menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Kitploit

3w

read

135

img
dot

Image Credit: Kitploit

Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities

  • Wshlient is a web shell client tool designed for interacting with web shells and command injection vulnerabilities.
  • To use Wshlient, one needs to create a text file containing an HTTP request and specify where the commands will be injected.
  • Installation of Wshlient can be done by cloning the Github repository, installing requirements using pip, and setting up a symbolic link for direct system-wide usage.
  • Users can contribute to Wshlient by testing, reporting bugs/issues, suggesting features, and even coding improvements while keeping the tool simple.

Read Full Article

like

8 Likes

share

1 Share

source image

Schneier

3w

read

192

img
dot

WhatsApp Case Against NSO Group Progressing

  • Meta is suing NSO Group, alleging that the company hacks WhatsApp itself, not just individual users.
  • NSO Group is restricted from presenting certain evidence about its clients' identities and the nature of the targeted WhatsApp users.
  • Judge Phyllis Hamilton ruled that NSO Group contradicted itself in its arguments regarding its clients' intentions and responsibilities.
  • The case involves allegations of NSO Group's involvement in hacking WhatsApp for purposes beyond fighting terrorism or child exploitation.

Read Full Article

like

11 Likes

share

2 Shares

source image

Hackingblogs

3w

read

192

img
dot

Image Credit: Hackingblogs

Linux Kernel Hacked: CVE-2025-21756 – Exploiting the Vsock UAF for Root Access

  • The Linux kernel’s Vsock subsystem has a privilege escalation vulnerability known as CVE-2025-21756, caused by incorrect reference count decrease leading to a Use After Free condition.
  • Exploiting the UAF allows attackers to recover a freed vsock object, gain control of execution flow, bypass kASLR, and leak kernel memory.
  • The vulnerability required bypassing AppArmor security checks, using side channels like vsock_diag_dump, and employing a ROP chain for root access.
  • CVE-2025-21756 affects the Linux kernel's management of virtual sockets, impacting systems reliant on virtual machine connectivity.
  • The vulnerability stems from incorrect reference counting on vsock objects, leading to a UAF situation and potential system instability or remote code execution.
  • A test case provided by kernel maintainers demonstrates how the UAF vulnerability can be activated.
  • Exploitation involves prematurely releasing a vsock object, enabling memory reuse for malicious code insertion and potential privilege escalation.
  • An attacker could manipulate kernel memory by taking advantage of a freed vsock object, hence affecting the kernel's internal state.
  • The vulnerability could allow attackers to execute arbitrary code in the kernel space and achieve root access, posing a high risk.
  • The fix involved enhancing memory management procedures, implementing memory validation checks, and applying hardening strategies to prevent future similar vulnerabilities.

Read Full Article

like

11 Likes

share

2 Shares

source image

Securityaffairs

3w

read

429

img
dot

Image Credit: Securityaffairs

AirBorne flaws can lead to fully hijack Apple devices

  • Vulnerabilities in Apple's AirPlay protocol and SDK, collectively known as AirBorne, have been discovered, exposing Apple and third-party devices to attacks including remote code execution.
  • The vulnerabilities enable attackers to perform zero-/one-click RCE, bypass security measures, steal data, and execute attacks like MITM or DoS, potentially leading to full hijacking of devices over wireless connections.
  • Of the 2.35 billion active Apple devices globally, including millions of Macs and AirPlay-enabled third-party devices, only a subset is affected, posing significant risks given the widespread presence of AirPlay.
  • To mitigate these vulnerabilities, users are advised to update their devices, disable unused AirPlay Receivers, restrict access via firewall, and limit AirPlay permissions to current users.

