The Hacker News

Syndikovat obsah
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and [email protected]
Aktualizace: 55 min 37 sek zpět

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

31 Leden, 2025 - 14:10
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Top 5 AI-Powered Social Engineering Attacks

31 Leden, 2025 - 12:15
Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.
Kategorie: Hacking & Security

Top 5 AI-Powered Social Engineering Attacks

31 Leden, 2025 - 12:15
Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems. Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns

31 Leden, 2025 - 12:04
Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data. In particular, it wanted
Kategorie: Hacking & Security

Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns

31 Leden, 2025 - 12:04
Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data. In particular, it wantedRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

31 Leden, 2025 - 11:45
Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with
Kategorie: Hacking & Security

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

31 Leden, 2025 - 11:45
Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

31 Leden, 2025 - 06:49
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin
Kategorie: Hacking & Security

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

31 Leden, 2025 - 06:49
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only AdminRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

30 Leden, 2025 - 17:25
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat
Kategorie: Hacking & Security

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

30 Leden, 2025 - 17:25
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

30 Leden, 2025 - 14:15
An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort, which took place between January 28 and 30, 2025, targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by a
Kategorie: Hacking & Security

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

30 Leden, 2025 - 14:15
An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort, which took place between January 28 and 30, 2025, targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by aRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter

30 Leden, 2025 - 13:33
Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in
Kategorie: Hacking & Security

Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter

30 Leden, 2025 - 13:33
Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said inRavie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

SOC Analysts - Reimagining Their Role Using AI

30 Leden, 2025 - 11:30
The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents.
Kategorie: Hacking & Security

SOC Analysts - Reimagining Their Role Using AI

30 Leden, 2025 - 11:30
The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security [email protected]
Kategorie: Hacking & Security

DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

30 Leden, 2025 - 11:09
Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal
Kategorie: Hacking & Security

DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

30 Leden, 2025 - 11:09
Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits

30 Leden, 2025 - 08:21
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The
Kategorie: Hacking & Security