A naukri.com initiative
Hacking News
Silicon
1M
76
Image Credit: Silicon
China Names US Operatives For Alleged Cyberattacks
- China has publicly named three US citizens accused of carrying out cyberattacks on Chinese infrastructure.
- China alleged that the US operatives worked through the National Security Agency (NSA).
- The attacks targeted the systems managing the Asian Games and critical infrastructure in Heilongjiang province.
- China has expressed concerns and urged the US to adopt a responsible attitude on cybersecurity issues.
Read Full Article
4 Likes
Medium
1M
222
Image Credit: Medium
Unlock the Hacker Within: Ethically Transform Your Phone into a Cyber Powerhouse
- Your Android device can be transformed into an ethical hacking lab with the right tools and setup.
- Android phones are recommended due to their open-source nature and deeper customization options.
- Installing a terminal emulator like Termux or JuiceSSH is necessary to run hacking tools.
- Rooting your phone, though optional, provides full administrative access and advanced tool capabilities.
Read Full Article
13 Likes
Hackingblogs
1M
371
Image Credit: Hackingblogs
Stop Torrenting Until You Do This — Your IP Might Be Exposed! (Only for Legal Use)
- Torrenting without a VPN exposes your true IP address, making you vulnerable to monitoring and copyright trolls.
- Binding your torrent client to a VPN connection can protect your privacy and ensure your real IP is not exposed.
- Torrenting involves using P2P networks to download and share files, which can compromise your privacy if your IP address is visible.
- Governments and ISPs employ IP blacklists to monitor and block torrent traffic, making VPNs essential for secure torrenting.
- To bind a torrent client to a VPN like Mullvad, steps include connecting to Mullvad VPN and configuring settings for secure torrenting.
- Mullvad VPN offers options for platforms, tunnel protocols, exit locations, and specific settings for secure torrenting.
- Configuring Mullvad VPN involves unzipping config files, checking contents, making DNS helper executable, and confirming permissions.
- Using a VPN creates a virtual network interface like tun0, allowing you to route traffic through a secure encrypted tunnel.
- To test the VPN, you can check the IP address displayed to verify that traffic is being tunneled securely through the VPN.
- Setting up qBittorrent to use the VPN interface ensures all downloads and uploads go through the secure VPN connection.
Read Full Article
22 Likes
Kitploit
1M
192
Image Credit: Kitploit
Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
- Wappalyzer-Next is a Python library that uses the Wappalyzer extension and its fingerprints to detect technologies.
- It solves the limitations of other projects by using up-to-date fingerprints and providing accurate results for dynamic web applications.
- To install Wappalyzer, users need to install Firefox and geckodriver.
- The library can be used to scan URLs and retrieve information about the technologies used on those sites.
Read Full Article
11 Likes
Securityaffairs
1M
323
Image Credit: Securityaffairs
Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps
- Cheap Chinese Android phones are being shipped with trojanized WhatsApp and Telegram clones designed to steal cryptocurrencies through address swapping.
- The campaign targets low-end phones resembling well-known models and embeds malware in pre-installed apps.
- Attackers spoof device specifications to make phones appear as Android 14 with better hardware, fooling users and apps.
- The malware, dubbed Shibai, uses hidden modules to hijack updates, replace crypto wallet addresses, and exfiltrate chat data.
Read Full Article
18 Likes
Securelist
1M
26
Image Credit: Securelist
Streamlining detection engineering in security operation centers
- Security operations centers (SOCs) are critical for detecting and responding to cyberthreats in real time.
- SOC operations can be segmented into assessment, detection, triage, and response phases with distinct roles.
- Challenges observed in SOC operations include issues in log collection, detection, triage, and response.
- Common issues include lack of visibility coverage, over-reliance on vendor rules, and poor use of threat intelligence feeds.
- Enhancing detection is crucial, as it impacts data quality, threat visibility, and incident response efficiency.
- A structured detection engineering program can significantly improve SOC performance and threat resilience.
- Key elements of a detection engineering program include a dedicated team, defined processes, relevant tools, and metrics for measurement.
- Best practices in detection engineering involve rule naming conventions, centralized knowledge bases, contextual tagging, triage steps, baselining, and focusing on behavioral indicators.
- Performance metrics such as Time to Detect (TTD), Signal-to-Noise Ratio (SNR), and Threat Profile Alignment (TPA) are crucial for assessing the success of a detection program.
- Technical-level metrics like Time to Qualify Detection (TTQD), Time to Create Detection (TTCD), and Detection Backlog help measure the team's support of the detection engineering program.
Read Full Article
1 Like
Securityaffairs
1M
265
Image Credit: Securityaffairs
Cyber Threats Against Energy Sector Surge as Global Tensions Mount
- Rising cyberattacks on the energy sector, linked to large-scale campaigns targeting national infrastructure for geopolitical aims, have been identified.
- Cybersecurity experts warn about the increase in targeted cyberattacks against enterprises in the energy sector worldwide.
- The vulnerability of American power grids to cyberattacks is a growing concern, as the number of susceptible points in electrical networks continues to increase.
