menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securityaffairs

2M

read

285

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Linux kernel vulnerability (CVE-2024-53104) to its Known Exploited Vulnerabilities catalog.
  • The Android security updates for February 2025 addressed 48 vulnerabilities, including the actively exploited zero-day flaw.
  • The vulnerability is a privilege escalation flaw in the Linux Kernel's USB Video Class driver, allowing elevation of privileges in low-complexity attacks.
  • CISA orders federal agencies to fix the vulnerability by February 26, 2025.

Read Full Article

like

17 Likes

share

4 Shares

source image

Hackers-Arise

2M

read

128

img
dot

Image Credit: Hackers-Arise

Introduction to the IoT/Embedded Linux: The OpenWRT Project

  • IoT/Embedded Linux: The OpenWRT Project is an open source project that develops small, embedded operating systems for routers and other IoT devices.
  • To understand and hack IoT devices, it's essential to be familiar with these tiny, embedded Linux operating systems.
  • The OpenWRT Project provides Linux images for various platforms, including x86, which can be run in a virtual machine.
  • By replacing the operating system in routers and network extenders, OpenWRT can be used to create malicious devices for intercepting cellphone calls.

Read Full Article

like

7 Likes

share

1 Share

source image

Medium

2M

read

317

img
dot

Arsenal 2024: Premier Aimbot and ESP Script

  • The futuristic digital landscape in Roblox Arsenal game features an advanced aimbot and ESP script.
  • The 2024 premier aimbot and ESP script is the best tool for players to improve their skills and climb the ranks.
  • Aimbot and ESP are the cool features of the Arsenal script that helps players win more and improve the game.
  • Players need to set up their system to get started with the Arsenal script and enter Roblox codes and login to use the aimbot technology.
  • Set your goal, optimize script performance, adjust settings, and follow best practices to unlock the full potential of the Robox Arsenal script.
  • Proper script configuration and optimizing techniques help make it run better and smoother, giving you the best experience while playing.
  • For account safety while playing, users can enable features like two-factor authentication and password protection provided by the Roblox website.
  • The Arsenal script is a strong tool for Roblox studio users that improves the game with its excellent features; players can dominate their game with aimbot technology, and ESP helps them detect players behind the walls.
  • ESP has many cool features like wall hacks, distance settings, and player detection that help enhance gaming experience; users need a Roblox account and promo codes for cool items and perks.
  • The Arsenal script helps the computer to run smoothly, making the playing experience more enjoyable without any worries.

Read Full Article

like

19 Likes

share

4 Shares

source image

TechCrunch

2M

read

206

img
dot

Image Credit: TechCrunch

New target of Paragon spyware comes forward

  • Italian nonprofit, Mediterranea Saving Humans, confirms one of its founders was targeted in Paragon spyware campaign against WhatsApp users.
  • Other targets have also come forward, including the director of an Italian news website and a Sweden-based activist critical of immigration policies in Italy.
  • The targets all share a commonality of being critical of the current Italian government.
  • Questions arise regarding whether the Italian government authorized the operation and if the Italian secret services use Paragon software.

Read Full Article

like

12 Likes

share

2 Shares

source image

Securityaffairs

2M

read

280

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

  • U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog.
  • The vulnerabilities added to the catalog include Apache OFBiz Forced Browsing Vulnerability, Microsoft .NET Framework Information Disclosure Vulnerability, Paessler PRTG Network Monitor OS Command Injection Vulnerability, and Paessler PRTG Network Monitor Local File Inclusion Vulnerability.
  • The CVE-2024-45195 vulnerability in Apache OFBiz is a high-severity flaw that allowed authenticated threat actors to execute code or SQL queries, leading to remote code execution.
  • CISA has ordered federal agencies to address the identified vulnerabilities by February 25, 2025 to protect their networks against attacks exploiting these flaws.

