menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securityaffairs

4w

read

281

img
dot

Image Credit: Securityaffairs

ASUS routers with AiCloud vulnerable to auth bypass exploit

  • ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled.
  • The vulnerability, tracked as CVE-2025-2492, allows unauthorized execution of functions on the device.
  • The vulnerability can be exploited by sending a specially crafted request.
  • ASUS recommends updating firmware and using strong, unique passwords to mitigate the risk.

Read Full Article

like

16 Likes

share

3 Shares

source image

Kitploit

4w

read

205

img
dot

Image Credit: Kitploit

TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog

  • TruffleHog Explorer is a user-friendly web-based tool for visualizing and analyzing data extracted using TruffleHog.
  • TruffleHog is an open source secrets discovery and analysis tool used for finding credentials and sensitive data in repositories.
  • TruffleHog Explorer offers an improved UI/UX, powerful filtering options, and export capabilities for efficient review of potential secrets.
  • The tool supports GitHub TruffleHog JSON outputs, with plans to support additional formats and platforms in the future.

Read Full Article

like

12 Likes

share

2 Shares

source image

Securityaffairs

4w

read

138

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

  • U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog.
  • CISA added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities catalog.
  • Apple released security updates to address two vulnerabilities impacting iOS, iPadOS & macOS, which have been exploited in sophisticated attacks.
  • Microsoft fixed a Windows NTLM hash disclosure spoofing vulnerability, which has been actively exploited since March.

Read Full Article

like

8 Likes

share

1 Share

source image

Hackingblogs

4w

read

10k

img
dot

Image Credit: Hackingblogs

Fake WhatsApp & Telegram Preinstalled on Chinese Android Phones: Millions Lost to Crypto-Stealing Malware

  • Fake WhatsApp & Telegram pre-installed on Chinese Android phones are infected with spyware that steals cryptocurrency.
  • Trojanized programs can scan photos for wallet seed phrases, spoof update links, and steal clipboard data.
  • The malware campaign is impacting low-cost Chinese phones, with more than 40 pre-installed apps compromised.
  • Users are advised to be cautious when interacting with unknown phone manufacturers and to use reliable programs and antivirus apps to protect their devices.

Read Full Article

like

28 Likes

share

27 Shares

source image

Securityaffairs

4w

read

53

img
dot

Image Credit: Securityaffairs

Entertainment venue management firm Legends International disclosed a data breach

  • Legends International disclosed a data breach from November 2024 that affected employees and visitors to its managed venues.
  • Legends International is a global leader in sports and entertainment venue management, specializing in delivering comprehensive solutions for stadiums, arenas, and attractions.
  • On November 9, 2024, Legends International detected unauthorized activity on its IT systems, took action to stop it, and launched an investigation with the help of external cybersecurity experts.
  • The company confirmed that a review is underway to determine if personal data was involved and is offering 24 months of free Experian IdentityWorks as a precaution.

Read Full Article

like

3 Likes

share

Share

source image

TheNewsCrypto

4w

read

22

img
dot

Crypto Exchange eXch to Shut Down Following Bybit Hack Money Laundering Allegations

  • Crypto exchange eXch will shut down on May 1 this year.
  • The firm is accused of having connections to the Lazarus group in the recent $1.4B Bybit hack.
  • eXch to employ Cease and Retreat strategy.
  • eXch announces 50 BTC open-source fund to support privacy solutions.

Read Full Article

like

1 Like

share

Share

source image

Hackersking

4w

read

290

img
dot

Image Credit: Hackersking

How To Install Kali NetHunter Lite On Any Android Device

  • This blog provides a guide on how to install Nethunter Lite on any rooted Android device.
  • Prerequisites include having a rooted device with Magisk and installing BusyBox.
  • Download the suitable version of Kali NetHunter Lite based on your device's hardware details.
  • Use Magisk module to flash the downloaded file and reboot the device to access Nethunter applications.

Read Full Article

like

17 Likes

share

4 Shares

source image

Kitploit

4w

read

49

img
dot

Image Credit: Kitploit

PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data

  • PANO is an OSINT investigation platform that combines graph visualization, timeline analysis, and AI tools to uncover hidden connections in data.
  • To get started with PANO, clone the repository and run the application using the provided scripts for Linux and Windows.
  • Key features include interactive graph visualization, timeline analysis, map integration, entity management for different types like email addresses and locations, and custom entity creation.
  • PANO's transform system allows for operations like email analysis, username search, image analysis, and AI integration for natural language investigation and pattern recognition.
  • The platform also provides specialized helpers for tasks such as cross-examination, portrait creation, media analysis, and translation.
  • Contributions to PANO are welcome, with guidelines on forking the repository, making changes, testing, and submitting pull requests provided.
  • System requirements for PANO include Python 3.11+, PySide6 for GUI, and an internet connection for online features.
  • Developers can create custom entities for specific data structures and behaviors, as well as custom transforms and helpers to extend PANO's functionality.
  • The project is licensed under CC BY-NC, allowing sharing and adaptation with appropriate attribution and for non-commercial use.
  • PANO was created by ALW1EZ and is available for download to explore its advanced OSINT investigation capabilities.

