alert published Tuesday. The vulnerability in question is CVE-2024-40891, a critical command injection vulnerability that has neither been publicly disclosed nor patched. The existence of the bug was first reported by VulnCheck in July 2024. Statistics gathered by the threat intelligence firm show that attack attempts have originated from dozens of IP addresses , with a majority of them located in Taiwan. According to Censys, there are more than 1,500 vulnerable devices online. "CVE-2024-40891 is very similar to CVE-2024-40890, with the main difference being that the former is Teln...

A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla , Snake Keylogger , and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter . TorNet is so named owing to the fact that it allows the threat actor to communicate with the victim machine over the TOR anonymity network. "The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence," Cisco Talos researcher Chetan Raghuprasad said in an analysis published today. "The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions." The starting point of the attac...

Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw, attackers can gain unauthorized access to any user's account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – including booking hotels and car rentals using the victim's airline loyalty points, canceling or editing booking information, and more," API security firm Salt Labs said in a report shared with The Hacker News. Successful exploitation of the vulnerability could have put millions of online airline users at risk, it added. The name of the company was not disclosed, but it said the service is integrated into "dozens of commercial airline online services" and enables users to add hotel bookings to their airline itinerary. The shortcoming, in a nutshell, can be weaponized trivially by sending a...

Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses. Security operations teams are under constant pressure to manage the relentless flow of security alerts from an expanding array of tools. Every alert carries the risk of serious consequences if ignored, yet the majority are false positives. This flood of alerts bogs down teams in a cycle of tedious, repetitive tasks, consuming valuable time and resources. The result? Overstretched teams are struggling to balance reactive alert "whack-a-mole" chasing with proactive threat hunting and other strategic security initiatives.  Core challenges High alert volumes: Security operations teams receive hundreds t...

Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. "ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia researchers Aaron (Zhongyuan) Hau and Ren Jie Yow said in a report published last week. "Threat actors use these platforms by adopting 'living-off-the-land' techniques and using native tools like SSH to establish a SOCKS tunnel between their C2 servers and the compromised environment." In doing so, the idea is to blend into legitimate traffic and establish long-term persistence on the compromised network with little-to-no detection by security controls. The cybersecurity company said in many of its incident response engagements, ESXi systems were compromised eit...

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them from being completely exposed in the event of a data breach – and never stored in plaintext. This article examines how today's cyber attackers attempt to crack hashed passwords, explores common hashing algorithms and their limitations, and discusses measures you can take to protect your hashed passwords, regardless of which algorithm you are using. Modern password cracking techniques Malicious actors have an array of tools and methods at their disposal for cracking hashed passwords. Some of the more widely used methods include brute force attacks, password dictionary attacks, hybrid attacks...

DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it's restricting registrations on the service, citing malicious attacks. "Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page. "Existing users can log in as usual. Thanks for your understanding and support." Users attempting to sign up for an account are being displayed a similar message, stating "registration may be busy" and that they should wait and try again. "With the popularity of DeepSeek growing, it's not a big surprise that they are being targeted by malicious web traffic," Erich Kron, security awareness advocate at KnowBe4, said in a statement shared with The Hacker News. "These sorts of attacks could be a way to extort an organization by promising to stop attacks and rest...

The Council of the European Union has sanctioned three individuals for allegedly carrying out "malicious cyber activities" against Estonia. The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said. Per the council decision, all the individuals are said to be responsible for cyber attacks against computer systems with the aim of collecting data from the data systems of multiple institutions with an aim to gain insights into the cyber security policy of Estonia. "The cyber-attacks granted attackers unauthorized access to classified information and sensitive data stored within several government ministries — including Economic Affairs and Communications, Social Affairs, and Foreign Affairs — leading to the theft of thousands of confidential documents," per the Council . This included business secrets, h...