A naukri.com initiative
Hacking News
Hackingblogs
1w
305
Image Credit: Hackingblogs
Bug Bounty 10-Day Complete Free Training: Day7 – Exploiting Easy Bugs
- Dipanshu Kumar hosts a free 10-day Bug Bounty course focusing on improving bug-hunting skills and exploiting vulnerabilities efficiently.
- Day 7 introduces exploitation techniques such as subdomain takeover, GitHub Dorks, and information leaks via GitHub.
- The focus is on finding low-hanging bugs quickly to maximize rewards, targeting areas like subdomain takeover, GitHub, and cloud services.
- Subdomain takeover occurs when a subdomain points to an unused resource, allowing hackers to gain control of it.
- Steps for exploiting subdomain takeover flaws include checking subdomains, identifying vulnerable applications, and taking control of subdomains.
- GitHub Dorks can be used to find sensitive information like passwords, API keys, and more in GitHub repositories.
- The example of finding a secret key in the source code demonstrates the potential risks of sensitive data exposure.
- Various GitHub Dorks are provided for hunting purposes, targeting file extensions, configuration files, and other sensitive information.
- Readers are encouraged to regularly search for subdomain takeovers and exposed information to maximize bug bounty hunting success.
- The article concludes with a preview of upcoming topics on information disclosure strategies and more complex vulnerabilities.
Read Full Article
18 Likes
Securityaffairs
1w
169
Image Credit: Securityaffairs
RansomHub affiliate uses custom backdoor Betruger
- Symantec researchers have identified a custom backdoor, named Betruger, linked to an affiliate of the RansomHub operation in recent ransomware attacks.
- Betruger is a multi-function backdoor used for ransomware attacks that combines several features to minimize detection, such as screenshot capture, credential theft, keystroke logging, network scanning, and privilege escalation.
- The backdoor is disguised as 'mailer.exe' or 'turbomailer.exe' to appear legitimate, but lacks mailing functions.
- RansomHub, run by the cybercrime group Greenbottle, has become the most prolific ransomware operation, attracting affiliates by offering better terms and a higher percentage of ransom payments.
Read Full Article
10 Likes
Securelist
1w
407
Image Credit: Securelist
Threat landscape for industrial automation systems in Q4 2024
- In Q4 2024, 21.9% of ICS computers had malicious objects blocked, a decrease of 0.1 pp from the previous quarter.
- Regionally, Africa had the highest percentage (31%), while Northern Europe had the lowest (10.6%).
- The biometrics sector had the highest percentage of blocked malicious objects among industries.
- Kaspersky's protection solutions blocked malware from 11,065 different families on ICS systems in Q4 2024.
- Primary threat sources include the internet, email clients, and removable storage devices.
- Malicious objects for initial infection included denylisted internet resources and phishing pages.
- The percentage of ICS computers with blocked malicious scripts and phishing pages rose to 7.11% in Q4.
- Spyware blocking increased to 4.30%, while ransomware blocking reached its highest value in two years at 0.21%.
- Next-stage malware such as spyware, ransomware, and miners were utilized after initial infections.
- Self-propagating malware (worms and viruses) saw increased block rates in Q4 2024.
Read Full Article
24 Likes
Securityaffairs
1w
182
Image Credit: Securityaffairs
Cisco Smart Licensing Utility flaws actively exploited in the wild
- Experts warn of the active exploitation of two recently patched security vulnerabilities affecting Cisco Smart Licensing Utility.
- The vulnerabilities are CVE-2024-20439, a static credential backdoor, and CVE-2024-20440, an information disclosure flaw.
- Attackers can exploit the backdoor to access sensitive log files, and the disclosure of exploit details has led to recent attack activity.
- Cisco has released software updates to fix the vulnerabilities, but researchers warn that the flaws are actively being exploited in attacks.
Read Full Article
10 Likes
Coinpedia
1w
314
Image Credit: Coinpedia
Bybit Hack Update: Chase to Recover $1.4B Continues, 89% Still Traceable!
