menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securityaffairs

4w

read

325

img
dot

Image Credit: Securityaffairs

Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service

  • Microsoft exposed four individuals behind an Azure Abuse scheme using unauthorized GenAI access to create harmful content.
  • Microsoft is taking legal action against these defendants and dismantling their operation.
  • The four individuals are Arian Yadegarnia aka “Fiz” of Iran, Alan Krysiak aka “Drago” of United Kingdom, Ricky Yuen aka “cg-dot” of Hong Kong, China, and Phát Phùng Tấn aka “Asakuri” of Vietnam.
  • The investigation, led by Microsoft's Digital Crimes Unit, resulted in the seizure of key infrastructure and disrupted the operations of the cybercriminal group.

Read Full Article

like

19 Likes

share

4 Shares

source image

Idownloadblog

4w

read

8

img
dot

Image Credit: Idownloadblog

Lars Fröder talks at Nullcon Goa 2025 security conference, iOS 17 & 18 jailbreak challenges discussed

  • Lars Fröder, lead developer of Dopamine jailbreak and TrollStore perma-signing utility, discussed the challenges of jailbreaking iOS 17 & 18 at the Nullcon Goa 2025 security conference.
  • Fröder revealed that there is no ETA for jailbreaks on arm64e devices running iOS 17 and 18 due to resource limitations.
  • Apple's efforts to prevent jailbreaking include axing the Kernel File Descriptor (KFD) exploit in iOS 17.3 and root helpers like TrollStore's "get root" method in iOS 18.0.
  • Public exploits for iOS 17 and 18 are unlikely to be released soon, making older jailbroken devices valuable and cautioning against updating.

Read Full Article

like

Like

share

Share

source image

Hackersking

4w

read

44

img
dot

Image Credit: Hackersking

Free TPC/UDP Port Forwarding Service Playit.GG With Lifetime Access

  • Playit.GG is a free, lifetime access TPC/UDP port forwarding service that eliminates the need for complex router settings, dynamic IP addresses, and ISP restrictions.
  • To set up Playit.GG, users need to create an account on the website and download the application for their operating system.
  • After installation, users can create tunnels using TPC/UDP tunnel type and provide a local port.
  • Playit.GG provides a hassle-free solution for free, reliable, and easy-to-use TCP/UDP port forwarding without ISP restrictions or complex router configurations.

Read Full Article

like

2 Likes

share

Share

source image

Metro

4w

read

249

img
dot

Image Credit: Metro

Urgent Google Chrome warning issued with over 3,000,000 users at risk of hacks

  • Millions of Google Chrome users have been warned to delete 16 browser extensions that have been hijacked by a 'threat actor' and used for fraud.
  • The affected extensions, including screen shot capture, ad blocking, and emoji keyboards, put at least 3,200,000 users at risk.
  • The 'threat actor' injected code into legitimate browsers, degrading security and hiding malicious code outside of the extensions.
  • Users are advised to delete the affected extensions and be cautious when granting permissions, as the hackers can purchase or hijack popular extensions to gain trust.

Read Full Article

like

15 Likes

share

3 Shares

source image

Medium

4w

read

267

img
dot

Image Credit: Medium

Inside the Dark Web: What They Don’t Want You to Know!

  • The Dark Web is a part of the internet that is known for its privacy and anonymity features.
  • While it serves as a platform for activists, journalists, and whistleblowers to communicate safely, it also harbors illegal marketplaces for drugs, weapons, and cybercrime.
  • The Silk Road case, one of the biggest illegal marketplaces, was shut down by the FBI, leading to the arrest of its creator, Ross Ulbricht.
  • Accessing the Dark Web can be dangerous due to scams, hackers, government surveillance, and the presence of disturbing content.

Read Full Article

like

16 Likes

share

3 Shares

source image

Cryptopotato

4w

read

227

img
dot

Image Credit: Cryptopotato

Beyond Hacks: Vitalik Buterin Calls for Wallet Solutions to Address Crypto Loss

  • Ethereum co-founder Vitalik Buterin emphasizes the need to address accidental crypto loss.
  • Buterin highlights the risk of user errors, software bugs, forgotten passwords, and lost devices.
  • He advocates for wallet security solutions that cover all forms of loss, not just cyberattacks.
  • Social recovery solutions, such as the use of trusted guardians, are proposed to mitigate the risks.

