Hacker news In general, content that can be submitted is defined as "anything that gratifies one's intellectual curiosity. Nov 19, 2024 · Truesec, in an analysis published earlier this month, detailed Helldown attack chains that have been observed making use of internet-facing Zyxel firewalls to obtain initial access, followed by carrying out persistence, credential harvesting, network enumeration, defense evasion, and lateral movement activities to ultimately deploy the ransomware. Cyberattacks and Hacks. "MintsLoader is a PowerShell based malware loader that has Oct 21, 2024 · Hi there! Here's your quick update on the latest in cybersecurity. Jan 27, 2025 · I've been in high tech for 30 years, and I've been laid off many times, most often from failed start ups. Iranian Hackers Deploy New IOCONTROL Malware — Iran-affiliated threat actors have been linked to a new custom malware called IOCONTROL that's designed to target IoT and operational technology (OT) environments in Israel and the United States. Feb 22, 2024 · Another channel was created, and their activities continued. Show HN: I made an open-source laptop from scratch (byran. 5 days ago · Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials. Sep 23, 2024 · Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. Our Hacker News category delivers up-to-the-minute coverage on hacker activities, breaches, and exploits. Oct 10, 2024 · Some of the cyber operations highlighted by OpenAI are as follows - SweetSpecter, a suspected China-based adversary that used its AI models for LLM-informed reconnaissance, vulnerability research, scripting support, anomaly detection evasion, and development. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning May 13, 2024 · Are your browser extensions safe? 33% in most orgs aren't! Learn to protect your data with insights from the 2024 Browser Security Report. 5,153 likes · 413 talking about this. Dec 18, 2024 · The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis. ie) 46 points by The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. Dec 9, 2024 · > Forward secrecy is designed to prevent the compromise of a long-term secret key from affecting the confidentiality of past conversations. Hacker News Search: Following the release of iOS 13 and iPadOS earlier this week, Apple has issued an advisory warning iPhone and iPad users of an unpatched security bug impacting third-party keyboard apps. " Please read the Show HN rules and tips before posting. Dec 30, 2024 · Every week, the digital world faces new challenges and changes. Each webinar is led by a cybersecurity expert with years of experience in the field, ensuring that you receive top-quality, up-to-date information and Hacker News Search: Dec 11, 2024 · This includes the use of reverse proxy programs such as Rakshasa and Stowaway, as well as asset discovery and identification tools, keyloggers, and password stealers. The 20 highest-rated articles on Hacker News in the 7 days ending January 04, 2025 which have not appeared on any previous Hacker News Weekly are: These are jobs at YC startups. Jan 23, 2025 · An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. Some hacktivist groups have developed strong DDoS capabilities, while others are rather noisy ab Hacker News Search: Dec 11, 2024 · In a series of reports published in late October 2024 under the name Pacific Rim, Sophos revealed that it had received a "simultaneously highly helpful yet suspicious" bug bounty report about the flaw in April 2020 from researchers associated with Sichuan Silence's Double Helix Research Institute, one day after which it was exploited in real-world attacks to steal sensitive data using the Nov 11, 2024 · Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Pretty much none of that. Hacker News is a website where hackers can share and discuss news, stories, projects, and ideas related to technology, science, and culture. Hacker News Nov 26, 2024 · The disclosure comes as 15 different Chinese hacking groups out of a total of 60 named threat actors have been linked to the abuse of at least one of the top 15 routinely exploited vulnerabilities in 2023, according to VulnCheck. Hacktivists target private and Government organizations alike, and we have seen that hacktivist groups can take down even the biggest national or international websites. See more at ycombinator. 1. As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Dec 5, 2024 · A suspected Chinese threat actor targeted a large U. Some of the domains that have fallen prey to the attacks include an entertainment company, an IPTV service provider, a law firm, an orthopedic and cosmetic supplier, a Thai online apparel store, and a tire sales firm. Lists - Hacker News Search: The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread. Stay updated with the latest tech news, startup information, and technical discussions from Hacker News. Go forward a day. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. I _strongly_ disagree with a fully cynical response of working only to contract, leveraging job offers for raises, etc. " That said, it's currently not clear if the flaw was weaponized as a zero-day prior to its disclosure last week. "By exploiting trust in open source plugins, attackers have infiltrated these Nov 23, 2024 · The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. com. Feb 16, 2022 · Read the latest updates about database software on The Hacker News cybersecurity and information technology publication. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. It is run by the investment fund and startup incubator Y Combinator. However, forward secrecy cannot defend against a successful cryptanalysis of the underlying ciphers being used, since a cryptanalysis consists of finding a way to decrypt an encrypted message without the key, and forward secrecy only protects keys, not the The Hacker News (THN) has Internationally been recognized as the leading and most trusted Information Security Channel – attracting over 5 Million monthly re The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis. An unofficial, alternative interface to Hacker News. First of all, one of those languages is not like the other (Go is closer to JS than to Rust) - second, we really can’t reasonably guess at the produced assembly, even C compilers do some insane transformations leaving the code nothing alike the original, let Links for the intellectually curious, ranked by readers. Louisiana forbids public health workers from promoting Covid, flu and mpox shots (npr. Discover insights into the latest tactics used by cybercriminals, including ransomware attacks, phishing campaigns, and system vulnerabilities. Nov 4, 2024 · Upgrade Your Cybersecurity Skills with SANS at CDI 2024 + Get a $1,950 Bonus! Unlock top-tier cybersecurity training at SANS CDI 2024, December 13-18 in Washington, DC. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total. Read the latest updates about computer forensics on The Hacker News cybersecurity and information technology publication. With GBHackers Security we cover Cyber Security News, Hacking News, Technology updates, Research & others. Swift was designed around emojis it seems. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9. Jan 13, 2025 · The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis. ‎المصدر العربي الأول لأخبار القرصنة وكل جديد حول الأمن السيبراني ومجموعات الهاكرز والتسريبات‎ Aug 19, 2024 · A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. Our webinars cover a wide range of cybersecurity topics, including cloud security, network security, incident response, compliance, and more. 3 days ago · The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis. sys) for WinSock. Oct 26, 2024 · The attacks entail identifying unauthenticated and exposed Docker API endpoints using masscan and ZGrab and using them for cryptominer deployment and selling the compromised infrastructure to others on a mining rental platform called Mining Rig Rentals, effectively offloading the job of having to manage them themselves, a sign of the maturation of the illicit business model. Jan 27, 2025 · Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. When remote work is not an option, include ONSITE. Jun 1, 2023 · Please state the location and include REMOTE, INTERNS and/or VISA when that sort of candidate is welcome. Sep 26, 2024 · Nation-state threat actors backed by Beijing broke into a "handful" of U. Converge (YC S23) is hiring engineer #2 in NYC (gem. 2) - An insufficient sanitization issue in MLflow that leads to a cross-site scripting (XSS) attack when running an untrusted recipe in a Jupyter Notebook, ultimately resulting in client-side remote code execution (RCE) Jan 6, 2025 · Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems. Hacker News Search: Aug 29, 2024 · The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis. com/jobs. org) Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Nov 20, 2023 · The stealer malware known as LummaC2 (aka Lumma Stealer) now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. Dec 2, 2024 · Global police arrest 5,500 suspects, seize $400M, dismantle $1. The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. That includes more than hacking and startups. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. This guide includes everything essential to know about building a strong security foundation and running a well-protected operating system. com Dec 16, 2024 · The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis. You can browse the newest Show HNs here. Hacker News Search: Nov 15, 2024 · TRM Labs said Lichtenstein exploited a vulnerability in Bitfinex's multi-signature withdrawals setup, which back then would have required at least two signatures -- one each from Bitfinex and a third-party digital asset trust company called BitGo -- to approve a withdrawal. organization earlier this year as part of a four-month-long intrusion. 📨 Contact: admin@thehackernews. Nov 11, 2024 · ⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car's tech system, even your security software—turned into silent allies for hackers. Read about critical vulnerabilities, hacking attacks, malware, cybercrime and more. hckr news an unofficial alternative hacker news interface. "These malicious ads, appearing on Google Search, are designed to steal the login Oct 2, 2024 · An element within North Korea's Reconnaissance General Bureau (RGB), the hacking crew has a track record of deploying ransomware strains such as SHATTEREDGLASS and Maui, while also developing an arsenal of custom backdoors like Dtrack (aka Valefor and Preft), TigerRAT, Black RAT (aka ValidAlpha), Dora RAT, and LightHand. First page in the manual shows how you can use emojis as variable names. A collection of the top stories on Hacker News with over 100 points. "Targets are typically asked to communicate with an interviewer through a link that throws an Oct 24, 2024 · The V8 sandbox bypass was patched by Google in March 2024 following a bug report that was submitted on March 20, 2024. Hacker News new | past | comments | ask | show | jobs | submit | best: login: 1. Read the latest updates about Israel on The Hacker News cybersecurity and information technology publication. How to implement a container security solution and Kubernetes Security best practices all rolled into one. Nov 26, 2024 · The Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems. com): 12 hours ago: 2. NSO Group saga. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hacker News Search: 2 days ago · Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. Dec 12, 2024 · Apple patches CVE-2024-44131, a TCC bypass vulnerability enabling malicious apps to access sensitive data via symlink manipulation. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared Jan 6, 2025 · Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Hacker News (HN) is a social news website focusing on computer science and entrepreneurship. Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Please only post if you personally are part of the hiring company—no recruiting firms or job boards. I get why Apple wants to be clear how there are different ways to index into strings (even if this is motivated 99% by emojis like "family: man woman boy boy skintone B"), but still, the API didn't have to be this confusing or have so many breaking changes after GA. The threat actor behind the malware-as-a-service (MaaS) known as Eternity Group has been linked to new piece of malware called LilithBot . Hacker News Search: 2 days ago · The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday. 8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD. Sei (YC W22) Is Hiring 241. I hope Bruno has support for separate environments and environment-level variables soon because the ability to set global variables along with environment-specific variables/overrides makes the setup much more manageable (I think there is a feature request already open Dec 24, 2024 · In recent years, the hacking crew has orchestrated a series of attacks that leverage job-themed social engineering campaigns or involve reaching out to prospective targets under the pretext of collaborating on a GitHub project, which then leads to the deployment of malicious npm packages. 