The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January 2025 . "The research discovered that SAP GUI input history is stored insecurely, both in the Java and Windows versions," Pathlock researcher Jonathan Stross said in a report shared with The Hacker News. SAP GUI user history allows users to access previously entered values in input fields with the goal of saving time and reducing errors. This historical information is stored locally on devices. This can include usernames, national IDs, social security numbers (SSNs), bank account numbers, and internal SAP table names. The vulnerabilities identified by Pathlock are rooted in th...

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation "carried out by Iran and its proxies." "The actors gained unauthorized access to phpMyAdmin (backend) and exfiltrated stored records," Resecurity said . "This is an example of Iran using data breaches as part of a larger anti-U.S., anti-Israel, and anti-Saudi propaganda activity in cyberspace, targeting major sports and social events." It's believed that the data is likely pulled from the Saudi Games 2024 official website and then shared on DarkForums , a cybercrime forum that has gained attention in the wake of BreachForums' repeated takedowns. The information was published by a forum user named ZeroDay...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud, and it's a whole new ball game! If you're dealing with logins, data privacy, bringing new users on board, or building digital trust, this webinar is for you . Join us for " Navigating Customer Identity in the AI Era ," where we'll dive into the Auth0 2025 Customer Identity Trends Report . We'll show you what's working, what's not, and how to tweak your strategy for the year ahead. In just one session, you'll get practical answers to real-world challenges like: How AI is changing what users expect – and where they're starting to push ba...

Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company network," SonicWall researcher Sravan Ganachari said . "Users can upload and download files, access network drives, and use other resources as if they were on the local network." The malicious payload delivered via the rogue VPN software has been codenamed SilentRoute by Microsoft, which detected the campaign along with the network security company. SonicWall said the malware-laced NetExtender impersonates the latest version of the software (10.3.2.27) and has been found to be distributed via a fake website that has since been taken down. The installer is digitally signed by CITYLIGHT MEDIA PRIVATE LIMITED." This suggests that the campaign is targeting users searching for NetExten...

Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket , the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript libraries is below - react-plaid-sdk sumsub-node-websdk vite-plugin-next-refresh vite-plugin-purify nextjs-insight vite-plugin-svgn node-loggers react-logs reactbootstraps framer-motion-ext serverlog-dispatch mongo-errorlog next-log-patcher vite-plugin-tools pixel-percent test-topdev-logger-v1 test-topdev-logger-v3 server-log-engine logbin-nodejs vite-loader-svg struct-logger flexible-loggers beautiful-plugins chalk-config jsonpacks jsonspecific jsonsecs util-buffers blur-plugins proc-watch node-orm-mongoose prior-config use-videos lucide-node, and router-parse ...

Microsoft on Tuesday announced that it's extending Windows 10 Extended Security Updates ( ESU ) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant's upcoming October 14, 2025, deadline , when it plans to officially end support and stop providing security updates for devices running Windows 10. The desktop operating system was launched in July 2015. The Windows maker describes ESU as a "last resort option" for customers who need to run legacy Microsoft software that has reached end-of-life (EoL) status. This is meant to be a temporary solution while migrating to a newer supported platform. According to StatCounter data as of May 2025, Windows 10's market share stands at 53.19% globally, making it the most widely used version of Windows. This is followed by Windows 11 at 43%. As part of the new enrollment options announced by Microsoft, individuals can opt-...

The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said every visa application review is a "national security decision." "Effective immediately, all individuals applying for an F, M, or J nonimmigrant visa are requested to adjust the privacy settings on all of their personal social media accounts to 'public' to facilitate vetting necessary to establish their identity and admissibility to the United States," the embassy said in a post on X. Under the new rules, Indian students and others planning to pursue academia or enroll in vocational or exchange programs are mandated to ensure that their social media profiles are set to public before submitting their visa applications. A refusal to set the accounts to "public" could be g...

Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in order to shut down the mining process , Akamai said in a new report published today. "We developed two techniques by leveraging the mining topologies and pool policies that enable us to reduce a cryptominer botnet's effectiveness to the point of completely shutting it down, which forces the attacker to make radical changes to their infrastructure or even abandon the entire campaign," security researcher Maor Dahan said . The techniques, the web infrastructure company said, hinge on exploiting the Stratum mining protocol such that it causes an attacker's mining proxy or wallet to be banned, effectively disrupting the operation. The first of the two approaches, dubbed bad shares, entails banning the mining proxy from the network, which, in turn, results in the shutdow...

Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page - Those that save collected data to a local file accessible over the internet Those that immediately send the collected data to an external server The Russian cybersecurity vendor said the attacks have targeted 65 victims in 26 countries worldwide, and marks a continuation of a campaign that was first documented in May 2024 as targeting entities in Africa and the Middle East. At that time, the company said it had detected no less than 30 victims spanning government agencies, banks, IT companies, and educational institutions, with evidence of the first compromise dating back to 2021. The attack chains involve exploiting known flaws in M...