The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news, actionable insights and analysis.

1 天前 · 🔔 Top News. whoAMI Attack Exploits AWS AMI Name Confusion for Remote Code Execution — A new type of name confusion attack called whoAMI allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. Datadog, which detailed the attack, said roughly 1% of organizations monitored by the company were affected ...

2025年2月3日 · 🔔 Top News. Law Enforcement Operation Takes Down Illicit Cybercrime Services — A series of law enforcement operations have taken down various online marketplaces such as Cracked, Nulled, Sellix, StarkRDP, and HeartSender that sold hack tools, illegal goods, and crimeware solutions. Millions of users are estimated to have been impacted, earning the threat actors hundreds of thousands of ...

2025年1月13日 · In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound.

5 天之前 · The attacks took place between December 4, 2024, and January 23, 2025, Recorded Future's Insikt Group said, adding the adversary, also tracked as Earth Estries, FamousSparrow, GhostEmperor, RedMike, and UNC2286, attempted to exploit more than 1,000 Cisco devices globally during the timeframe.. More than half of the targeted Cisco appliances are located in the U.S., South America, and India.

4 天之前 · The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network's domain controller as part of their post-compromise strategy. "RansomHub has targeted over 600 organizations globally, spanning ...

2025年2月10日 · 🔔 Top News. Multiple Security Flaws Come Under Exploitation — Malicious actors are exploiting recently disclosed security flaws in SimpleHelp remote desktop software (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728) as part of a suspected ransomware attack. Separately, Russian cybercrime groups have been found to exploit a flaw affecting the 7-Zip archiver tool (CVE-2025-0411) to evade ...

2025年1月18日 · Earlier this week, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said "China's sophisticated and well-resourced cyber program represents the most serious and significant cyber threat to our nation, and in particular, U.S. critical infrastructure." Easterly also revealed that Salt Typhoon was first detected on federal networks, much before the cyber ...

2025年1月10日 · Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer . "Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research …

2025年1月14日 · The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation in the wild.