Hacker News with Generative AI: Cybersecurity

Someone is trying to recruit security researchers in a bizarre hacking campaign (techcrunch.com)
Someone is making precisely that tantalizing, bizarre, and clearly sketchy job offer. The person is using what looks like a series of fake accounts with avatars displaying photos of attractive women and sliding into the direct messages of several cybersecurity professionals and researchers on X in the last couple of weeks.

Cybersecurity, Social Engineering, Recruitment, Twitter

6 points by jbegley 17 hours ago | 0 comments

Over 200M Records Allegedly Belonging to X Leaked Online (safetydetectives.com)

Data Breaches, Cybersecurity, Privacy, X (company)

16 points by RankingMember 20 hours ago | 1 comments

Furry hackers who leaked Heritage Foundation data feared raided by feds (dailydot.com)
Individuals with connections to SiegedSec, the now-defunct group of “gay furry hackers” who leaked data relating to the think tank behind Project 2025, believe their former leader may have been arrested in a raid by law enforcement.

Cybersecurity, Hacking, Politics, Law Enforcement

38 points by anigbrowl 1 day ago | 1 comments

UK's GCHQ Intern Transferred Top Secret Files to His Phone (bbc.com)
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone.

Cybersecurity, National Security, Espionage, Government, Data Security

20 points by m463 1 day ago | 6 comments

Oracle Cloud security SNAFU latest: IT giant's pedantry as evidence vanishes (theregister.com)
Two Oracle data security breaches have been reported in the past week, and the database goliath not only remains reluctant to acknowledge the disasters publicly – it may be scrubbing the web of evidence, too.

Cybersecurity, Cloud Computing, Oracle, Data Breaches

6 points by rntn 1 day ago | 0 comments

The North Korea worker problem is bigger than you think (cyberscoop.com)
North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop.

Cybersecurity, North Korea, Business, Espionage

21 points by bentocorp 2 days ago | 3 comments

Doge accesses federal payroll system and punishes employees who objected (arstechnica.com)
Elon Musk's Department of Government Efficiency (DOGE) has gained access "to a payroll system that processes salaries for about 276,000 federal employees across dozens of agencies," despite "objections from senior IT staff who feared it could compromise highly sensitive government personnel information" and lead to cyberattacks, The New York Times reported today.

Cybersecurity, Government, Artificial Intelligence

50 points by unsnap_biceps 2 days ago | 11 comments

Oracle attempt to hide cybersecurity incident from customers? (doublepulsar.com)
Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being transparent and open. The moment where this is tested at Oracle has arrived, as they have a serious cybersecurity incident playing out in a service they manage for customers.

Cybersecurity, Cloud Computing, Oracle, SaaS

625 points by 2bluesc 2 days ago | 125 comments

Intel and Microsoft staff lured to work for fake Chinese company in Taiwan (theregister.com)
Chinese tech companies created entities in Taiwan and disguised them so they had no connections to China, so they could lure top tech talent to work on significant projects.

Cybersecurity, China, Taiwan, Recruiting, Technology

5 points by rntn 2 days ago | 1 comments

"The US government has the ability to access many politicians' emails in Europe" (republik.ch)
Anmelden<h1>«Die US-Regierung hat die Möglichkeit, auf viele Politikermails in Europa zuzugreifen»</h1><p>Warum europäische Regierungen aus den amerikanischen Clouds dringend raussollten und wie sie das am schnellsten anstellen, erklärt der niederländische Informatiker und Geheimdienstexperte Bert Hubert.</p>

Politics, Cybersecurity, Europe, Government

17 points by doener 2 days ago | 8 comments

FBI Alert Issued as Time Traveling Hackers Attack –Act Now (forbes.com)
Enable 2FA as time-traveling hackers strike.

Cybersecurity, Time Travel, Hacking

8 points by mfareed 2 days ago | 2 comments

FBI raids home of prominent computer scientist who has gone incommunicado (arstechnica.com)
A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.

Cryptography, Cybersecurity, Privacy, Law Enforcement, Academia

976 points by JaimeThompson 3 days ago | 454 comments

Exploiting exposed Portainer agent and using new SSH persistence (exatrack.com)
During an incident response for one of our clients, we stumbled upon a server compromised by the now relatively documented 1234 perfctl malware.

