1. Home
  2. Discover
  3. Technology
  4. The Hacker News

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

The Hacker News Daily Updates
Newsletter
cover

Developer-First Security Tools Buyers Guide

Cloud computing environments are increasingly de!ned and controlled by infrastructure-as-code (i.e. Terraform), containers and Kubernetes.

Download Now Sponsored
LATEST NEWS Dec 15, 2022

Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities

A Chinese-speaking advanced persistent threat (APT) actor codenamed MirrorFace has been attributed to a spear-phishing campaign targeting Japanese political establishments. The activity, dubbed Operation LiberalFace by ESET, specifically focused on members of an unnamed political party in the nation with the goal of delivering an implant called LODEINFO and a hitherto unseen credential ...

Read More
Twitter Facebook LinkedIn

Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'

Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was previously described as an information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. ...

Read More
Twitter Facebook LinkedIn

Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps. MoneyMonger "takes advantage of Flutter's framework ...

Read More
Twitter Facebook LinkedIn

Top 5 Web App Vulnerabilities and How to Find Them

Web applications, often in the form of Software as a Service (SaaS), are now the cornerstone for businesses all over the world. SaaS solutions have revolutionized the way they operate and deliver services, and are essential tools in nearly every industry, from finance and banking to healthcare and education.  Most startup CTOs have an excellent understanding of how to build highly ...

Read More
Twitter Facebook LinkedIn

Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages

NuGet, PyPi, and npm ecosystems are the target of a new campaign that has resulted in over 144,000 packages being published by unknown threat actors. "The packages were part of a new attack vector, with attackers spamming the open-source ecosystem with packages containing links to phishing campaigns," researchers from Checkmarx and Illustria said in a report published Wednesday. Of ...

Read More
Twitter Facebook LinkedIn

FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 48 domains that offered services to conduct distributed denial-of-service (DDoS) attacks on behalf of other threat actors, effectively lowering the barrier to entry for malicious activity. It also charged six suspects – Jeremiah Sam Evans Miller (23), Angel Manuel Colon Jr. (37), Shamar Shattock (19), Cory Anthony ...

Read More
Twitter Facebook LinkedIn

Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems

Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate HTML script tags. HTML smuggling is a technique that relies on using legitimate features ...

Read More
Twitter Facebook LinkedIn

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' to split data communicated to and from the C2 server," Fortinet FortiGuard Labs researchers ...

Read More
Twitter Facebook LinkedIn
cover

Developer-First Security Tools Buyers Guide

Cloud computing environments are increasingly de!ned and controlled by infrastructure-as-code (i.e. Terraform), containers and Kubernetes.

Download Now Sponsored

This email was sent to you. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here.

Contact The Hacker News: info@thehackernews.com
Unsubscribe

The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

Key phrases

The US Department Jeremiah Sam Evans Miller Angel Manuel Colon Jr WordPress Sites Admin Accounts WordPress content management system Chinesespeaking advanced persistent threat undocumented Android malware campaign NEGOEX Security Mechanism Mobile security company unknown threat actors other threat actors Cloud computing environments Japanese Political Entities Japanese political establishments unnamed political party Most startup CTOs Scalable Vector Graphics fraudulent email messages forcing selfhosted websites information disclosure vulnerability new attack vector new distribution method New GoTrim Botnet new Gobased botnet HTML script tags MirrorFace Cyber Attacks remote code execution HTML email attachments new brute forcer Hire Service Platforms crossplatform Flutter framework

Older messages

Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability

Tuesday, December 13, 2022

The Hacker News Daily Updates Newsletter cover The 5 Dimensions of Data Maturity Webinar Download Now Sponsored LATEST NEWS Dec 13, 2022 Serious Attacks Could Have Been Staged Through This Amazon ECR

Royal Ransomware Threat Takes Aim at U.S. Healthcare System

Monday, December 12, 2022

The Hacker News Daily Updates Newsletter cover The 5 Dimensions of Data Maturity Webinar Download Now Sponsored LATEST NEWS Dec 12, 2022 Top 4 SaaS Security Threats for 2023 With 2022 coming to a close

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

Saturday, December 10, 2022

The Hacker News Daily Updates Newsletter cover The 5 Dimensions of Data Maturity Webinar Download Now Sponsored LATEST NEWS Dec 10, 2022 Hack-for-Hire Group Targets Travel and Financial Entities with

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

Friday, December 9, 2022

The Hacker News Daily Updates Newsletter cover Why Altair Advisers Chose GlobalMeet Webcast for their virtual event needs In this guide, you will learn about why private wealth management company

Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections

Thursday, December 8, 2022

The Hacker News Daily Updates Newsletter cover Natively launch, run and scale apps on AWS with ease Easily extend to the cloud, migrate apps, eliminate management overhead and enjoy NetApp's

You Might Also Like

Learning about Android Runtime

Thursday, April 25, 2024

View in browser 🔖 Articles Learning about Android Runtime I always enjoy reading articles that explore how something works under the hood. Here's an article that does exactly that, providing

Stripe changes its … stripes

Wednesday, April 24, 2024

TikTok on the president's docket and Nvidia acquires Run:ai View this email online in your browser By Christine Hall Wednesday, April 24, 2024 Good afternoon, and welcome to TechCrunch PM! Today

💪 You Can Use Copilot AI as a Personal Trainer — Why Your Laptop Needs a Docking Station

Wednesday, April 24, 2024

Also: Here's How to Make Your Apple ID Recoverable, and More! How-To Geek Logo April 24, 2024 📩 Get expert reviews, the hottest deals, how-to's, breaking news, and more delivered directly to

JSK Daily for Apr 24, 2024

Wednesday, April 24, 2024

JSK Daily for Apr 24, 2024 View this email in your browser A community curated daily e-mail of JavaScript news JSK Weekly - 24th April, 2024 React 19 has introduced many great functionalities and

Daily Coding Problem: Problem #1422 [Hard]

Wednesday, April 24, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Airbnb. Given a list of integers, write a function that returns the largest sum of non-

Charted | Artificial Intelligence Patents, by Country 🤖

Wednesday, April 24, 2024

This visualization shows which countries have been granted the most AI patents each year, from 2012 to 2022. View Online | Subscribe Presented by: New on VC+: Our Visual Briefing on the IMF's World

Save your seat: 1Password’s 2024 Security report insights webinar

Wednesday, April 24, 2024

Join us April 25th. ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

Top Tech Deals 📱 LG Flex TV, Google Pixel 7, DJI Mini 3, and More

Wednesday, April 24, 2024

Get yourself a discounted DJI drone, save on the Pixel 7, or score some PC and phone accessories. How-To Geek Logo April 24, 2024 Top Tech Deals: LG Flex TV, Google Pixel 7, DJI Mini 3, and More Find

The Protest Song Wakes Up 🎙️

Wednesday, April 24, 2024

Is this song the future of musical protest? Here's a version for your browser. Hunting for the end of the long tail • April 24, 2024 The Protest Song Wakes Up A buzzy protest song about the

JSK Weekly - 24th April, 2024

Wednesday, April 24, 2024

React 19 has introduced many great functionalities and features, among which the useOptimistic hook stands out. The useOptimistic hook offers a seamless way to manage UI states during asynchronous