Read Full Article

like

2 Likes

share

Share

source image

Securityaffairs

4w

read

299

img
dot

Image Credit: Securityaffairs

China-linked APT Mustang Panda upgrades tools in its arsenal

  • China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia.
  • The APT group has been active since at least 2012, targeting American and European entities as well as Asian countries.
  • Recent campaigns of APT Mustang Panda utilized European Union reports on the conflict in Ukraine as lures to deploy malware.
  • The group has introduced new tools such as MQsTTang backdoor, StarProxy lateral movement tool, and several keyloggers for enhanced stealth and functionality.

Read Full Article

like

18 Likes

share

4 Shares

source image

Securityaffairs

4w

read

357

img
dot

Image Credit: Securityaffairs

Node.js malvertising campaign targets crypto users

  • Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView.
  • Threat actors are increasingly using Node.js to deploy malware, bypass security tools, and persist in systems.
  • In these attacks, malvertising is used to lure users to fake sites, and once executed, a malicious DLL collects system data and delivers further payloads.
  • Microsoft has provided recommendations to mitigate threats related to the misuse of Node.js.

Read Full Article

like

21 Likes

share

5 Shares

source image

Siliconangle

1M

read

67

img
dot

Image Credit: Siliconangle

IBM X-Force report finds shift from ransomware to credential theft in 2024

  • Cybercriminals are shifting towards stealth and credential theft, as per IBM X-Force report.
  • Identity attacks surged in 2024, with an increase in phishing emails delivering infostealers.
  • Nearly one in three incidents in 2024 involved stolen credentials, allowing attackers to avoid detection.
  • Ransomware attacks declined as operators adjusted to global enforcement crackdowns.

Read Full Article

like

4 Likes

share

Share

source image

Securityaffairs

1M

read

317

img
dot

Image Credit: Securityaffairs

Apple released emergency updates for actively exploited flaws

  • Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks.
  • Apple released out‑of‑band security updates to address two vulnerabilities impacting iOS, iPadOS & macOS.
  • The vulnerabilities include a memory corruption issue in CoreAudio and a bypass vulnerability in RPAC.
  • The attacks were targeted and likely exploited by commercial surveillance vendors or a nation-state actor.

Read Full Article

like

19 Likes

share

4 Shares

source image

Securityaffairs

1M

read

93

img
dot

Image Credit: Securityaffairs

U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV) catalog.
  • The vulnerability is an OS Command Injection Vulnerability in the SMA100 management interface, allowing remote authenticated attackers to inject arbitrary commands as a 'nobody' user and potentially execute arbitrary code.
  • CISA orders federal agencies to fix this vulnerability by May 7, 2025.
  • CISA also added Linux Kernel flaws, Gladinet CentreStack, and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Read Full Article

like

5 Likes

share

1 Share

source image

Hackingblogs

1M

read

362

img
dot

Image Credit: Hackingblogs

The Famous 4Chan Was HACKED !! Source Code Is LEAKED

  • 4chan, the notorious anonymous imageboard, has been hacked and taken offline.
  • The hack appears to be a coordinated effort with leaked admin panels, internal tools, and source code.
  • The independent imageboard Soyjak.party claims responsibility for the attack.
  • The breach potentially compromises user privacy and raises concerns about cross-platform attacks and doxxing.

Read Full Article

like

21 Likes

share

5 Shares

source image

Securityaffairs

1M

read

228

img
dot

Image Credit: Securityaffairs

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

  • CISA has extended MITRE's CVE program contract for another 11 months, ensuring continuity of the program.
  • The CVE program, which tracks vulnerabilities, faced funding expiry, risking disruption to global security.
  • MITRE's CVE program has assigned over 274,000 CVE IDs for public security vulnerabilities in the past 25 years.
  • The extension of the contract will prevent a service disruption that could impact vulnerability databases and critical infrastructure.

Read Full Article

like

13 Likes

share

3 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app