A naukri.com initiative
Hacking News
Medium
2w
330
Image Credit: Medium
Wireless Network Security | Professional Hacking Services
- Wireless network security refers to measures taken to protect wireless networks, devices, and data from unauthorized access and interception.
- Key aspects of wireless network security include encryption, authentication, access control, and intrusion detection/prevention.
- Wireless networks are vulnerable to interception as data is transmitted via radio waves.
- Securing wireless networks requires strong encryption, regular updates, and a comprehensive security policy.
Read Full Article
19 Likes
Securityaffairs
2w
212
Image Credit: Securityaffairs
LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
- The US Justice Department announced that the LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
- Rostislav Panev, a dual Russian-Israeli national, was arrested in Israel in 2024 and faces charges related to his involvement in the LockBit ransomware operation.
- The LockBit ransomware group targeted over 2,500 victims worldwide, including 1,800 in the United States, and caused billions in damages by extracting $500 million in ransoms.
- Panev admitted to coding, developing, and consulting for the LockBit group, including developing code to disable antivirus software, deploy malware, and print ransom notes to victim networks.
Read Full Article
12 Likes
TechCrunch
2w
303
Image Credit: TechCrunch
Accused LockBit ransomware developer extradited to the US
- Rostislav Panev, a dual Russian and Israeli national, has been extradited from Israel to the US.
- Panev is accused of being a key developer for the LockBit ransomware gang.
- He was arrested in Israel in December 2024 and had been awaiting extradition.
- Panev and other LockBit developers designed the gang's malware and maintained its infrastructure.
Read Full Article
18 Likes
Securityaffairs
2w
82
Image Credit: Securityaffairs
SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks
- Operators behind the SuperBlack ransomware exploited two vulnerabilities in Fortinet firewalls for recent attacks.
- Threat actor named 'Mora_001' used Russian-language artifacts and exhibited unique operational signature.
- SuperBlack ransomware is tracked as an independent entity capable of independent intrusions.
- Exploited vulnerabilities include CVE-2024-55591 and CVE-2025-24472 in FortiOS and FortiProxy.
Read Full Article
4 Likes
Medium
2w
377
Image Credit: Medium
Black-boxing the Z3 Solver: Solve equations and more using Z3
- Z3 is an SMT solver that can be used for formal verification, model checking, and other purposes.
- It combines the power of SAT solvers and other types of solvers to handle more complicated formulas involving multiple theories.
- Z3 can be applied to solve a variety of problems, including cracking binaries, solving equations, and control flow analysis.
- With some knowledge about Z3, users can tackle complex problems like Rubik's cube, Sudoku, and magic squares.
Read Full Article
22 Likes
Securityaffairs
2w
95
Image Credit: Securityaffairs
U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog
- U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog.
- CISA added the vulnerabilities CVE-2025-21590 and CVE-2025-24201 to its Known Exploited Vulnerabilities catalog.
- CVE-2025-21590 is an Improper Isolation or Compartmentalization issue in Juniper Networks Junos OS that allows local attackers to compromise device integrity.
- CVE-2025-24201 is an out-of-bounds write issue exploited in sophisticated attacks; Apple released emergency security updates for it.
Read Full Article
5 Likes
Securityaffairs
2w
200
Image Credit: Securityaffairs
GitLab addressed critical auth bypass flaws in CE and EE
- GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE).
- GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE), including two critical ruby-saml authentication bypass issues.
- The vulnerabilities could allow attackers to impersonate users within the same SAML IdP, leading to potential data breaches and privilege escalation.
- GitLab encouraged affected users to upgrade to the latest version and suggested security measures for those unable to update immediately.
Read Full Article
12 Likes
Securityaffairs
2w
178
Image Credit: Securityaffairs
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
- North Korea-linked APT group ScarCruft has been using a new Android spyware called KoSpy to target Korean and English-speaking users.
- KoSpy has been observed masquerading as utility apps like Phone Manager and File Manager, and has been distributed through the Google Play Store and Firebase Firestore.
- The spyware collects SMS, calls, location, files, audio, and screenshots through plugins, and communicates with its C2 servers for further exploitation.
- Researchers have found connections between KoSpy, APT37, and APT43, suggesting broader cyber-espionage operations targeting Korean users.
Read Full Article
10 Likes
Securityaffairs
2w
261
Image Credit: Securityaffairs
Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities
- Researchers warn of a 'coordinated surge' in the exploitation attempts of SSRF vulnerabilities in multiple platforms.
- The surge in SSRF exploitation is believed to be the result of a coordinated attack, with attackers scanning infrastructure and attempting to exploit multiple vulnerabilities simultaneously.
- Most of the targeted entities are located in the United States, Germany, Singapore, India, Lithuania, Japan, and Israel.
- Organizations are advised to patch and secure affected systems, apply mitigations for targeted vulnerabilities, and monitor for suspicious outbound requests.
Read Full Article
15 Likes
Siliconangle
2w
178
Image Credit: Siliconangle
February sets record for highest number of ransomware attacks ever reported
- February 2025 experienced the highest number of ransomware attacks ever reported, with 962 victims.
- The surge in attacks highlights a growing ransomware crisis, with cybercriminals exploiting software vulnerabilities.
- Clop ransomware group was responsible for 335 attacks, exploiting high-severity vulnerabilities in Cleo file transfer software.
- Ransomware attackers are now targeting edge network devices and using a two-stage process to maximize impact and evade detection.
Read Full Article
10 Likes
Securityaffairs
2w
426
Image Credit: Securityaffairs
Meta warns of actively exploited flaw in FreeType library
- Meta warns of actively exploited flaw in FreeType library
- A vulnerability in the FreeType library (CVE-2025-27363) may have been actively exploited in the wild.
- The out-of-bounds write flaw in FreeType versions 2.13.0 and below can lead to arbitrary code execution.
- Multiple Linux distributions are affected by the vulnerability and users are urged to update to FreeType 2.13.3.
Read Full Article
25 Likes
Securityaffairs
2w
21
Image Credit: Securityaffairs
Medusa ransomware hit over 300 critical infrastructure organizations until February 2025
- The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025.
- The FBI, CISA, and MS-ISAC have issued a joint advisory on Medusa ransomware.
- Medusa is a ransomware-as-a-service (RaaS) variant that has impacted various critical infrastructure sectors, including medical, education, legal, insurance, technology, and manufacturing.
- Medusa operators employ various techniques and tools to gain unauthorized access, move laterally, perform reconnaissance, encrypt files, and conduct double extortion schemes.
Read Full Article
1 Like
Medium
2w
252
Image Credit: Medium
AI Hacking: Is It Possible to Hack AI in Today’s World?
- AI hacking is possible, although modern AI systems are highly advanced and secure.
- There are various ways AI can be hacked, including misleading inputs, sensitive data extraction, manipulated training data, and exploiting vulnerabilities in AI-powered APIs.
- The success rate of AI hacking ranges from 20-50%, depending on the security level and the hacker's expertise.
- Hacking AI requires advanced tools and techniques, and the cost depends on the type of attack.
Read Full Article
15 Likes
Hackersking
2w
195
Image Credit: Hackersking
QRL Jacking Technique Used By Hackers To Access WhatsApp Web Session | Explained
- QRL Jacking is a technique used by hackers to access WhatsApp Web sessions without physically interacting with the victim's device.
- The attacker sends a malicious link to the target device, tricking them into scanning their WhatsApp QR code.
- By capturing the WhatsApp Web session, the hacker can read, spy on, or respond to messages.
- The QRLJacking tool, when used along with the Firefox browser, allows the attacker to carry out this technique.
Read Full Article
11 Likes
Hackersking
2w
418
Image Credit: Hackersking
Screen Stream Over HTTP: Effortless Screen Sharing Made Simple
- Screen Stream Over HTTP is an app that allows users to stream their mobile device's screen to any browser via a shared Wi-Fi network.
- The app offers a simple and intuitive interface, making it accessible for all skill levels.
- Key features include web-based viewing on any browser, real-time streaming with low latency, and privacy and security measures.
- Use cases for Screen Stream Over HTTP include education, remote troubleshooting, and personal screen sharing.
Read Full Article
25 Likes
For uninterrupted reading, download the app