Hacker News | Latest Cyber Hacking News on Techminis

A naukri.com initiative

New

Home

Hacking News

Hackers-Arise

127

Image Credit: Hackers-Arise

Intermediate Cryptography: In the Crypto Wars, ChaCha20 is your new weapon of choice.

Cryptography is a fundamental skill in cybersecurity used for storing passwords, exchanging keys, and encrypting data streams and storage.
ChaCha20, a symmetric stream cipher, is gaining popularity for securing data streams due to its speed, security, and simplicity.
ChaCha20 works by generating a keystream for encryption, providing speed, resistance to attacks, and flexibility for encrypted data streams.
ChaCha20 is preferred for its speed and security in real-world applications such as TLS 1.3, WireGuard VPN, mobile apps, and HTTPS traffic.

Read Full Article

7 Likes

TechCrunch

221

Image Credit: TechCrunch

Hacked, leaked, exposed: Why you should never use stalkerware apps

Stalkerware companies losing massive customer and victim data due to hacks and leaks.
At least 26 stalkerware companies breached, exposing sensitive personal information since 2017.
Data leaks from companies like Catwatchful, SpyX, Cocospy, mSpy, exposing millions.
Eva Galperin from EFF states industry is a 'soft target' for hackers, risking user data.
Stalkerware use unethical, illegal, and poses risks due to numerous data breaches.

Read Full Article

13 Likes

Securityaffairs

272

Image Credit: Securityaffairs

U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting

The U.S. Treasury sanctions Russia's Aeza Group and affiliates for aiding cybercriminals through bulletproof hosting services.
Bulletproof hosting services allow cybercriminals to host malicious content and evade shutdown attempts by authorities.
The sanctions target Aeza Group subsidiaries and key figures involved in managing cybercrime-supporting infrastructure.
The U.S., UK, and Australia recently sanctioned another Russian bulletproof hosting provider, Zservers/XHost, for supporting ransomware operations.

Read Full Article

16 Likes

Siliconangle

391

Image Credit: Siliconangle

Cofense uncovers dramatic rise in phishing attacks using Spain’s .es domains

Cofense reports a significant increase in malicious activities using Spain’s .es top-level domain for phishing attacks, with a 19-fold surge from Q4 2024 to Q1 2025.
Threat actors are utilizing .es domains to host second-stage phishing pages, primarily impersonating Microsoft services like Outlook alongside other companies like Adobe, Google, and Docusign.
About 99% of the identified malicious .es domains are hosted on Cloudflare's infrastructure, potentially raising concerns about the ease of deploying malicious content using modern tools.
Cofense advises organizations to enhance their detection strategies, focusing on subdomain monitoring and brand spoofing detection, as domain abuse patterns serve as early warning signs for evolving threat activities.

Read Full Article

23 Likes

Discover more

Securityaffairs

272

Image Credit: Securityaffairs

Qantas confirms customer data breach amid Scattered Spider attacks

Qantas confirmed a cyberattack where hackers accessed customer data through a third-party platform, linked to ongoing Scattered Spider cyber breaches.
The airline detected and contained the breach, securing core systems but estimating that up to 6 million customer records may have been compromised.
Qantas is enhancing security measures, notifying authorities, and providing support to affected customers, with ongoing updates through official channels.
Scattered Spider, known for targeting the aviation industry, uses social engineering and ransomware tactics, prompting collaboration with the FBI and industry partners.

Read Full Article

16 Likes

Securityaffairs

Image Credit: Securityaffairs

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

Google patched a Chrome vulnerability, CVE-2025-6554, in response to an exploit in the wild that allows for arbitrary read/write actions.
The vulnerability is a type-confusing issue in the V8 JavaScript and WebAssembly engine, with an exploit known to be in the wild.
The exploit allows attackers to perform memory corruption, crashes, or execute arbitrary code by treating data incorrectly.
CVE-2025-6554 is the fourth Chrome zero-day vulnerability addressed by Google in 2025, with other zero-days having been mitigated earlier this year.

Read Full Article

3 Likes

Securityaffairs

213

Image Credit: Securityaffairs

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog.
Two flaws affecting TeleMessage TM SGNL added to the KEV catalog with CVE-2025-48927 and CVE-2025-48928.
CVE-2025-48927 involves insecure default vulnerability due to misconfigured Spring Boot Actuator.
CVE-2025-48928 exposes core dump file with heap content including passwords sent over HTTP.

Read Full Article

12 Likes

Hackersking

153

Image Credit: Hackersking

Prizmatem: Revolutionizing Digital Security and Privacy

Prizmatem is a next-generation digital security platform focusing on encryption, anonymous browsing, and peer-to-peer messaging to enhance online privacy.
Key features of Prizmatem include end-to-end encryption, decentralized network architecture, zero data logging, multi-layered identity protection, and cross-platform integration.
Prizmatem benefits individuals, businesses, and developers by providing enhanced privacy, secure communication, and ease of integration into various applications.
The platform's user-friendly interface, regular updates, global community support, and future developments in AI threat detection and quantum-resistant encryption make it a top player in the cybersecurity industry.