Read Full Article

like

25 Likes

share

6 Shares

source image

Idownloadblog

3w

read

122

img
dot

Image Credit: Idownloadblog

Nugget developer LeminLimez teases upcoming features, says version 5.2 could launch this week

  • Nugget developer LeminLimez is teasing upcoming features for the popular SparseRestore exploit-based device customization utility.
  • Version 5.2 of Nugget is expected to launch this week and will bring new features including being codesigned and notarized on macOS, custom colors, and improved device customization.
  • Developer LeminLimez is also working on Nugget version 6.0, which will include a user interface overhaul, custom operation templates, and Status Bar tweaks.
  • Nugget offers device customization for iPhones and iPads without requiring a jailbreak and is available for free from the developer's GitHub page.

Read Full Article

like

7 Likes

share

1 Share

source image

Securityaffairs

3w

read

302

img
dot

Image Credit: Securityaffairs

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog.
  • The flaw, tracked as CVE-2025-31324, allows unauthenticated attackers to upload malicious files to the system and potentially compromise SAP environments.
  • The vulnerability was discovered by researchers from ReliaQuest, who reported it to SAP and the company subsequently released a patch.
  • CISA has ordered federal agencies to fix the vulnerability by May 20, 2025.

Read Full Article

like

18 Likes

share

4 Shares

source image

Securityaffairs

3w

read

826

img
dot

Image Credit: Securityaffairs

SentinelOne warns of threat actors targeting its systems and high-value clients

  • Cybersecurity firm SentinelOne warns of attempted reconnaissance by China-linked APT group PurpleHaze on its systems and high-value clients.
  • The activity suggests targeted cyberespionage efforts aimed at gathering information for potential future attacks.
  • PurpleHaze used an Operational Relay Box (ORB) network and a Windows backdoor called GoReShell, showing strong links to APT15, a known China-linked cyberespionage group.
  • Additionally, SentinelOne detected the attempts of North Korea-linked IT workers to be hired at the company, including its SentinelLabs intelligence engineering team.

Read Full Article

like

7 Likes

share

1 Share

source image

Securityaffairs

3w

read

408

img
dot

Image Credit: Securityaffairs

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

  • In 2024, Google's Threat Intelligence Group (GTIG) tracked and analyzed a total of 75 zero-day vulnerabilities that were actively exploited.
  • While the number of zero-day exploits decreased from 98 in 2023, it increased from 63 in 2022.
  • The majority of targeted vulnerabilities were found in end-user platforms, although attacks on enterprise technologies are on the rise, with 44% of zero-days targeting enterprise products in 2024.
  • Windows operating system remained a major target with 22 zero-day vulnerabilities identified in 2024.

Read Full Article

like

24 Likes

share

5 Shares

source image

Securityaffairs

3w

read

364

img
dot

Image Credit: Securityaffairs

VeriSource data breach impacted 4M individuals

  • VeriSource, an employee benefits services provider, experienced a data breach in February 2024.
  • The breach exposed personal information of 4 million individuals.
  • Not all data types were impacted for every individual.
  • VeriSource is offering free 12-month ID protection and advises individuals to monitor their financial statements.

Read Full Article

like

21 Likes

share

5 Shares

source image

Securelist

3w

read

425

img
dot

Image Credit: Securelist

Outlaw cybergang attacking targets worldwide

  • Outlaw (also known as “Dota”) is a Perl-based crypto mining botnet that targets Linux environments by exploiting weak or default SSH credentials.
  • The threat actor behind Outlaw uses tactics like downloading first-stage scripts, monitoring processes, and maintaining persistence on infected machines.
  • The malware used by Outlaw includes an IRC-based botnet client acting as a backdoor, supporting malicious activities like DDoS attacks, file operations, and command execution.
  • Outlaw gang's activities have been identified in countries like the United States, Germany, Italy, Thailand, Singapore, Taiwan, Canada, and Brazil.
  • Recommendations to protect against Outlaw include hardening SSH servers with key-based authentication, custom configurations, and additional security parameters.
  • Outlaw's techniques include obfuscation, malicious XMRig miners, customized malware, and a diverse range of malicious activities.
  • Security practitioners can adopt measures like limiting SSH access, using tools like Fail2Ban, and monitoring for suspicious processes to mitigate the Outlaw threat effectively.
  • The Outlaw gang employs various tactics, techniques, and procedures (TTPs) categorized under execution, persistence, defense evasion, credential access, discovery, lateral movement, collection, command and control, exfiltration, and impact.
  • Indicators of Compromise (IoCs) related to Outlaw include cryptographic hashes, specific file names, IP addresses, Monero wallet information, and more.

