Search results for cracked (cracked) latest | Breaking Cybersecurity News | The Hacker News

Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly," Fortinet FortiGuard Labs researcher Cara Lin  said  in a Monday analysis. This is not the first time pirated software videos on YouTube have emerged as an effective bait for stealer malware. At least since early 2023, similar attack chains have been observed delivering several kinds of stealers, clippers, and crypto miner malware. In doing so, threat actors can leverage the compromised machines for not only information and cryptocurrency theft, but also abuse the resources for illicit mining. In the latest attack sequence documented by Fortinet, users searching for cracked ver...

A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," Cybereason security researcher Ralph Villanueva  said . The new variant has been codenamed Xaro by the American cybersecurity firm. DJVU, in itself, is a  variant of the STOP ransomware , typically arrives on the scene masquerading as legitimate services or applications. It's also delivered as a payload of  SmokeLoader . A significant aspect of DJVU attacks is the deployment of additional malware, such as information stealers (e.g., RedLine Stealer and Vidar), making them more damaging in nature. In the latest attack chain documented by Cybereason, Xaro is propagated as an archive file from a...

Threat hunters have unmasked the latest tricks adopted by a malware strain called  GuLoader  in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs researcher Daniel Stepanic  said  in a report published this week. First spotted in late 2019, GuLoader (aka CloudEyE) is an advanced shellcode-based malware downloader that's used to distribute a wide range of payloads, such as information stealers, while incorporating a bevy of sophisticated anti-analysis techniques to dodge traditional security solutions. A  steady stream  of  open-source reporting  into the malware in recent months has revealed the threat actors behind it have continued to improve its ability to bypass existing or new security features alongside oth...

Chinese hackers not only attacked key federal departments: they also cracked into the computer system of the House of Commons, targeting MPs with large ethnic Chinese constituencies, CTV News has learned. Sources say Canada's secret cyber spy agency -- the Communications Security Establishment -- tracked the hacking operation to the Chinese embassy in Ottawa and to computer servers in Beijing. Toronto MP Derek Lee said Canada needs to show it's capable of fighting back. "It's unacceptable and I think we should hold out some threat -- a counter-strike threat," he said. But Canada might be falling behind when it comes to defending -- and retaliating -- against such attacks. Britain spends $1 billion on cyber security and the United States $55 billion, while Canada has a budget of $90 million. Meanwhile, security experts say the Chinese hackers who have targeted Canadian government computers are just the latest in a wave of cyberspace spies, and Ottawa needs to bols...

If you use Slack, a popular cloud-based team collaboration server, and recently received an email from the company about a security incident, don't panic and read this article before taking any action. Slack has been sending a "password reset" notification email to all those users who had not yet changed passwords for their Slack accounts since 2015 when the company suffered a massive data breach. For those unaware, in 2015, hackers unauthorisedly gained access to one of the company's databases that stored user profile information, including their usernames, email addresses, and hashed passwords. At that time, attackers also secretly inserted code, probably on the login page, which allowed them to capture plaintext passwords entered by some Slack users during that time. However, immediately following the security incident, the company automatically reset passwords for those small number of Slack users whose plaintext passwords were exposed, but asked other aff...

Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets , including the agency's ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems. It dubbed the first release as Vault 7 . Vault 7 is just the first part of leak series " Year Zero " that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA). According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on. One leaked document suggested that the CIA was even looking for tools to remotely control smart cars and trucks, allowing the agency to cause "accidents" which would effectively be "nearly undetectable assas...

As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren't from cutting-edge exploits, but from cracked credentials and compromised accounts . Despite widespread awareness of this threat vector, Picus Security's Blue Report 2025 shows that organizations continue to struggle with preventing password cracking attacks and detecting the malicious use of compromised accounts . With the first half of 2025 behind us, compromised valid accounts remain the most underprevented attack vector , highlighting the urgent need for a proactive approach focused on the threats that are evading organizations' defenses. A Wake-Up Call: The Alarming Rise in Password Cracking Success The Picus Blue Report is an annual research publication that analyzes how well organizations are preventing and detecting real-world cyber threats. Unlike traditional reports that focus solely on threat t...

