-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Search results for fluent | Breaking Cybersecurity News | The Hacker News

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions

Nov 24, 2025 Vulnerability / Container Security
Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit , an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects "allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags," Oligo Security said in a report shared with The Hacker News. Successful exploitation of the flaws could enable attackers to disrupt cloud services, manipulate data, and burrow deeper into cloud and Kubernetes infrastructure. The list of identified vulnerabilities is as follows - CVE-2025-12972 - A path traversal vulnerability stemming from the use of unsanitized tag values to generate output filenames, making it possible to write or overwrite arbitrary files on disk, enabling log tampering and remote code execution. CVE-2025-12970 - A stack buffer overflow vulnerability in the Docker Metrics inp...
"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit

May 21, 2024 Cyber Attack / API Security
Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution. The vulnerability, tracked as  CVE-2024-4323 , has been codenamed Linguistic Lumberjack by Tenable Research. It impacts versions from 2.0.7 through 3.0.3, with fixes  available  in  version 3.0.4 . The issue relates to a case of memory corruption in Fluent Bit's built-in HTTP server that could allow for DoS, information leakage, or remote code execution. Specifically, it relates to sending maliciously crafted requests to the  monitoring API  through endpoints such as /api/v1/traces and /api/v1/trace. "Regardless of whether or not any traces are configured, it is still possible for any user with access to this API endpoint to query it," security researcher Jimi Sebree  said . "During the parsing of incomi...
Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

Dec 28, 2023 Cloud Security / Data Protection
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the  Fluent Bit  logging container could combine that access with high privileges required by  Anthos Service Mesh  (on clusters that have enabled it) to escalate privileges in the cluster," the company  said  as part of an advisory released on December 14, 2023. Palo Alto Networks Unit 42, which discovered and reported the shortcoming, said adversaries could weaponize it to carry out "data theft, deploy malicious pods, and disrupt the cluster's operations." There is no evidence that the issue has been exploited in the wild. It has been addressed in the following versions of Google Kubernetes Engine (GKE) and Anthos Service Mesh (ASM) - 1.25.16-gke.1020000 1.26.10-gke.1235000 1.27.7-gke.1293000 1.28.4-gke.1083000 1.17.8-asm.8 ...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Linguistic Analysis Suggests WannaCry Hackers Could be From Southern China

Linguistic Analysis Suggests WannaCry Hackers Could be From Southern China

May 29, 2017
It’s been almost four weeks since the outcry of WannaCry ransomware , but the hackers behind the self-spread ransomware threat have not been identified yet. However, two weeks ago researchers at Google, Kaspersky Lab, Intezer and Symantec linked WannaCry to ‘Lazarus Group,’ a state-sponsored hacking group believed to work for the North Korean government. Now, new research from dark web intelligence firm Flashpoint indicates the perpetrators may be Chinese, based on its own linguistic analysis. Flashpoint researchers Jon Condra and John Costello analyzed each of WannaCry's localized ransom notes, which is available in 28 languages, for content, accuracy, and style, and discovered that all the notes, except English and Chinese versions (Simplified and Traditional), had been translated via Google Translate. According to the research, Chinese and English versions of the ransomware notes were most likely written by a human. On further analysis, researchers discovered that...
ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots

ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots

Aug 27, 2025 Malware / Spyware
A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC). According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration. The hacking group shares toolset and infrastructural overlaps with campaigns undertaken by threat actors dubbed YoroTrooper, SturgeonPhisher, and Silent Lynx. Victims of the group's campaigns span Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan, a majority of which are government organizations, and to a lesser extent, entities in the energy, manufacturing, retail, and transportation sectors. "The operation is run by a bilingual crew – Russian-speaking developers tied to legacy YoroTrooper code and Chinese-speaking operators spearheading intrusions, resulting in a nimble, multi-regional threat profile," researchers Nikita Rostovcev and Sergei Turner ...
Algerian Hacker linked to SpyEye virus extradited to US

Algerian Hacker linked to SpyEye virus extradited to US

May 04, 2013
The Algerian hacker linked with the SpyEye computer virus, designed to steal financial and personal information was extradited by Thailand to the United States to face charges that he hijacked customer accounts at more than 200 banks and financial institutions and have been used to steal more than $100 million in the last five years. A SpyEye allowed cybercriminals to alter the display of Web pages in the victims' browsers as a way to trick them into turning over personal financial information. The virus only impacts PCs and not Macintosh operating systems. A report issued last year by security firms McAfee said that about a dozen cybercrime groups have been using variants of Zeus and SpyEye, which automate the process of transferring money from bank accounts. The stolen funds are transferred to prepaid debit cards or into accounts controlled by money mules, allowing the mules to withdraw the money and wire it to the attackers. Hamza Bendelladj ,...
Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