Read Full Article

like

25 Likes

share

5 Shares

source image

Securityaffairs

3w

read

114

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog

  • U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog.
  • CISA added three vulnerabilities to its catalog: Broadcom Brocade Fabric OS Code Injection, Qualitia Active! Mail Stack-Based Buffer Overflow, and Commvault Web Server Unspecified Vulnerability.
  • The vulnerabilities allow remote attackers to execute arbitrary code, bypass security restrictions, and compromise webservers.
  • CISA orders federal agencies to fix the vulnerabilities by specified due dates.

Read Full Article

like

6 Likes

share

1 Share

source image

Securityaffairs

3w

read

162

img
dot

Image Credit: Securityaffairs

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

  • BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration.
  • Rumors of FBI raids and arrests of the administrator followed the sudden shutdown, fueling speculation.
  • Alternative forums emerged, some demanding entry fees, increasing confusion and the risk of scams or honeypots.
  • BreachForums confirmed no data compromise, but warned users to be cautious of emerging clones.

Read Full Article

like

9 Likes

share

2 Shares

source image

Securityaffairs

3w

read

184

img
dot

Image Credit: Securityaffairs

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

  • Earth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia.
  • Threat actors used custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration.
  • The campaign primarily targeted the Philippines, Vietnam, Thailand, and Malaysia, posing a high business risk.
  • Earth Kurma is a new APT group targeting Southeast Asian government and telecom sectors, remaining highly active and adaptable.

Read Full Article

like

11 Likes

share

2 Shares

source image

Dev

3w

read

224

img
dot

Image Credit: Dev

Understanding Gray Hat Hackers: Definition, Techniques, and Implications

  • Gray Hat Hackers operate in a gray area between ethical and unethical hacking, aiming to highlight security flaws without malicious intent.
  • Their activities vary from White Hat and Black Hat Hackers, falling into a legal gray zone due to their unauthorized but non-malicious actions.
  • Motivations behind Gray Hat Hacking include improving security, curiosity, and the quest for recognition or rewards.
  • They often conduct unauthorized security tests, disclose vulnerabilities, and raise legal and ethical questions about hacking practices.
  • Gray Hat Hacking techniques include vulnerability scanning and social engineering, impacting organizations' security and operations.
  • Legal risks exist for Gray Hat Hackers, emphasizing the importance of understanding boundaries and potential consequences.
  • Protecting against Gray Hat Hackers involves regular software updates, strong passwords, security audits, access controls, and continuous monitoring.
  • Educating teams, enhancing cybersecurity practices, and responding promptly to vulnerabilities are key steps for individuals and organizations.
  • Famous Gray Hat Hackers like Adrian Lamo and Chris Soghoian have influenced cybersecurity practices and raised awareness of vulnerabilities.
  • By navigating the complexities of Gray Hat Hacking, individuals and organizations can enhance their defenses against unauthorized access and exploitation.

Read Full Article

like

13 Likes

share

3 Shares

source image

Silicon

3w

read

158

img
dot

Image Credit: Silicon

M&S Tells Distribution Centre Staff To Stay At Home

  • Marks & Spencer tells agency staff at its distribution center to stay at home due to a cyberattack.
  • The company stopped online and app orders and has fallen 8% since the attack was disclosed.
  • Around 200 agency staff were affected by the decision and the company is working with experts to resolve the issue.
  • Customer data has not been compromised, but experts advise maintaining vigilance against phishing attempts.

Read Full Article

like

9 Likes

share

2 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app