Read Full Article

like

13 Likes

share

3 Shares

source image

Securityaffairs

4w

read

276

img
dot

Image Credit: Securityaffairs

Attackers could hack smart solar systems and cause serious damages

  • Hackers have revealed security flaws in smart solar systems, posing risks to national power grids.
  • Weak or default passwords in control consoles for smart solar systems expose vulnerabilities for cyber attacks.
  • Accessing and manipulating millions of units simultaneously could potentially cause blackouts and disrupt grid security.
  • The digitization of power grids is necessary for energy transition, but it also increases the risk of cyber threats.

Read Full Article

like

16 Likes

share

3 Shares

source image

TechCrunch

4w

read

129

img
dot

Image Credit: TechCrunch

Researchers uncover unknown Android flaws used to hack into a student’s phone

  • Google fixed previously unknown flaws in Android that allowed authorities to unlock phones using forensic tools.
  • Researchers from Amnesty International found a chain of three zero-day vulnerabilities in the core Linux USB kernel.
  • The vulnerabilities, developed by Cellebrite, impacted over a billion Android devices.
  • Amnesty International and Google's anti-hacking unit, Threat Analysis Group, collaborated to fix the vulnerabilities after investigating a student protester's hacked phone.

Read Full Article

like

7 Likes

share

1 Share

source image

Medium

4w

read

156

img
dot

Image Credit: Medium

5 exciting books to fuel interest in cybersecurity

  • Sandworm by Andy Greenberg: A true story of nation state threat actors battling to cripple infrastructure with the accounts of those involved.
  • Mindf*ck by Christopher Wylie: Details the exploits of Cambridge Analytica and the weaponization of digital information to influence major events.
  • This is How They Tell Me the World Ends by Nicole Perlroth: An exploration into the underground world of exploits and the hackers who create and sell them.
  • Cuckoo's Egg by Cliff Stole: Recounts the thrill of chasing an unauthorized user through U.S. computer systems and the frustration of convincing others of the intrusion's seriousness.

Read Full Article

like

9 Likes

share

2 Shares

source image

Securityaffairs

4w

read

375

img
dot

Image Credit: Securityaffairs

Enhanced capabilities sustain the rapid growth of Vo1d botnet

  • Operators behind the Vo1d botnet have enhanced its capabilities, enabling rapid growth in recent months.
  • The Vo1d botnet infected nearly 1.3 million Android-based TV boxes in 197 countries, acting as a backdoor for downloading and installing third-party software.
  • The infections were most prevalent in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria, and Indonesia.
  • The Vo1d botnet has improved its stealth and resilience, utilizing RSA encryption, hardcoded and DGA-based Redirector C2s, and optimized payload delivery for harder detection.

Read Full Article

like

22 Likes

share

5 Shares

source image

Medium

4w

read

44

img
dot

Image Credit: Medium

Spyzie Stalkerware Exposed: How Thousands of Android and iPhone Users Were Secretly Tracked

  • Spyzie, marketed as a parental monitoring app, was used for unauthorized surveillance.
  • The app collected sensitive user data, violating privacy laws and putting users at risk.
  • Apple and Google have removed Spyzie from their app stores.
  • Authorities are pushing for stricter regulations to prevent spyware apps from exploiting privacy.

Read Full Article

like

2 Likes

share

Share

source image

Kaspersky

4w

read

317

img
dot

Image Credit: Kaspersky

Google OAuth: abandoned domains attack | Kaspersky official blog

  • Using Google OAuth authentication for corporate services may lead to security vulnerabilities, such as phantom accounts and abandoned domains attacks.
  • Google OAuth authentication primarily verifies access to an email address linked to the organization's Google Workspace, rather than utilizing the unique sub parameter as recommended.
  • Attackers can exploit abandoned domains by registering them and creating email addresses within the domain to gain unauthorized access to corporate services that used 'Sign in with Google'.
  • By accessing defunct companies' services, attackers can retrieve confidential information, posing a significant risk to employee data privacy and security.
  • Around 50% of startups use Google Workspace, potentially leading to millions of vulnerable accounts susceptible to such attacks.
  • A researcher discovered this vulnerability and reported it to Google, eventually receiving recognition and a reward for his findings.
  • Google has been informed about the issue but has not yet provided a clear timeline or solution to address the problem with Google OAuth authentication.
  • Preventive measures for companies include using traditional login methods, enabling two-factor authentication, and properly managing workspace deletion when ceasing operations.
  • Startups and organizations are advised to be proactive in addressing security vulnerabilities like the Google OAuth attack associated with abandoned domains.
  • Companies should consider the security implications of using 'Sign in with Google' and take necessary steps to protect sensitive data and prevent unauthorized access.

Read Full Article

like

19 Likes

share

4 Shares

source image

Securityaffairs

4w

read

49

img
dot

Image Credit: Securityaffairs

Cisco fixed command injection and DoS flaws in Nexus switches

  • Cisco has released security updates to address command injection and denial-of-service (DoS) vulnerabilities in Nexus switches.
  • The high-severity vulnerability (CVE-2025-20111) affects the health monitoring diagnostics of Cisco Nexus 3000 and 9000 Series Switches, allowing an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
  • Another flaw (CVE-2025-20161) addressed by Cisco is a command injection issue that impacts the software upgrade process of Nexus 3000 and 9000 Series Switches.
  • The Cisco Product Security Incident Response Team (PSIRT) has not reported any known attacks exploiting these vulnerabilities.

Read Full Article

like

2 Likes

share

Share

source image

NullTX

4w

read

205

img
dot

Image Credit: NullTX

Bybit Hacker’s Money Laundering Boosts THORChain with $2.91 Billion in Transaction Volume and $3 Million in Fees

  • THORChain has experienced a surge in transaction volume and fees due to a money laundering operation linked to a hack on Bybit.
  • A hacker used THORChain to launder stolen funds, leading to a doubling of the decentralized exchange's transaction volume.
  • The hacker swapped stolen Ethereum for Bitcoin through THORChain, resulting in $2.91 billion in transactions in five days.
  • Despite the revenue boost for THORChain, the nature of the transactions poses ethical and legal concerns.
  • Increased fees benefited THORChain, but the association with a hack raises regulatory scrutiny and potential long-term challenges.
  • THORChain's native token, $RUNE, has seen demand surge due to increased platform activity and handling fees.
  • The involvement in illicit activities may lead to reputational harm and legal consequences for THORChain.
  • Decentralized exchanges like THORChain face regulatory challenges due to minimal oversight compared to centralized exchanges.
  • The short-term financial gains for THORChain may be overshadowed by potential legal and reputational risks in the long term.
  • The hack's fallout has resulted in a closer regulatory spotlight on THORChain, requiring tighter security and oversight.

Read Full Article

like

12 Likes

share

2 Shares

source image

Securityaffairs

4w

read

312

img
dot

Image Credit: Securityaffairs

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

  • Chinese hackers have breached Belgium's State Security Service (VSSE), stealing 10% of emails between 2021 and May 2023.
  • Investigators are looking into the security breach by China-linked threat actors on the VSSE.
  • The hackers exploited a vulnerability in the Barracuda Email Security Gateway Appliance used by VSSE and others.
  • 10% of the VSSE's incoming and outgoing emails were compromised, exposing personal data of staff and applicants.
  • No classified information was affected, and no stolen data has been found on the dark web.
  • The Chinese embassy in Belgium has not yet commented on the accusation.
  • Mandiant researchers linked China-linked threat actors to similar attacks exploiting the Barracuda ESG zero-day vulnerability globally.
  • Barracuda warned customers of the zero-day flaw (CVE-2023-2868) exploited in May and provided patches.
  • The flaw was exploited to deploy malware providing persistent backdoor access.
  • The attackers used malware families like SALTWATER, SEASPY, and SEASIDE to exploit the vulnerability.

Read Full Article

like

18 Likes

share

4 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app