Search results for exploited de\ | Breaking Cybersecurity News | The Hacker News

A critical vulnerability in Tor — an encrypted anonymizing network considered to be one of the most privacy oriented service, which is used by online users in order to hide their activities from law enforcement, government censors and others — was probably being used to de-anonymize the identity of Tor users, Tor project warned on Wednesday. 115 MALICIOUS ToR RELAYS WERE DE-ANONYMIZING USERS According to a security advisory , Tor Team has found a group of 115 malicious fast non-exit relays (6.4% of whole Tor network), those were actively monitoring the relays on both ends of a Tor circuit in an effort to de-anonymize users. " While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected, " Tor said. When you use Tor anonymizing network, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit rela...

Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren't. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something's wrong. This week's stories aren't just about what was attacked—but how easily it happened. If we're only looking for the obvious signs, what are we missing right in front of us? Here's a look at the tactics and mistakes that show how much can go unnoticed. ⚡ Threat of the Week Apple Zero-Click Flaw in Messages Exploited to Deliver Paragon Spyware — Apple disclosed that a security flaw in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, CVE-2025-43200, was addressed by the company in February as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. The Citizen Lab said it u...

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324 , an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign include natural gas distribution networks, water and integrated waste management utilities in the United Kingdom, medical device manufacturing plants oil and gas exploration and production companies in the United States, and government ministries in Saudi Arabia that are responsible for investment strategy and financial regulation. The findings are based on a publicly exposed directory uncovered on attacker-controlled infrastructure ("15.204.56[.]106") that contained event logs capturing the activities across multiple compromised systems. The Dutch cybersecurity company h...

A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior Barros De Oliveira , 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers and four counts of threatening communications, the U.S. Department of Justice (DoJ) said in an unsealed indictment earlier this week. The said victim, a Brazilian subsidiary of a New Jersey-based company, had its computers breached by the defendant, who then exploited the access to steal confidential customer information from about 300,000 customers on at least three occasions. De Oliveira is alleged to have subsequently sent the chief executive officer (CEO) of the company an email message in September 2020 using an alias, demanding a payment of 300 bitcoin (valued at about $3.2 million at the time) in return for not selling the data. A month later, the de...

Cybersecurity researchers have discovered 18  malicious loan apps  for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and financial information to blackmail them, and in the end gain their funds," ESET  said . The Slovak cybersecurity company is tracking these apps under the name  SpyLoan , noting they are designed to target potential borrowers located in Southeast Asia, Africa, and Latin America. The list of apps, which have now been taken down by Google, is below - AA Kredit: इंस्टेंट लोन ऐप (com.aa.kredit.android) Amor Cash: Préstamos Sin Buró (com.amorcash.credito.prestamo) Oro Préstamo - Efectivo rápido (com.app.lo.go) Cashwow (com.cashwow.cow.eg) CrediBus Préstamos de crédito (com.dinero.prof...

Hackers are actively exploiting a zero-day vulnerability in Firefox to unmask Tor Browser users, similar to what the FBI exploited during an investigation of a child pornography site. Tor (The Onion Router) is an anonymity software that not only provides a safe heaven to human rights activists, journalists, government officials, but also is a place where drugs, assassins for hire, child pornography, and other illegal activities has allegedly been traded. A Javascript zero-day exploit currently being actively exploited in the wild is designed to remotely execute malicious code on the Windows operating system via memory corruption flaw in Firefox web browser. The exploit code was publicly published by an admin of the SIGAINT privacy-oriented public email service on the Tor-Talk mailing list. The mailing list message reveals that the zero-day exploit affecting Firefox is currently being exploited against Tor Browser users by unknown attackers to leak the potentially identifyi...

The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone's identity, actually lie in the I2P software that's bundled with the Operating System. Exodus Intelligence has released some details and a video evidence that demonstrate an exploit against the found vulnerability unmasking an anonymous user of the Tails operating system. The researchers at Exodus claims they can use the vulnerability to upload malicious code to a system running Tails, execute the payload remotely, and de-anonymize the targeted users' public IP address as well. Tails is a security-focused Debian-based Linux distribution and a suite of applications that can be carried on a USB stick, an SD card or a DVD. It keeps users' communications private by running all connectivity through Tor , the network that routes traffic through ...

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION by Midnight Blue, the zero-day flaw was demonstrated at the Pwn2Own Ireland 2024 hacking contest by security researcher Rick de Jager. RISK:STATION is an "unauthenticated zero-click vulnerability allowing attackers to obtain root-level code execution on the popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices," the Dutch company said . The zero-click nature of the vulnerability means it does not require any user interaction to trigger the exploitation, thereby allowing attackers to gain access to the devices to steal sensitive data and plant additional malware. The flaw impacts the following versions - BeePhotos for BeeStation OS 1.0 (Upgrade to 1.0.2-10026 or above) BeePhotos for BeeStation OS 1.1 (Upgr...

The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming following a successful phishing attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere  said  in a technical write-up. APT29, a Russian espionage group also called Cozy Bear, Iron Hemlock, and The Dukes, is  known  for its intrusions aimed at collecting intelligence that align with the country's strategic objectives. It's believed to be sponsored by the Foreign Intelligence Service (SVR). Some of the adversarial collective's cyber activities are tracked publicly under the moniker  Nobelium , a threat cluster responsible for the widespread supply chain compromise through SolarWinds software in December 2020. The Google-owned threat intelligence and inciden...