Read Full Article

9 Likes

Hackersking

417

Image Credit: Hackersking

Understanding iCryptox.com Security: How Safe Is Your Crypto?

iCryptox.com is a web-based cryptocurrency exchange known for allowing users to buy, sell, and swap various digital assets like Bitcoin and Ethereum.
Key security features of iCryptox.com include Two-Factor Authentication (2FA), SSL Encryption, Cold Wallet Storage, Real-Time Monitoring, and Withdrawal Whitelisting.
Users have praised iCryptox.com for its ease of use, responsive support team, and fast withdrawal times, but some are concerned about the lack of clear information on the company's leadership and location.
While iCryptox.com has robust security measures in place, users are advised to perform due diligence, use strong passwords, avoid phishing scams, and verify URLs to enhance their safety while trading cryptocurrencies.

Read Full Article

25 Likes

Securityaffairs

166

Image Credit: Securityaffairs

A sophisticated cyberattack hit the International Criminal Court

The International Criminal Court (ICC) is investigating a sophisticated cyberattack that was recently detected and contained.
The ICC confirmed that the cyberattack was discovered and addressed by its defense systems, marking the second attack of this nature in recent years.
The ICC stresses the importance of notifying the public and States Parties about cyber incidents and seeks ongoing support for its pursuit of justice and accountability.
Technical details about the cyberattack were not disclosed, and it remains uncertain whether a data breach occurred. The ICC is an international tribunal headquartered in The Hague, Netherlands.

Read Full Article

10 Likes

Hackers-Arise

106

Image Credit: Hackers-Arise

NeuraLink: What Could Possibly Go Wrong? The ultimate invasion—reading or leaking your innermost thoughts?

Neuralink introduces brain-computer interfaces, a new frontier in cybersecurity and IoT hacking.
Attack methods include wireless hijacking, malware in the app, side-channel attacks, and physical exploitation.
Consequences of successful attacks may lead to physical harm, mind manipulation, and privacy invasion.
Neuralink-style brain augmentation poses ultimate cybersecurity challenges, demanding robust security measures for protection.

Read Full Article

6 Likes

Securityaffairs

422

Image Credit: Securityaffairs

Esse Health data breach impacted 263,000 individuals

A cyberattack on healthcare provider Esse Health in April 2025 exposed data of 263,000+ patients, including SSNs and medical info.
The breach, discovered on April 21, affected electronic medical records and phone systems.
Stolen data included names, Social Security numbers, medical, and insurance info, impacting 263,601 people.
Esse Health is enhancing security measures to prevent future incidents and offering free identity protection to affected individuals.

Read Full Article

25 Likes

Kaspersky

269

Image Credit: Kaspersky

The top-five funny school, social media, and IoT hacks | Kaspersky official blog

Hacks include prank traffic lights, classroom Rickroll, robot vacuums, Lenovo website, Twitter pranks.
Hackers targeted traffic lights with Zuckerberg and Musk voices, students performed classroom Rickroll.
Ecovacs robot vacuums hacked, Lenovo website defaced, Twitter accounts hijacked for pranks.
Lessons learned: avoid weak passwords, use strong, unique passwords for online security.

Read Full Article

16 Likes

Hackers-Arise

363

Image Credit: Hackers-Arise

Wi-Fi Hacking: The Nearest Neighbor Attack, Attacking Your Neighbor Through the Backdoor

Wi-Fi attacks have evolved with the introduction of the Nearest Neighbor attack, allowing attackers to compromise distant Wi-Fi networks by exploiting weak security in neighboring organizations.
The Nearest Neighbor attack was first utilized by the Russian APT group Fancy Bear to target organizations in Washington, DC, showcasing the potential threat posed by this technique.
The attack involves steps like identifying targets and neighbors, compromising a weaker neighbor's network, locating a dual-homed device, scanning for the target's Wi-Fi, authenticating to the target's Wi-Fi using stolen credentials, and establishing a foothold within the target's network.
The Nearest Neighbor attack highlights the importance of enforcing MFA for Wi-Fi authentication, securing neighbor networks, monitoring for unusual Wi-Fi connections, and disabling dual-homed devices to defend against such threats.

Read Full Article

21 Likes

Securityaffairs

418

Image Credit: Securityaffairs

GDPR violations prompt Germany to push Google and Apple to ban DeepSeek AI

Germany requested Google and Apple to remove DeepSeek AI from their app stores due to GDPR violations related to unlawful data collection and transfers to China.
Berlin's Commissioner for Data Protection cited DeepSeek AI for processing extensive personal data of users, including chats and files, and transferring it to servers in China without adequate data protection measures.
The Berlin Commissioner used the Digital Services Act to report DeepSeek AI to Apple and Google after the company failed to comply with requests to address GDPR violations. This was done in coordination with state data protection officers and the Federal Network Agency.
Due to concerns over lack of EU safeguards and adequacy decisions for data transfers to China, DeepSeek AI has faced scrutiny from European authorities for violating GDPR standards, leading to calls for its removal from app stores.

Read Full Article

25 Likes

For uninterrupted reading, download the app