Read Full Article

like

16 Likes

share

3 Shares

source image

Idownloadblog

2M

read

36

img
dot

Image Credit: Idownloadblog

The best reasons to jailbreak an iPhone in 2025

  • Jailbreaking allows users to install hacks and add-ons that otherwise aren’t possible on a non-jailbroken device.
  • One of the most important reasons why the iDB team jailbreaks iPhones and iPads in 2025 is because of the jailbreak tweaks that we can use to make our device experience better.
  • While Apple has added several jailbreak tweak ideas to iOS, there are still quite a few that provide better functionalities.
  • Crane is a tweak that allows users to add multiple accounts on apps, something not possible in some apps available on iPhone and iPad.
  • NoFreeAppLimit tweak allows sideloading of more apps beyond the free account limit helping users use as many apps as they want.
  • CarBridge lets users add apps and features that are otherwise not allowed via CarPlay. SnowBoard enables theming of app icons on the Home screen surviving updates.
  • Translomatic, Snapper 3, Zetsu, Cardculator, Shijima, and No2Theft are other jailbreak tweak apps that aid users.
  • Jailbreak tweaks also help in unlocking features on unsupported devices, which would otherwise require purchasing of newer devices.
  • Additionally, jailbreaking a device allows access to its full file system and SSH capabilities, which can enable remote control and discreet actions.
  • Jailbreaking not only unlocks new possibilities on a device but also being part of a community that enjoys modding their handset.

Read Full Article

like

2 Likes

share

Share

source image

Securityaffairs

2M

read

87

img
dot

Image Credit: Securityaffairs

SparkCat campaign target crypto wallets using OCR to steal recovery phrases

  • A malicious campaign called SparkCat has been discovered, targeting crypto wallets.
  • Malware-laced apps were distributed through official stores and were downloaded over 242,000 times from Google Play.
  • The malware used OCR technology to scan the victim's gallery for images with recovery phrases to steal access to crypto wallets.
  • Localized keywords and apps supporting multiple countries were used in this campaign, targeting Android and iOS users in Europe and Asia.

Read Full Article

like

5 Likes

share

1 Share

source image

Securelist

2M

read

404

img
dot

Image Credit: Securelist

Investors, Trump and the Illuminati: What the “Nigerian prince” scams became in 2024

  • “Nigerian” spam is a collective term for messages designed to entice victims with alluring offers and draw them into an email exchange with scammers, who will try to defraud them of their money.
  • The original “Nigerian” spam emails were sent in the name of influential and wealthy individuals from Nigeria, hence the name of the scam.
  • The user is encouraged to reply to an email, and typically, scammers mention a large amount of money that they claim the recipient is entitled to.
  • Some emails offer alternative types of bait: investment opportunities, generous gifts, invitations to an exclusive community, and so on.
  • The body of 'Nigerian' scam emails often include email addresses registered with a free email service of the alleged benefactor or an agent, which may be different from the sender’s address.
  • The messages feature poorly written content, with a large number of mistakes and typos, and are generated by low-quality machine translation or large language models poorly trained.
  • Types of Nigerian email messages include Email from wealthy benefactors, Compensation scams, Lottery scams, User manipulated online dating scams and Spam for Businesses.
  • Recently, cybercriminals have used significant real-world events to pique the interest of their targets, such as the COVID-19 pandemic or the 2024 US presidential election.
  • To avoid becoming a victim, it recommended that email recipients are critical of any email allegedly sent from influential individuals and to avoid responding to messages from unverified senders altogether.
  • The importance of double-checking the information in an email should be noted. If the reply-to address is different from the sender’s address, or if you see a different address in the email body, there may be a chance that it is fraudulent.

Read Full Article

like

24 Likes

share

5 Shares

source image

TechCrunch

2M

read

9

img
dot

Image Credit: TechCrunch

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers

  • Zyxel, a router maker, has no plans to release a patch for two actively exploited vulnerabilities in its routers.
  • The vulnerabilities allow attackers to execute arbitrary commands, leading to system compromise, data exfiltration, or network infiltration.
  • The flaws were discovered by VulnCheck and reported to Zyxel in July 2023.
  • Zyxel advises customers to replace vulnerable routers with newer-generation products for better protection.

Read Full Article

like

Like

share

Share

source image

Securityaffairs

2M

read

110

img
dot

Image Credit: Securityaffairs

International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

  • The International Civil Aviation Organization (ICAO) is investigating a significant data breach that has raised concerns about the security of its systems and employees data.
  • The breach involved approximately 42,000 recruitment application data records from April 2016 to July 2024, affecting 11,929 individuals.
  • In a separate incident, the Arab Civil Aviation Organization (ACAO) was also targeted by cyberespionage groups.
  • The leaked data included logins, passwords, emails, titles, and communications of aviation safety specialists from various aviation organizations.

Read Full Article

like

6 Likes

share

1 Share

source image

Securelist

2M

read

257

img
dot

Image Credit: Securelist

Take my money: OCR crypto stealers in Google Play and App Store

  • Google Play and the App Store were infiltrated with malware apps that stole crypto wallet phrases from over 242,000 downloads done by unaware users. This is the first time a stealer had been found in Apple’s App Store.
  • A team of researchers from ESET discovered the malware implants in various messaging app mods, with some scanning users’ image galleries to search for crypto wallet access recovery phrases.
  • The malware stretched across both Android and Windows devices, with the scam spreading through unofficial sources.
  • The “SparkCat” malware campaign was discovered in late 2024 using functions very similar to the messaging app mods for stealing recovery phrases for crypto wallets through apps within the official App Store and Google Play.
  • A food delivery app in the UAE and Indonesia, named “ComeCome,” was particularly suspect during the investigation, with the malware module literally named “Spark”.
  • The campaign targeted in particular, crypto wallet recovery phrases, which have the power to provide full control over an individual’s wallet to steal funds.
  • The malware is also flexible enough to steal other sensitive data from image galleries, such as passwords.
  • The attackers have not yet been identified, and the malware apps were found in various languages hidden in the official app marketplaces, giving the false impression that permissions requested were necessary for the apps to operate correctly.
  • The ESET investigation exposes how easy it is for malware to hide inside otherwise legitimate-looking applications and the importance of running a robust security product on all devices.
  • Users are reminded to avoid storing screenshots with sensitive information in the gallery and to store sensitive information in special apps.

Read Full Article

like

15 Likes

share

3 Shares

source image

TechJuice

2M

read

295

img
dot

Image Credit: TechJuice

Grubhub Investigates Security Issue After User Data Exposure

  • Grubhub, one of the pioneers in online meal delivery, is investigating a security issue after a data breach.
  • A third-party contractor who served Grubhub's support team was infiltrated, allowing hackers to access personal data of users, merchants, and delivery drivers.
  • The stolen data includes names, email addresses, phone numbers, and partial payment details of some users.
  • The investigation is ongoing, and Grubhub urges users to update their passwords regularly and be cautious of phishing emails.

Read Full Article

like

17 Likes

share

4 Shares

source image

Securityaffairs

2M

read

1k

img
dot

Image Credit: Securityaffairs

Online food ordering and delivery platform GrubHub discloses a data breach

  • Online food ordering and delivery platform GrubHub disclosed a data breach that exposed customer and driver information.
  • An investigation revealed that attackers compromised an account associated with a third-party support services provider, which was promptly locked out and removed by GrubHub.
  • Compromised data included names, emails, phone numbers, partial card info, and hashed passwords from legacy systems. Passwords were reset for affected accounts.
  • No passwords associated with Grubhub Marketplace accounts were accessed, but customers are advised to use unique passwords as a precaution.

Read Full Article

like

23 Likes

share

5 Shares

source image

Minis

9M

read

1.5k

img
dot

Image Credit: Minis

995 Crore Passwords Stolen In Biggest Data Breach Ever: Report

  • In what's being called the largest data breach ever, 995 crore passwords were leaked by a hacker known as "ObamaCare".
  • The dataset, named Rockyou2024, combines passwords from various breaches, posing a significant risk of credential stuffing and unauthorized access. This compilation, alongside other leaked databases, could lead to widespread data breaches, financial fraud, and identity thefts.
  • Cybernews researchers urge enhanced cyber hygiene practices to mitigate risks. The breach underscores the critical need for robust cybersecurity measures globally, emphasizing the ongoing threat posed by large-scale data breaches.

Read Full Article

like

28 Likes

share

11 Shares

source image

Minis

9M

read

2.6k

img
dot

Image Credit: Minis

Shadowy hacker claims he has data of 375 million Airtel users, Airtel says no breach in its systems

  • A hacker claims to possess data of 375 million Airtel users, including sensitive information like phone numbers, Aadhaar numbers, and more.
  • Airtel denies any breach, attributing the claim to misinformation aimed at damaging its reputation. The alleged data sale surfaced on forums frequented by cybercriminals, sparking concerns despite Airtel's assurances.
  • Security experts debate the validity of the claim, urging vigilance in cyber hygiene practices like password updates, monitoring accounts, enabling 2FA, and avoiding phishing. Airtel emphasizes its systems' security while acknowledging past data breaches in Indian companies.

Read Full Article

like

24 Likes

share

6 Shares

Prev

20
21
22
23
24
25
26
27
28
29
30

Next

For uninterrupted reading, download the app