Feb 28, 2025 Financial Fraud / Cyber Espionage
The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of a previously undocumented implant. Cybersecurity company Kaspersky is tracking the activity under the name Angry Likho, which it said bears a "strong resemblance" to Awaken Likho (aka Core Werewolf, GamaCopy, and PseudoGamaredon). "However, Angry Likho's attacks tend to be targeted, with a more compact infrastructure, a limited range of implants, and a focus on employees of large organizations, including government agencies and their contractors," the Russian company said . It's suspected that the threat actors are likely native Russian speakers given the use of fluent Russian in the bait files used to trigger the infection chain. Last month, cybersecurity company F6 (formerly F.A.C.C.T.) described it as a "pro-Ukrainian cyberspy group." The attackers have been found...
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

Apr 05, 2026 Cryptocurrency / Threat Intelligence
Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 2025. The Solana-based decentralized exchange described it as "an attack six months in the making," attributing it with medium confidence to a North Korean state-sponsored hacking group dubbed UNC4736 , which is also tracked under the cyptonyms AppleJeus, Citrine Sleet, Golden Chollima, and Gleaming Pisces. The threat actor has a history of targeting the cryptocurrency sector for financial theft since at least 2018. It's best known for the X_TRADER/3CX supply chain breach in 2023 and the $53 million hack of decentralized finance (DeFi) platform Radiant Capital in October 2024. "The basis for this connection is both on-chain (f...
Fingerprinting the author of the ZeuS Botnet !

Fingerprinting the author of the ZeuS Botnet !

May 12, 2011
The source code of the ZeuS Botnet is now available for  Download . Derek Jones  (the author this article) imagine there are a few organizations who would like to talk to the author(s) of this code. All developers have coding habits, that is they usually have a particular way of writing each coding construct. Different developers have different sets of habits and sometimes individual developers have a way of writing some language construct that is rarely used by other developers. Are developer habits sufficiently unique that they can be used to identify individuals from their code? I don’t have enough data to answer that question. Reading through the C++ source of ZeuS I spotted a few unusual usage patterns (I don’t know enough about common usage patterns in PHP to say much about this source) which readers might like to look for in code they encounter, perhaps putting name to the author of this code. The source is written in C++ (32.5 KLOC of client source) and...
SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

Feb 06, 2025 Financial Fraud / Cryptocurrency
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets.  The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server, Kaspersky researchers Dmitry Kalinin and Sergey Puzan said in a technical report. The moniker is a reference to an embedded software development kit (SDK) that employs a Java component called Spark that masquerades as an analytics module. It's currently not known whether the infection was a result of a supply chain attack or if it was intentionally introduced by the developers. While this is not the first time Android malware with OCR capabilities has been detected in the wild, it's one of the first instances where such a stealer has been found in Apple's App Store. The inf...
Agentic AI: The Weapon That No Longer Needs a Warrior

Agentic AI: The Weapon That No Longer Needs a Warrior

Jun 23, 2026 Offensive AI / Cybersecurity Training
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man's death a quarter mile beyond his sight, and the aircraft carried that death across oceans. At each turn, the distance between the warrior and the wound grew wider, and yet one thing never moved: a human chose the target, and a human struck the blow. For the entire history of conflict, the cyber realm included, the hand has remained on the weapon. Offensive AI is the moment the weapon learns to aim itself. For three years, artificial intelligence (AI) has been an extension of the pen. It drafted the phishing email, proposed the exploit, sketched the malicious function, and then, like every tool that came before it, handed the work back to a human to carry out. In 2023, I published a whitepaper at the SANS Technology Institute showing how a person of almost no skill could coax a chatbot into producing m...
⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma

⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma

Feb 24, 2025
Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection. Let these stories spark your interest and help you understand the changing threats in our digital world. ⚡ Threat of the Week Lazarus Group Linked to Record-Setting $1.5 Billion Crypto Theft — The North Korean Lazarus Group has been linked to a "sophisticated" attack that led to the theft of over $1.5 billion worth of cryptocurrency from one of Bybit's cold wallets, making it the largest ever single crypto heist in history. Bybit said it detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a planned routine transfer process on February 21, 2025, at around 12:30 p.m. UTC. The incident makes it the biggest-ever cryptocurrency heist reported to date, dwarfing that of Ronin Network ($624 million), Poly N...
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

Dec 01, 2025 Hacking News / Cybersecurity
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and servers are in play. Every story below is a reminder that your “safe” tools might be the real weak spot. ⚡ Threat of the Week Shai-Hulud Returns with More Aggression — The npm registry was targeted a second time by a self-replicating worm that went by the moniker "Sha1-Hulud: The Second Coming," affecting over 800 packages and 27,000 GitHub repositories. Like in the previous iteration, the main objective was to steal sensitive data like API keys, cloud credentials, and npm and GitHub authentication information, and facilitate deeper supply chain compromise in a worm-like fashion. Th...
⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

Feb 23, 2026 Cybersecurity / Hacking
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior and hidden risk keeps getting thinner. Tools meant to protect, update, or improve systems are also becoming pathways when something goes wrong. This recap gathers the signals in one place. Quick reads, real impact, and developments that deserve a closer look before they become next week’s bigger problem. ⚡ Threat of the Week Dell RecoverPoint for VMs Zero-Day Exploited — A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024. The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a ca...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources