1. Home
  2. Discover
  3. Technology
  4. The Hacker News

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

The Hacker News Daily Updates
Newsletter
cover

Developer-First Security Tools Buyers Guide

Cloud computing environments are increasingly de!ned and controlled by infrastructure-as-code (i.e. Terraform), containers and Kubernetes.

Download Now Sponsored
LATEST NEWS Dec 15, 2022

Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities

A Chinese-speaking advanced persistent threat (APT) actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments. The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and a hitherto unseen credential ...

Read More
Twitter Facebook LinkedIn

Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'

Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was previously described as an information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. ...

Read More
Twitter Facebook LinkedIn

Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps. MoneyMonger "takes advantage of Flutter's framework ...

Read More
Twitter Facebook LinkedIn

Top 5 Web App Vulnerabilities and How to Find Them

Web applications, often in the form of Software as a Service (SaaS), are now the cornerstone for businesses all over the world. SaaS solutions have revolutionized the way they operate and deliver services, and are essential tools in nearly every industry, from finance and banking to healthcare and education.  Most startup CTOs have an excellent understanding of how to build highly ...

Read More
Twitter Facebook LinkedIn

Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages

NuGet, PyPi, and npm ecosystems are the target of a new campaign that has resulted in over 144,000 packages being published by unknown threat actors. "The packages were part of a new attack vector, with attackers spamming the open-source ecosystem with packages containing links to phishing campaigns," researchers from Checkmarx and Illustria said in a report published Wednesday. Of ...

Read More
Twitter Facebook LinkedIn

FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 48 domains that offered services to conduct distributed denial-of-service (DDoS) attacks on behalf of other threat actors, effectively lowering the barrier to entry for malicious activity. It also charged six suspects – Jeremiah Sam Evans Miller (23), Angel Manuel Colon Jr. (37), Shamar Shattock (19), Cory Anthony ...

Read More
Twitter Facebook LinkedIn

Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems

Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate HTML script tags. HTML smuggling is a technique that relies on using legitimate features ...

Read More
Twitter Facebook LinkedIn

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 server," Fortinet FortiGuard Labs researchers ...

Read More
Twitter Facebook LinkedIn
cover

Developer-First Security Tools Buyers Guide

Cloud computing environments are increasingly de!ned and controlled by infrastructure-as-code (i.e. Terraform), containers and Kubernetes.

Download Now Sponsored

This email was sent to you. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here.

Contact The Hacker News: info@thehackernews.com
Unsubscribe

The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

Older messages

Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability

Tuesday, December 13, 2022

The Hacker News Daily Updates Newsletter cover The 5 Dimensions of Data Maturity Webinar Download Now Sponsored LATEST NEWS Dec 13, 2022 Serious Attacks Could Have Been Staged Through This Amazon ECR

Royal Ransomware Threat Takes Aim at U.S. Healthcare System

Monday, December 12, 2022

The Hacker News Daily Updates Newsletter cover The 5 Dimensions of Data Maturity Webinar Download Now Sponsored LATEST NEWS Dec 12, 2022 Top 4 SaaS Security Threats for 2023 With 2022 coming to a close

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

Saturday, December 10, 2022

The Hacker News Daily Updates Newsletter cover The 5 Dimensions of Data Maturity Webinar Download Now Sponsored LATEST NEWS Dec 10, 2022 Hack-for-Hire Group Targets Travel and Financial Entities with

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

Friday, December 9, 2022

The Hacker News Daily Updates Newsletter cover Why Altair Advisers Chose GlobalMeet Webcast for their virtual event needs In this guide, you will learn about why private wealth management company

Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections

Thursday, December 8, 2022

The Hacker News Daily Updates Newsletter cover Natively launch, run and scale apps on AWS with ease Easily extend to the cloud, migrate apps, eliminate management overhead and enjoy NetApp's

You Might Also Like

Youre Overthinking It

Wednesday, January 15, 2025

Top Tech Content sent at Noon! Boost Your Article on HackerNoon for $159.99! Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, January 15, 2025? The

eBook: Software Supply Chain Security for Dummies

Wednesday, January 15, 2025

Free access to this go-to-guide for invaluable insights and practical advice to secure your software supply chain. The Hacker News Software Supply Chain Security for Dummies There is no longer doubt

The 5 biggest AI prompting mistakes

Wednesday, January 15, 2025

✨ Better Pixel photos; How to quit Meta; The next TikTok? -- ZDNET ZDNET Tech Today - US January 15, 2025 ai-prompting-mistakes The five biggest mistakes people make when prompting an AI Ready to

An interactive tour of Go 1.24

Wednesday, January 15, 2025

Plus generating random art, sending emails, and a variety of gopher images you can use. | #​538 — January 15, 2025 Unsub | Web Version Together with Posthog Go Weekly An Interactive Tour of Go 1.24 — A

Spyglass Dispatch: Bromo Sapiens

Wednesday, January 15, 2025

Masculine Startups • The Fall of Xbox • Meta's Misinformation Off Switch • TikTok's Switch Off The Spyglass Dispatch is a newsletter sent on weekdays featuring links and commentary on timely

The $1.9M client

Wednesday, January 15, 2025

Money matters, but this invisible currency matters more. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

⚙️ Federal data centers

Wednesday, January 15, 2025

Plus: Britain's AI roadmap ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Post from Syncfusion Blogs on 01/15/2025

Wednesday, January 15, 2025

New blogs from Syncfusion Introducing the New .NET MAUI Bottom Sheet Control By Naveenkumar Sanjeevirayan This blog explains the features of the Bottom Sheet control introduced in the Syncfusion .NET

The Sequence Engineering #469: Llama.cpp is The Framework for High Performce LLM Inference

Wednesday, January 15, 2025

One of the most popular inference framework for LLM apps that care about performance. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

Wednesday, January 15, 2025

THN Daily Updates Newsletter cover The Kubernetes Book: Navigate the world of Kubernetes with expertise , Second Edition ($39.99 Value) FREE for a Limited Time Containers transformed how we package and