- Technological advancements, such as cloud adoption and AI integration, have further increased cyber-risk scenarios for the energy sector.
Read Full Article
15 Likes
NullTX
1M
425
Image Credit: NullTX
$7 Million Exploit Hits KiloEx: Flawed Access Control Allows Price Manipulation Across Multiple Chains
- A critical flaw in decentralized perpetual exchange KiloEx allowed an attacker to siphon off around $7 million by manipulating oracle prices.
- The exploit affected three chains—BNB Chain, Base, and Taiko—and highlighted issues with decentralized finance protocols.
- The attacker used a weak contract design to manipulate price feeds, exploiting the KiloEx platform's oracle-based pricing mechanism.
- Tornado Cash was used to obscure the origin of funds in dubious transactions that triggered alarms before the exploit campaign.
- The attacker gained control over price-setting mechanisms through the MinimalForwarder contract, leading to fund drainage.
- The attack unfolded by exploiting the access control flaw in the MinimalForwarder contract to manipulate prices and drain funds.
- The exploit enabled the attacker to open and close positions at distorted price levels, causing significant financial losses.
- The attacker's deep knowledge of KiloEx's smart contract framework and weaknesses facilitated the sophisticated attack.
- The breach underscores the importance of robust access controls in smart contract systems, particularly in oracles and trading mechanisms.
- The DeFi community calls for stringent audit standards and security testing to prevent similar exploits in the future.
Read Full Article
25 Likes
Cryptopotato
1M
371
Image Credit: Cryptopotato
Ethereum Layer-2 ZKsync Airdrop Account Hacked for $5M
- ZKsync, an Ethereum scaling network, experienced a hack in which a compromised admin account took control of $5 million worth of ZK tokens.
- The hack affected the remaining unclaimed coins from the ZKsync airdrop, but user funds were not at risk.
- Approximately 111 million unclaimed ZK tokens were minted by the attacker, causing a brief dip in spot prices.
- The hacker still holds funds worth $2.1 million in ZK tokens and $3.4 million in ETH.
Read Full Article
22 Likes
TechCrunch
1M
278
Image Credit: TechCrunch
Notorious image board 4chan hacked and internal data leaked
- Notorious internet forum 4chan was hacked on Tuesday.
- Screenshots of 4chan's backend, source code, and moderator information were leaked.
- The hack potentially exposes those who run 4chan, a platform with ties to alt-right movements.
- The leaked data includes personal information of 4chan Pass subscribers.
Read Full Article
16 Likes
Securityaffairs
1M
183
Image Credit: Securityaffairs
Critical Apache Roller flaw allows to retain unauthorized access even after a password change
- A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected.
- A critical vulnerability, tracked as CVE-2025-24859 (CVSS score of 10.0), affects the Apache Roller open-source, Java-based blogging server software.
- The flaw is a session management issue that impacts in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes.
- In early April, experts warned of another critical vulnerability impacting Apache Parquet’s Java Library. The vulnerability, tracked as CVE-2025-30065 (CVSS score of 10.0), could allow remote code execution.
Read Full Article
11 Likes
Securityaffairs
1M
116
Image Credit: Securityaffairs
Meta will use public EU user data to train its AI models
- Meta will use public EU user data to train its AI models.
- The company paused the plan last year due to data protection concerns raised by Irish regulators.
- Meta's AI, including Llama LLM, is already available in other parts of the world.
- EU users will be able to object to their public data being used for training purposes.
Read Full Article
7 Likes
Kitploit
1M
233
Image Credit: Kitploit
Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
- Telegram-Checker is a Python Tool for checking Telegram accounts via phone numbers or usernames.
- The tool allows users to check single or multiple phone numbers and usernames.
- It supports importing phone numbers from a text file and provides the option to save results as JSON.
- Telegram-Checker also ensures secure credential storage and offers detailed user information.
Read Full Article
14 Likes
Analyticsindiamag
1M
265
Image Credit: Analyticsindiamag
Hackers are No Longer Just Script Kiddies, Thanks to AI
- Advancements in AI have provided both relief and increased threat in the field of cybersecurity.
- Hackers now have access to sophisticated tools and materials for successful attacks, thanks to AI.
- AI is being used to create hacking assistants, generate deepfakes, conduct phishing attempts, and lower the coding bar for malicious activities.
- AI has accelerated the automation and scaling of criminal activities, including financial crime, DDoS attacks, and scams.
Read Full Article
15 Likes
Securityaffairs
1M
367
Image Credit: Securityaffairs
Hertz disclosed a data breach following 2024 Cleo zero-day attack
- Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and Dollar brands.
- Threat actors gained access to customer data via Cleo zero-day exploits in late 2024.
- The breach exposed customer data, including names, contacts, DOB, credit card information, and driver's license information.
- Hertz confirmed Cleo addressed the breach, notified law enforcement and regulators, and offers 2 years of free Kroll identity monitoring.
Read Full Article
22 Likes
For uninterrupted reading, download the app