1 out of a Hacker News. Dec 18, 2024 · Another characteristic that deserves a mention is the use of anonymization layers like TOR exit nodes to control the RDP servers, as well as residential proxy providers and commercial VPN services to access legitimate mail servers that were employed to send the spear-phishing emails. Nov 14, 2024 · Sitting Ducks is both easy to perform and stealthy, in part driven by the positive reputation that many of the hijacked domains have. Hacker News Search: Read the latest updates about cyber attack on The Hacker News cybersecurity and information technology publication. According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August. com): 38 points by jackhalford 2 days ago | hide | 1 comment: 242. On-Topic: Anything that good hackers would find interesting. 1B phishing syndicate in INTERPOL-led HAECHI-V. "It has advanced capabilities to be used as a miner, stealer, and a clipper along with its persistence mechanisms," Zscaler ThreatLabz researchers Shatak Jain and Aditya Sharma said in a Wednesday report. com 🌐 Website: https://thehackernews. In one of the follow-up messages sent to a representative of the company, De Oliveira said he was "very interested in helping you guys solve this security flaw" but said it will incur a consulting fee of 75 bitcoin (about $800,000 at the time). Nov 4, 2024 · Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). Get real-time updates with English summaries and comment highlights. Hacker News is a community for sharing and discussing new ideas, work, and news stories. Hacker News Search: Stories from October 24, 2024 (UTC) Go back a day, month, or year. Hacker News Guidelines What to Submit. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. S. Hacker News Search: Dec 10, 2024 · Besides mimCN, some of the other aspects that point to China are the presence of simplified Chinese comments in PHPsert, the use of infrastructure provided by Romanian hosting service provider M247, and the use of Visual Studio Code as a backdoor, the last of which has been attributed to the Mustang Panda actor. The line between convenience and vulnerability has never been Dec 16, 2024 · 🔔 Top News. > the distance between the code they write and the machine code that will be executed is greater than in languages like Rust or Go. What exists is a whole lot of money, a willingness to lose that money if a bank makes bad bets on the trust and security of a customer, a bunch of laws to adhere to, and willingness to go to jail if those laws aren't followed (or, perhaps willingness being the wrong word, an understanding one will go to jail if those laws aren't followed and protected parties lose Oct 16, 2024 · Cybercriminals exploit AI tools like GPTs, phishing emails, and deepfakes in attacks, raising security risks. ee) 3084 points by Dec 31, 2024 · BBC News • @mwendling Getty Images US officials say hackers linked to the Chinese government are responsible for breaching security at major telecommunications companies and US agencies. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities. Jan 13, 2025 · The Hacker News covers the latest cybersecurity threats, tools and tips from around the world. On iOS, third-party keyboard extensions can run entirely standalone without access to external services and thus Dec 26, 2024 · A month later, the defendant forwarded the aforementioned message to both the CEO and an executive working in the Brazilian subsidiary. Hacker News new | past | comments | ask | show | jobs | submit: login: 211. . Dec 6, 2024 · The list of vulnerabilities is below - CVE-2024-27132 (CVSS score: 7. Hacker News is a social news website focusing on computer science and entrepreneurship. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant. Tailscale Prometheus Metrics (tailscale. This could manifest in the form of Jan 29, 2025 · A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. I am using Insomnia but haven't been prompted for account setup etc (switched to it from Postman after the cloud nonsense). And so did many other operations under the disguise of hacktivism. Oct 28, 2024 · 🚢🔐 Kubernetes Security for Dummies. Hacker News Search, millions articles and comments at your fingertips. As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Hacker News Search: Oct 3, 2024 · The group, responsible for the development and distribution of the Dridex (aka Bugat) malware, has been previously observed deploying LockBit and other ransomware strains in 2022 in order to get around sanctions imposed against the group in December 2019, including key members Maksim Yakubets and Igor Turashev. Milan prohibits all outdoor smoking as ban takes effect (rte. Latest news on hacks, cyberattacks, security vulnerabilities, and more. Also deployed during the course of the attacks is PlugX (aka Korplug), a remote access trojan put to use by several Chinese hacking groups. Weekly Hacker News for the 7 days ending 2025-01-04. ⭐ Official THN Telegram Channel — A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking. Dec 23, 2024 · The online world never takes a break, and this week shows why. Feb 3, 2024 · Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis. That said, it's currently not known if the attackers discovered it earlier and weaponized it as a zero-day, or if it was exploited as an N-day vulnerability. Aug 27, 2024 · It also said, "in the wild exploitation of CVE-2024-7965 [] was reported after this release. Browse the latest posts on topics such as time-series anomaly detection, spline distance fields, structural code editors, Doom, and more. Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. slwd gkxdqxd osul aovgvvi cahn ths upfl gqf qhf lcoile zzp sioxb nbqyuzjp httu chptn