- Cryptocurrency exchange Bybit suffered a $1.4 billion hack by North Korea's Lazarus Group.
- 88.87% of the stolen funds still remain traceable, with 3.54% frozen and 7.59% lost.
- Bybit has launched a large-scale effort to recover the stolen funds, with support from top blockchain security firms and crypto organizations.
- The incident highlights the increasing threat of sophisticated cyberattacks in the cryptocurrency sector.
Read Full Article
18 Likes
Analyticsindiamag
1w
93
Image Credit: Analyticsindiamag
Developers Beware! AI Coding Tools May Aid Hackers
- Researchers have uncovered a new supply chain attack vector named 'Rules File Backdoor' that enables hackers to compromise AI-generated code by injecting hidden malicious instructions.
- The instructions are injected into rule files used by AI coding assistants like Cursor and GitHub Copilot, allowing the malicious code to silently propagate through projects.
- The attack is unnoticeable to users and can affect millions of end users through compromised code, enabling hackers to override security controls and generate vulnerable code.
- To stay safe from these attacks, researchers recommend auditing existing rules, implementing validation processes, and deploying detection tools for AI-generated code review.
Read Full Article
5 Likes
Securityaffairs
1w
340
Image Credit: Securityaffairs
Pennsylvania State Education Association data breach impacts 500,000 individuals
- A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals.
- The data breach occurred on or about July 6, 2024, and was confirmed in a investigation completed on February 18, 2025.
- Compromised personal information included names, dates of birth, driver's license numbers, social security numbers, account numbers, and health insurance information.
- The Pennsylvania State Education Association is providing affected individuals with one year of free credit monitoring and identity restoration services.
Read Full Article
20 Likes
Securityaffairs
1w
144
Image Credit: Securityaffairs
Veeam fixed critical Backup & Replication flaw CVE-2025-23120
- Veeam has fixed a critical Backup & Replication flaw CVE-2025-23120.
- The vulnerability could allow remote code execution and impacted version 12.3.0.310 and earlier.
- The issue was reported by security researcher Piotr Bazydlo of watchTowr.
- Veeam's patch blocks the identified gadgets, but further deserialization vulnerabilities may still exist.
Read Full Article
8 Likes
Securityaffairs
1w
251
Image Credit: Securityaffairs
U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog.
- The vulnerabilities included in the catalog are CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability, CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability, and CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability.
- CVE-2025-1316 refers to an OS command injection vulnerability in Edimax IC-7100 IP cameras that is actively being exploited in the wild.
- CISA has ordered federal agencies to address the vulnerabilities by April 9, 2025, and recommends private organizations to review and fix the vulnerabilities in their infrastructure.
Read Full Article
15 Likes
Securityaffairs
1w
340
Image Credit: Securityaffairs
CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
- CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members.
- In March 2025, threat actors distributed archived messages through Signal containing a fake PDF report and DarkTortilla malware.
- The purpose was to deploy the Dark Crystal RAT (DCRat) remote control software tool, which has modular functionalities for surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.
- The attack highlights the broadening attack surface through the use of popular instant messaging apps, bypassing security measures and compromising contacts to increase trust.
Read Full Article
20 Likes
NullTX
1w
264
Image Credit: NullTX
North Korean Hackers Amass $1.14 Billion in Bitcoin Amid Bybit Attack; OKX Temporarily Suspends DEX Aggregator
- North Korean hackers, known as the Lazarus Group, have amassed a staggering 13,562 BTC, worth about $1.14 billion, following a recent Bybit attack.
- The Lazarus Group converted stolen Ethereum into Bitcoin, making North Korea one of the largest state-sponsored holders of Bitcoin globally.
- This puts North Korea ahead of countries like El Salvador and Bhutan in terms of Bitcoin holdings, ranking behind the U.S. and the U.K.
- The Lazarus Group has a history of cyber attacks on cryptocurrency exchanges and organizations, now focusing on building up their Bitcoin reserves.