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave . Dubbed CacheOut a.k.a. L1 Data Eviction Sampling ( L1DES ) and assigned CVE-2020-0549 , the new microarchitectural attack allows an attacker to choose which data to leak from the CPU's L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available. According to a team of academic researchers, the newly-discovered speculative execution attacks can leak information across multiple security boundaries, including those between hyper-threads, virtual machines, and processes, and between user space and the operating system kernel, and from SGX enclaves. ...

A new vulnerability has been disclosed in iOS Camera App that could be exploited to redirect users to a malicious website without their knowledge. The vulnerability affects Apple's latest iOS 11 mobile operating system for iPhone, iPad, and iPod touch devices and resides in the built-in QR code reader. With iOS 11, Apple introduced a new feature that gives users ability to automatically read QR codes using their iPhone's native camera app without requiring any third-party QR code reader app. You need to open the Camera app on your iPhone or iPad and point the device at a QR code. If the code contains any URL, it will give you a notification with the link address, asking you to tap to visit it in Safari browser. However, be careful — you may not be visiting the URL displayed to you, security researcher Roman Mueller discovered . According to Mueller, the URL parser of built-in QR code reader for iOS camera app fails to detect the hostname in the URL, which allows at...

Update: A hacker yesterday claimed to have hacked the FBI's website running on Plone CMS, but it seems it wasn't hacked using any zero-day vulnerability in Plone. We contacted Plone security team and updated this story (see below) with official statements. A hacker, using Twitter handle CyberZeist , has claimed to have hacked the FBI's website (fbi.gov) and leaked personal account information of several FBI agents publically. CyberZeist had initially exposed the flaw on 22 December, giving the FBI time to patch the vulnerability in its website's code before making the data public. The hacker exploited a zero-day vulnerability in the Plone CMS , an Open Source Content Management software used by FBI to host its website, and leaked personal data of 155 FBI officials to Pastebin , including their names, passwords, and email accounts. CyberZeist tweeted multiple screenshots as proof of his claims, showing his unauthorized access to server and database files usi...

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561 (CVSS score: 9.3), impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code," the project maintainers said in an advisory released last week. "Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue." Apache Avro, analogous to Google's Protocol Buffers ( protobuf ), is an open-source project that provides a language-neutral data serialization framework for large-scale data processing. The Avro team notes that the vulnerability affects any application if it allows users to provide their own Avro schemas for parsing. Kostya Kortchinsky from the Databricks security team has been cr...

Mozilla has filed a brief with a U.S. District Court asking the FBI to disclose the potential vulnerabilities in its Firefox browser that the agency exploited to unmask TOR users in a criminal investigation. Last year, the FBI used a zero-day flaw to hack TOR browser and de-anonymize users visiting child sex websites. Now, Mozilla is requesting the government to ask the FBI about the details of the hack so that it can ensure the security of its Firefox browser. TOR is an anonymity software that provides a safe haven to human rights activists, government, journalists but also is a place where drugs, child pornography, assassins for hire and other illegal activities has allegedly been traded. TOR Browser Bundle is basically an Internet browser based on Mozilla Firefox configured to protect the user's anonymity via Tor and Vidalia. In 2015, the FBI seized computer servers running the world's largest dark web child pornography site 'Playpen' from a web host in Lenoir, No...

Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10 , the anonymous hacker going by online alias "SandboxEscaper" has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft's Windows Error Reporting service and Internet Explorer 11. Just yesterday, while releasing a Windows 10 zero-day exploit for a local privilege escalation bug in Task Scheduler utility, SandboxEscaper claimed to have discovered four more zero-day bugs, exploits for two has now been publicly released. AngryPolarBearBug2 Windows Bug One of the latest Microsoft zero-day vulnerabilities resides in the Windows Error Reporting service that can be exploited using a discretionary access control list (DACL) operation—a mechanism that identifies users and groups that are assigned or denied access permissions to a securable object. Upon successful exploitation, an attacker can del...

North Korea's own homegrown computer operating system, that's supposed to be fully hacker proof and more secure than foreign OS, like Microsoft's Windows, can easily be hacked remotely. A group of hackers managed to break into Red Star OS — North Korea's government sanctioned Linux-based OS — using just a link. Red Star OS is North Korea's own homegrown OS that looks remarkably just like Apple's OS X and gives North Korean authorities more control over the computers, providing not only security but also spying tools that help track files in a way that if the government wants, every bit of user's data can be traced easily. According to the information security company Hacker House , Red Star OS contains a critical vulnerability that makes it possible for hackers to gain remote access to any PC running North Korea's OS just by tricking victims into opening a hyperlink. The latest version of Red Star OS ships with a Firefox-based web browser cal...

VMware has patched five security flaws affecting its  Workspace ONE Assist  solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring system. CVE-2022-31685 is an authentication bypass flaw that could be abused by an attacker with network access to VMware Workspace ONE Assist to obtain administrative access without the need to authenticate to the application. CVE-2022-31686 has been described by the virtualization services provider as a "broken authentication method" vulnerability, and CVE-2022-31687 as a "Broken Access Control" flaw. "A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application," VMware  said  in an advisory for CVE-2022-31686 and CVE-202...

A  new State of SaaS Security Posture Management Report  from SaaS cybersecurity provider  AppOmni  indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at companies between 500-2,500+ employees were surveyed and responded with confidence in their SaaS cybersecurity preparedness and capabilities. For example: When asked to rate the SaaS cybersecurity maturity level of their organizations, 71% noted that their organizations' SaaS cybersecurity maturity has achieved either a mid-high level (43%) or the highest level (28%). For the security levels of the SaaS applications authorized for use in their organization, sentiment was similarly high. Seventy-three percent rated SaaS application security as mid-high (41%) or the highe...