#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

Jan 31, 2025 Mobile Security / Cybercrime
Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with third-party app developers. Furthermore, Google Play Protect, a security feature that's enabled by default on Android devices to flag novel threats, identified 13 million new malicious apps from outside of the official app store. "As a result of partnering closely with developers, over 91% of app installs on the Google Play Store now use the latest protections of Android 13 or newer," Bethel Otuteye and Khawaja Shams from the Android Security and Privacy Team, and Ron Aquino from Google Play Trust and Safety said . In comparison, the company blocked 1.43 million and 2.28 millio...
Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Jan 31, 2025 Vulnerability / Data Security
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs CVE-2025-22219 (CVSS score: 6.8) - A malicious actor with non-administrative privileges may be able to inject a malicious script that may lead to arbitrary operations as admin user via a stored cross-site scripting (XSS) attack CVE-2025-22220 (CVSS score: 4.3) - A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user CVE-2025-22221 (CVSS score: 5.2) ...
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Feb 11, 2025Software Security / Threat Intelligence
Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn't buy a car without knowing its safety features, you shouldn't deploy software without understanding the risks it introduces. The Rising Threat of Supply Chain Attacks Cybercriminals have recognized that instead of attacking an organization head-on, they can infiltrate through the software supply chain—like slipping counterfeit parts into an assembly line. According to the 2024 Sonatype State of the Software Supply Chain report , attackers are infiltrating open-source ecosystems at an alarming rate, with over 512,847 malicious packages detected last year alone—a 156% increase from the previous year. Traditional sec...
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Jan 30, 2025 Artificial Intelligence / Data Security
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat Intelligence Group (GTIG) said in a new report. "At present, they primarily use AI for research, troubleshooting code, and creating and localizing content." Government-backed attackers, otherwise known as Advanced Persistent Threat (APT) groups, have sought to use its tools to bolster multiple phases of the attack cycle, including coding and scripting tasks, payload development, gathering information about potential targets, researching publicly known vulnerabilities, and enabling post-compromise activities, such as defense evasion. Describing Iranian APT actors as the "he...
cyber security

Level Up Your Cyber Skills at SANS 2025

websiteSANS InstituteCyber Security / Training
Master in-demand techniques at our largest training event in 2025. Explore 50+ courses. Train in person to claim your $769 savings!
Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

Jan 30, 2025 Online Fraud / Cybercrime
An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort, which took place between January 28 and 30, 2025, targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by a seizure banner that says they were confiscated as part of Operation Talent that involved authorities from Australia, France, Greece, Italy, Romania, Spain, and the United States, along with Europol. "This website, as well as the information on the customers and victims of the website, has been seized by international law enforcement partners," the message reads. Operational since at 2015 and 2018, both Nulled and Cracked have been used to peddle various hack tools, such as ScrubCrypt, a malware obfuscation engine that has been observed delivering stealer malware in the pas...
Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter

Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter

Jan 30, 2025 Vulnerability / Cloud Security
Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in a report shared with The Hacker News. "This level of access could hypothetically be leveraged for a range of malicious activities, including the extraction of sensitive keys from targeted accounts," researchers Sasi Levi, Alon Tron, and Gal Moyal said. The issue is embedded in a piece of JavaScript code that could facilitate unfettered access to a victim's development environment, as well as run arbitrary commands on an authenticated target in a privileged context. Noma said it found a hidden parameter called "command" in user-specific URLs – e.g., ...
SOC Analysts - Reimagining Their Role Using AI

SOC Analysts - Reimagining Their Role Using AI

Jan 30, 2025 AI Security / SOC Automation
The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents. Studies show that 70% of SOC analysts experience severe stress, and 65% consider leaving their jobs within a year . This makes retention a major challenge for security teams, especially in light of the existing shortage of skilled security analysts . On the operational side, analysts spend more time on repetitive, manual tasks like investigating alerts, and resolving and documenting incidents than they do on proactive security measures. Security teams struggle with configuring and maintaining SOAR playbooks as the cyber landscape rapidly changes. To top this all off, tool overload and siloed ...
DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

Jan 30, 2025 Artificial Intelligence / Data Privacy
Buzzy Chinese artificial intelligence (AI) startup DeepSeek , which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal Nagli said . The exposure also includes more than a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information, such as API Secrets and operational metadata. DeepSeek has since plugged the security hole following attempts by the cloud security firm to contact them. The database, hosted at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000, is said to have enabled unauthorized access to a wide range of information. The exposure, Wiz noted, allowed for complete database control and potential privilege escalati...
Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits

Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits

Jan 30, 2025 Web Security / Vulnerability
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The identified issues, which remain unpatched to date despite responsible disclosure on September 11, 2024, are listed below - CVE-2024-55417 - An arbitrary file write vulnerability in the "/admin/media/upload" endpoint CVE-2024-55416 - A reflected cross-site scripting (XSS) vulnerability in the "/admin/compass" endpoint CVE-2024-55415 - An arbitrary file leak and deletion vulnerability  A malicious attacker could leverage Voyager's media upload feature to upload a malicious file in a manner that bypasses MIME type verification, and make use of a polyglot file that ap...
New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

Jan 30, 2025 Vulnerability / IoT Security
A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor to execute arbitrary commands within the context of the phone. It affects Mitel 6800 Series, 6900 Series, 6900w Series SIP Phones, and Mitel 6970 Conference Unit. It was addressed by Mitel in mid-July 2024. A proof-of-concept (PoC) exploit for the flaw became publicly available in August. Outside of CVE-2024-41710, some of the other vulnerabilities targeted by the botnet include CVE-2018-10561, CVE-2018-10562, CVE-2018-17532, CVE-2022-31137, CVE-2023-26801, and a remote code execution flaw targeting Linksys E-series devices.  "Aquabot is a botnet that was built off the Mirai fram...
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

Jan 29, 2025 Threat Intelligence / Malware
The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard's STRIKE team said in a new report shared with The Hacker News. "This administrative layer was consistent across all the C2 servers analyzed, even as the attackers varied their payloads and obfuscation techniques to evade detection." The hidden framework has been described as a comprehensive system and a hub that allows attackers to organize and manage exfiltrated data, maintain oversight of their compromised hosts, and handle payload delivery. The web-based admin panel has been identified in connection with a supply chain attack campaign dubbed Operation ...
AI in Cybersecurity: What's Effective and What’s Not – Insights from 200 Experts

AI in Cybersecurity: What's Effective and What's Not – Insights from 200 Experts

Jan 29, 2025 Threat Detection / Artificial Intelligence
Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus , a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing survey of 200 industry insiders. This isn't your average tech talk; it's a down-to-earth, insightful discussion about what AI is actually doing for us today. Why Tune In? Get the Inside Scoop: How are real-world security teams using AI right now? Learn about the genuine perks and the real snags, from data hiccups to transparency troubles. Boost Your Cyber Defenses: Discover which cybersecurity corners AI is revolutionizing the most. It's about pinpointing where AI can really beef up your security measures. Walk Away With a Game Plan: This isn't just about high-level idea...
Expert Insights / Articles Videos
Cybersecurity Resources