- The international community is concerned about how cryptocurrencies might aid rogue states like North Korea in bypassing global financial regulations.
- OKX, a major crypto exchange, has temporarily suspended its DEX aggregator to combat potential exploits by the Lazarus Group targeting DeFi platforms.
- State-sponsored cybercriminals like the Lazarus Group pose a growing risk to the stability and security of the global crypto market.
- Cryptocurrency exchanges, DeFi platforms, and regulators need to enhance their security measures to fend off the increasing threat of cybercrime.
- The events surrounding the Bybit attack underscore the importance of heightened vigilance in the crypto industry amid a rise in cybercrime incidents.
- The rise of state-sponsored cybercrime highlights the need for stronger regulation and security measures in the evolving cryptocurrency ecosystem.
Read Full Article
15 Likes
Hackingblogs
1w
247
Image Credit: Hackingblogs
Bug Bounty 10-Day Complete Free Training: Day6 – Ending Reconnaissance
- The Bug Bounty 10-Day Complete Free Training Day 6 focuses on ending reconnaissance, with a deep dive into key techniques for bug hunting by Dipanshu Kumar.
- The training provides practical advice and hands-on experience to enhance vulnerability discovery in bug bounty programs, regardless of experience level.
- Topics covered include the importance of wordlists in bug bounty hunting for identifying hidden resources, such as subdomains, directories, and files.
- Tools like crt.sh, Sublist3r.py, and Gobuster are discussed for subdomain enumeration and brute forcing.
- The use of robots.txt for reconnaissance in bug bounty hunting to identify potential attack surfaces and sensitive areas on websites is highlighted.
- Commonspeak is introduced as a tool for generating custom wordlists using data from the Commoncrawl archive.
- The importance of subdomain enumeration in bug bounty hunting and tools like Sublist3r and Gobuster for automating the process are emphasized.
- Day 7 will shift focus to the exploitation phase, covering quick wins like subdomain takeover and more complex vulnerabilities including SQL Injection, IDOR, SSRF, and XSS.
Read Full Article
14 Likes
Idownloadblog
1w
282
Image Credit: Idownloadblog
Nugget to get video wallpaper support after first rolling out standard animated wallpapers in v5
- Nugget version 5.0 will introduce animated wallpaper options to iOS and iPadOS devices.
- A subsequent update to Nugget will add support for video wallpapers using .mov files.
- Video wallpapers are actual video files from the device's Photo Library that can be used as wallpapers.
- Video wallpaper support will be likely introduced in Nugget version 5.1.
Read Full Article
16 Likes
Securityaffairs
1w
333
Image Credit: Securityaffairs
WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware
- WhatsApp has fixed a zero-click, zero-day vulnerability that was used to install Paragon's Graphite spyware on targeted devices.
- The hacking campaign targeting 90 users, which was suspected to be carried out by Paragon, an Israeli commercial surveillance vendor.
- Citizen Lab group from the University of Toronto shared its analysis of Paragon's infrastructure with WhatsApp, which later discovered and mitigated the exploit.
- Citizen Lab identified Paragon's tool 'Graphite' through digital fingerprints and certificates, indicating its global spyware operations involving several countries.
Read Full Article
20 Likes
Guardian
1w
55
Image Credit: Guardian
UK cybersecurity agency warns over risk of quantum hackers
- The UK's cybersecurity agency is urging organisations to protect their systems from quantum hackers by 2035.
- The National Cyber Security Centre (NCSC) has issued guidance recommending the use of 'post-quantum cryptography' to prevent quantum technology from being used to breach systems.
- Quantum computers have the potential to solve the hard mathematical problems that underpin current encryption methods, posing a threat to digital encryption.
- The NCSC recommends large entities, critical national infrastructure operators, and companies with bespoke IT systems to implement post-quantum cryptography by 2035.
Read Full Article
3 Likes
For uninterrupted reading, download the app