A PHP version of an information-stealing malware called  Ducktail  has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions (.NetCore), the latest version (PHP) also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information, etc.," Zscaler ThreatLabz researchers Tarun Dewan and Stuti Chaturvedi  said . Ducktail, which emerged on the threat landscape in late 2021, is attributed to an unnamed Vietnamese threat actor, with the malware primarily designed to hijack Facebook business and advertising accounts. The financially motivated cybercriminal operation was  first documented  by Finnish cybersecurity company WithSecure (formerly F-Secure) in late July 2022. While previous versions of the malware were found to use Telegram as a command-and-control (C2) channel to exfiltrate informatio...

We are once again here with our weekly round up based on last week's top cyber security threats and challenges. I recommend you to read the entire thing ( just click ' Read More ' because there's some valuable advice in there as well ). Here's the list: 1. Reminder! If You have not yet, Turn Off Windows 10 Keylogger Now Microsoft is very powerful in tracking every single word you type or say to its digital assistant Cortana using its newest Windows 10 operating system. The keylogger that Microsoft put in the  Technical Preview of Windows 10  last fall made its way to  Windows 10 Free  public release first rolled out back in July. Besides various  Windows 10 privacy issues , there is a software component that is a bit more complicated than you thought. It tracks your inputs using: Keyboard Voice Screen Mouse Stylus Information about your Calendar and Contacts If this keylogger, which is more than just a keylogger, makes yo...

Two Argentina-based cyber security experts -   Chris Russo  and Fernando Viacanel , who claimed to have cracked the security code of IT systems involved in the discovery of 'God Particle', today conducted training sessions for Indian government officials. Both the hackers are partners of IT security firm E2 Labs and their company in arrangement with industry chamber Assocham has plans to conduct series of technology exchange programmes on cyber security. Russo said that three times he has been able to find vulnerability in IT system of European Organisation for Nuclear Research (CERN) that has been involved in discovery of 'God Particle' or Higgs Boson. Programme was attended by officials from Cabinet secretariat, National Technical Research Organisation, Airforce, C-DAC, Income Tax Department, Assam's AMTRON along with representatives from private sector entities, Aircel and Cisco. "Talents required to be cyber security experts are mostly available in peo...

From GPS system to satellite radio to wireless locks, today vehicles are more connected to networks than ever, and so they are more hackable than ever. It is not new for security researchers to hack connected cars . Latest in the series of hackable connected cars is the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV). A security expert has discovered vulnerabilities in the Mitsubishi Outlander's Wi-Fi console that could allow hackers to access the vehicle remotely and turn off car alarms before potentially stealing it. The company has embedded the WiFi module inside the car so that its users can connect with their Mitsubishi mobile app to this WiFi and send commands to the car. Researchers from security penetration testing firm Pen Test Partners discovered that the Mitsubishi Outlander uses a weak WiFi access security key to communicates with the driver's phone. The key to getting into the Wi-Fi can be cracked through a brute force attack (" on a 4 x GPU c...

If you've ever been tempted to download a 'hack' for your favorite game to accelerate your progress, or to download a pirated copy of the latest title through a torrent or file-sharing site, watch out ! Anti-virus company AVG has today warns that over 90% of hacked or cracked games downloaded via torrent or file-sharing sites are infected with malware or malicious code. It claimed that a lot of these hacks didn't just contain malware, but were simply malware programs in disguise. " Even if we assume that just 0.1% of the gamer playing the top five titles go looking for a hack - a highly conservative estimate - that means 330,000 people are potentially at risk of falling victim to game hack malware, " said AVG. The prevalence of cracked games, key generators, patches, cheats and more indicates that this is a highly organised, crime based, initiative. " This could lead to the loss of any legitimate, paid-for gaming assets, as well as sensitive p...