Hacker News with Generative AI: Cybersecurity

Hacked firm demanded journalist 'take down' breach reporting, citing UK court (techcrunch.com)
A U.S.-based independent cybersecurity journalist has declined to comply with a U.K. court-ordered injunction that was sought following their reporting on a recent cyberattack at U.K. private healthcare giant HCRG.

Cybersecurity, Journalism, Law, UK, Healthcare

8 points by impish9208 46 minutes ago | 2 comments

Ransomware gang encrypted network from a webcam to bypass EDR (bleepingcomputer.com)
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows.

Cybersecurity, Ransomware, EDR, Webcams

9 points by nradov 2 hours ago | 0 comments

How to distrust a CA without any certificate errors (dadrian.io)
A “distrust” is when a certification authority (CA) that issues HTTPS certificates to websites is removed from a root store because it is no longer trusted to issue certificates.

Security, HTTPS, Cybersecurity, Digital Certificates, Trust

71 points by tptacek 4 hours ago | 20 comments

Ex-NSA boss warns job cuts will have 'devastating effect' (theregister.com)
Video Looming staffing cuts to America's security and intelligence agencies, if carried out, would "have a devastating effect on cybersecurity and our national security," former NSA bigwig Rob Joyce has told House representatives.

National Security, Cybersecurity, Government, Intelligence Agencies, Staffing

6 points by rbanffy 7 hours ago | 0 comments

Exposing Russian EFF Impersonators: The Inside Story on Stealc and Pyramid C2 (hunt.io)
Open directories often expose more than just files--they provide a window into how malicious campaigns operate. In this case, we identified a threat actor impersonating the Electronic Frontier Foundation (EFF) to target the online gaming community. The exposed directory contained decoy documents alongside the malware used in this operation: Steal and Pyramid C2.

Cybersecurity, Malware, Hacking, Russia, EFF

91 points by hn_acker 8 hours ago | 10 comments

Silk Typhoon targeting IT supply chain (microsoft.com)
Executive summary: Microsoft Threat Intelligence identified a shift in tactics by Silk Typhoon, a Chinese espionage group, now targeting common IT solutions like remote management tools and cloud applications to gain initial access.

Cybersecurity, Espionage, China, IT, Supply Chain

4 points by uberdru 1 day ago | 0 comments

China's Silk Typhoon, tied to US Treasury break-in, now hammers IT, govt targets (theregister.com)
Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies and state and local government agencies since late 2024, according to Microsoft Threat Intelligence.

Cybersecurity, Government, China, Microsoft

11 points by rntn 1 day ago | 0 comments

NSO Group executives charged for responsibility in the Pegasus espionage case (iridia.cat)
The Provincial Court has ruled in favour of Irídia and ordered the indictment of three NSO Group executives. They will be investigated for the alleged crime of discovery and disclosure of secrets.

Espionage, Law, Technology, Cybersecurity

11 points by ChrisArchitect 1 day ago | 0 comments

1M Third-Party Android Devices Have a Secret Backdoor for Scammers (wired.com)
New research shows at least a million inexpensive Android devices—from TV streaming boxes to car infotainment systems—are compromised to allow bad actors to commit ad fraud and other cybercrime.

Cybersecurity, Android, Scams

6 points by Brajeshwar 1 day ago | 1 comments

Broadcom urges VMware customers to patch 'emergency' zero-day bugs (techcrunch.com)
U.S. technology giant Broadcom is warning that a trio of VMware vulnerabilities are being actively exploited by malicious hackers to compromise the networks of its corporate customers.

Cybersecurity, Software, Vulnerabilities, Zero-Day Exploits

5 points by jatwork 1 day ago | 0 comments

Vulnerability in partner.microsoft.com allows unauthenticated access (nist.gov)
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.

Cybersecurity, Microsoft, Vulnerability

18 points by speckx 2 days ago | 0 comments

Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China [pdf] (gfw.report)

Cybersecurity, China, Vulnerability, Network Security

10 points by luu 2 days ago | 0 comments

Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate (arstechnica.com)
Three critical vulnerabilities in multiple virtual-machine products from VMware can give hackers unusually broad access to some of the most sensitive environments inside multiple customers’ networks, the company and outside researchers warned Tuesday.

Cybersecurity, VMware, Vulnerabilities, Security Research

7 points by jnord 2 days ago | 0 comments

Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS (socket.dev)
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.

