Search results for has Amazon.com been hacked | Breaking Cybersecurity News | The Hacker News

Google's primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page. Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar ( domain.tj ) authority has been hacked, that allows the hacker to access domain control panel. Server Kernel:  Linux mx.takemail.com 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST 2004 i686 Iranian hacker ' Mr.XHat' successfully managed to change the DNS records of attack websites and defaced them for about a day. Hacker told ' The Hacker News ' that he used Directory Traversal vulnerability to hack the website and still has the access to the control panel. Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Following the screenshot of compromised Domain Registrar's Control Panel:...

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it's knowing which risks matter most right now. That's what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the Salesloft–Drift breach, where attackers stole OAuth tokens and accessed Salesforce data from some of the biggest names in tech. It's a sharp reminder of how fragile integrations can become the weak link in enterprise defenses. Alongside this, we'll also walk through several high-risk CVEs under active exploitation, the latest moves by advanced threat actors, and fresh insights on making security workflows smarter, not noisier. Each section is designed to give you the essentials—enough to stay informed and prepared, without getting lost in the noise. ⚡ Threat of the Week Salesloft to Take Drift Of...

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large consequences.  For defenders, the lesson is clear: the real danger often comes not from one major flaw, but from how different small flaws interact together. ⚡ Threat of the Week WhatsApp Patches Actively Exploited Flaw — WhatsApp addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 relates to a case of insufficient authorization of linked device synchronization messages. The Meta-owned company ...

Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn't just a matter of firewalls and patches—it's about strategy. The strongest organizations aren't the ones with the most tools, but the ones that see how cyber risks connect to business, trust, and power. This week's stories highlight how technical gaps become real-world pressure points—and why security decisions now matter far beyond IT. ⚡ Threat of the Week Popular Password Managers Affected by Clickjacking — Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions. The technique has been dubbed Document Object Model (DOM)-based extension clickjacking by independent sec...

It's easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn't just patching fast, but watching smarter and staying alert for what you don't expect. Here's a quick look at this week's top threats, new tactics, and security stories shaping the landscape. ⚡ Threat of the Week F5 Exposed to Nation-State Breach — F5 disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. The company said it learned of the incident on August 9, 2025, although it's believed that the attackers were in its network for at least 12 months. The attackers are said to have used a malware family called BRICKSTORM, which is attributed to a China-nexus espionage group dubbed UNC5221. GreyNoise said it observed elevat...

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named  Symoo  (com.vanjan.sms), had over 100,000 downloads and functioned as a relay for transmitting messages to a server, which advertises an account creation service. This is achieved by using the phone numbers associated with the infected devices as a means to gather the one-time password that's typically sent to verify the user when setting up new accounts. "The malware asks the phone number of the user in the first screen," security researcher Maxime Ingrao, who discovered the malware,  said , while also requesting for SMS permissions. "Then it pretends to load the application but remains all the time on this page, it is to hide the interface of the received SMS and that the user does not see the SMS of subscriptions to the va...

Ireland's main opposition party confirms that the personal details of up to 2,000 people have been compromised by the attack Ireland's main opposition party's website has been hacked into by a group which has recently come to prominence for attacks on companies related to the WikiLeaks controversy. Up to 2,000 people's personal details were compromised in the attack by the hackers, known as Anonymous, Fine Gael said. The American internet firm ElectionMall, which reported the cyber attack to US authorities, has informed the party that the FBI is now involved in the investigation. A statement from Fine Gael confirmed that its site, Finegael.com had been compromised by the Anonymous group, which has backed WikiLeaks and its founder Julian Assange against attempts by the United States government to stop the leaking of sensitive American diplomatic cables. Anonymous has launched attacks on the websites of companies such as Visa, Mastercard and Amazon over allegations ...

Social media platform Twitter, earlier today on Wednesday, was on fire after it suffered one of the biggest cyberattacks in its history . A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were breached simultaneously in what's a far-reaching hacking campaign carried out to promote a cryptocurrency scam. The broadly targeted hack posted similar worded messages urging millions of followers to send money to a specific bitcoin wallet address in return for larger payback. "Everyone is asking me to give back, and now is the time," a tweet from Mr Gates' account said. "You send $1,000, I send you back $2,000." Twitter termed the security incident as a "coordinated social engineering attack" against its employees who have access to its internal tools. As of writing, the scammers behind the operation have amassed nearly $120,000 in bitco...

The Hacker News Hacking Awards : Best of Year 2011 2011 has been labeled the " Year of the Hack " or " Epic #Fail 2011 ". Hacking has become much easier over the years, which is why 2011 had a lot of hacking for good and for bad. Hackers are coming up with tools as well as finding new methods for hacking faster then companies can increase their security.  Every year there are always forward advancements in the tools and programs that can be used by the hackers. At the end of year 2011 we decided to give " The Hacker News Awards 2011 ". The Hacker News Awards will be an annual awards ceremony celebrating the achievements and failures of security researchers and the Hacking community. The THN Award is judged by a panel of respected security researchers and Editors at The Hacker News. Year 2011 came to an end following Operation Payback and Antisec, which targeted companies refusing to accept payments to WikiLeak's, such as, Visa and Amazon. Those attacks were carrie...

Here we are with our weekly roundup, showcasing last week's top cyber security threats and challenges. Just in case you missed any of them (ICYMI), THN Weekly Round-Up helps you provide all important stories of last week in one shot. We advise you to read the full story (just click ' Read More ' because there's some valuable advice in it as well). Here's the list: 1. Facebook to Launch Its Own Satellite to Beam Free Internet Facebook has revealed its plans to launch a  $500 Million Satellite  by next year in an effort to provide free or cheap Internet access in the developing countries. The social network giant has teamed up with the French satellite provider  Eutelsat  Communications to  beam free Internet  access to several parts of countries in Sub-Saharan Africa. For detailed information on Facebook's Satellite Project –  Read more … 2. Angler Exploit Kit Campaign Generating $30 Million Took Down Researchers...

From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you're seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving away unintended access to corporate environments. In one of the  highest-profile examples , Pawn Storm's attacks against the Democratic National Convention and others leveraged OAuth to target victims through social engineering.  Security and IT teams would be wise to establish a practice of reviewing new and existing OAuth grants programmatically to catch risky activity or overly-permissive scopes. And, there are new solutions for  SaaS security  cropping up that can make this process easier. Let's take a look at some best practices for prioritizing and investigating your or...

Hacking has always been inherently a young person's game. The first usage of the word "hacker" was to describe pranksters meddling with the phones at MIT. Many hackers have cited boredom, a desire for change, or the thrill of going somewhere one is not supposed to go as their motivation for hacking, all of which could apply to scores of common activities on college campuses. While today's hacking scene is dominated by large hacking groups like Anonymous and Masters of Deception, many of the greatest hacks ever have been pulled off by college, high school, and even middle school kids who rose to infamy armed only with a computer and the willingness to cross the bounds of legality. 1.) Sven Jaschan: In the words of one tech expert , "His name will always be associated with some of the biggest viruses in the history of the Internet." The viruses: the Sasser and NetSky worms that infected millions of computers and have caused millions of dollars of damage since their release in 2004. The...