Cybersecurity, Malware, Go Programming, Linux, macOS

10 points by feross 2 days ago | 1 comments

Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? (zetter-zeroday.com)
Two blockbuster stories published on Friday that appear to confirm what many Americans suspected would occur under the Trump administration – that the new regime is going to be softer on Russia than previous administrations, particularly with regard to the threat that Russia poses in cyber space.

Politics, Cybersecurity, Russia, Trump Administration

14 points by tsujamin 2 days ago | 4 comments

DHS says CISA will not stop monitoring Russian cyber threats (bleepingcomputer.com)
The US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged.

Cybersecurity, Russia, Government, Misinformation

5 points by karlzt 3 days ago | 4 comments

So, Russia no longer a cyber threat to America? (theregister.com)
Comment America's cybersecurity chiefs in recent days have been sending mixed messages about the threat posed by Russia in the digital world.

Cybersecurity, Russia, United States

41 points by mdp2021 3 days ago | 65 comments

US to halt offensive cyber operations against Russia (techcrunch.com)
The United States has suspended its offensive cyber operations against Russia, according to reports, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.

Cybersecurity, International Relations, Politics, Russia, Ukraine

11 points by Bhilai 3 days ago | 1 comments

Hegseth Orders Cyber Command to 'Stand Down' on All Russia Operations (gizmodo.com)
It appears that the U.S. no longer considers Russia a significant cyber threat, according to multiple new reports on a drastic policy reversal that has taken hold under the new Trump administration.

Cybersecurity, Russia, Trump Administration, Politics

14 points by azinman2 3 days ago | 0 comments

Research Finds 12,000 'Live' API Keys and Passwords in DeepSeek's Training Data (trufflesecurity.com)
Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data

Data Security, Cybersecurity, Artificial Intelligence, Machine Learning

7 points by bathtub365 3 days ago | 2 comments

Hegseth orders pause in US cyber-offensive against Russia (bbc.com)
US President Donald Trump's administration is pausing its offensive cyber operations against Russia, officials say, as a diplomatic push continues to end the war in Ukraine.

Cybersecurity, International Relations, Politics, Russia, Ukraine

10 points by tartoran 3 days ago | 1 comments

US Defense Secretary orders a halt to offensive cyber operations against Russia (nbcnews.com)
Defense Secretary Pete Hegseth has ordered U.S. Cyber Command to halt offensive cyber operations and information operations against Russia, a U.S. official familiar with the matter said.

Cybersecurity, International Relations, Military, Russia, United States

20 points by xnx 4 days ago | 8 comments

Defense Secretary orders a halt to offensive cyber operations against Russia (nbcnews.com)
Defense Secretary Pete Hegseth has ordered U.S. Cyber Command to halt offensive cyber operations and information operations against Russia, a U.S. official familiar with the matter said.

Cybersecurity, Politics, Russia, Military

21 points by scarface_74 4 days ago | 7 comments

C++ creator calls for action to address 'serious attacks' (theregister.com)
Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory safety shortcomings.

Programming Languages, Cybersecurity, Security Flaws

18 points by thunderbong 4 days ago | 0 comments

US Cyber Command reportedly pauses cyberattacks on Russia (theregister.com)
US Defense Secretary Pete Hegseth has reportedly ordered US Cyber Command to pause offensive operations against Russia, as the USA’s Cybersecurity and Infrastructure Security Agency (CISA) has denied any change in its posture.

Cybersecurity, Russia, Politics, Military, Government

19 points by mikece 4 days ago | 11 comments

86% of codebases contain vulnerable open source components (scworld.com)
The use of high-risk and outdated open source software (OSS) components is a widespread problem, according to a Black Duck report that revealed 86% of analyzed codebases contained vulnerable open source components.

Cybersecurity, Software Development, Research

8 points by LinuxBender 4 days ago | 0 comments

C++ creator calls for help to defend programming language from 'serious attacks' (theregister.com)
Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory safety shortcomings.

C++, Programming Languages, Cybersecurity, Security

10 points by rntn 4 days ago | 2 comments

Speedrunners are vulnerability researchers, they just don't know it yet (zetier.com)
Thousands of video game enthusiasts are developing experience in the cybersecurity industry by accident. They have a fun hobby, pouring over the details of their favorite games, and they don't know they could be doing something very similar… by becoming a vulnerability researcher.

Cybersecurity, Video Games, Vulnerability Research, Gaming

363 points by chc4 4 days ago | 89 comments

US Department of Defense orders its cyber arm to stop operations against Russia (intelnews.org)