Cybersecurity, Exploitation, Server Security, Malware

3 points by benjiro 4 days ago | 1 comments

Oracle Health (formerly Cerner) breach compromises patient data at US hospitals (bleepingcomputer.com)
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.

Cybersecurity, Healthcare, Data Breaches, Oracle, Cerner

23 points by dinosor 5 days ago | 0 comments

You Have 7 Days to Act Following Gmail Lockout Hack Attacks, Google Says (forbes.com)
As the FBI takes the unusual step of warning users of webmail platforms, including Gmail, to enable two-factor authentication in the light of a dangerous new ransomware threat campaign, Google email users still have more mundane hacking threats on their minds.

Cybersecurity, Gmail, Two-Factor Authentication, Ransomware

10 points by miles 5 days ago | 4 comments

Judge Confirms LaLiga's Right to Block Cloudflare in Pursuit of IPTV Pirates (torrentfreak.com)
Last December, a Spanish judge authorized LaLiga to block Cloudflare's shared IP addresses to combat piracy. Thousands of innocent internet users were affected, prompting Cloudflare and cybersecurity group RootedCon to ask the court to overturn the order. A judge has now denied both requests, stating that no evidence was presented to show that blocking caused any damage.

IPTV Piracy, Legal Battles, Cybersecurity, Spain

5 points by hn_acker 5 days ago | 0 comments

Obfuscation 101: Unmasking the Tricks Behind Malicious Code (socket.dev)
“The malicious package was right in front of our eyes, but we didn't see it until it was too late.”

Cybersecurity, Malicious Code, Software Development

6 points by feross 5 days ago | 0 comments

Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.

Cybersecurity, Privacy, Data Breaches, Government, United States

39 points by JumpCrisscross 5 days ago | 4 comments

When Getting Phished Puts You in Mortal Danger (krebsonsecurity.com)
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.

Cybersecurity, Phishing, Russia, War

22 points by todsacerdoti 6 days ago | 0 comments

Private Data and Passwords of Senior U.S. Security Officials Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.

Cybersecurity, Politics, Data Breaches, Security Officials

10 points by payamb 6 days ago | 0 comments

India wants backdoors into clouds, email, SaaS, for tax inspectors (theregister.com)
India’s government has proposed giving its tax authorities sweeping powers to access private email systems and applications.

India, Government, Privacy, Cybersecurity, Taxation

9 points by temphnaccount 6 days ago | 0 comments

Ask HN: What's the worst thing that could happen if I click on an unknown link (ycombinator.com)
There's no theoretical limit. That's what the concept of a "zero day" is all about. It's entirely possible that some undiscovered vulnerability allows an attacker to remotely hijack your entire PC, steal all passwords, and completely ruin your life just by opening a webpage. Is it likely? No. But in terms of the "worst thing possible" there's really no upper bound.

Cybersecurity, Security Risks, Internet Safety, Worst-Case Scenarios, Zero-Day Exploits

13 points by canergl 6 days ago | 8 comments

Oracle customers confirm data stolen in alleged cloud breach is valid (bleepingcomputer.com)
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

Cybersecurity, Data Breaches, Oracle, Cloud Computing

345 points by el_duderino 7 days ago | 82 comments

Private Data and Passwords of Hegseth, Waltz, Gabbard Found Online (spiegel.de)
Private contact details of the most important security advisers to U.S. President Donald Trump can be found on the internet. DER SPIEGEL reporters were able to find mobile phone numbers, email addresses and even some passwords belonging to the top officials.

Privacy, Security, Politics, Cybersecurity

92 points by munchausen42 7 days ago | 14 comments

How the Social Security Administration is dodging a federal court order (muskwatch.com)
The Trump administration has installed a DOGE operative as the new Chief Information Officer (CIO) of the Social Security Administration (SSA) in an apparent effort to evade a federal court order blocking DOGE affiliates from accessing databases containing the sensitive personal information of millions of Americans.

Politics, Government, Social Security, Cybersecurity

9 points by chmaynard 7 days ago | 0 comments

Chinese hacking is becoming bigger, better and stealthier (economist.com)
Experts say it is the main shift in the cyber-threat landscape in a decade

Cybersecurity, China, Espionage

24 points by _tk_ 7 days ago | 12 comments

CIA Director Reveals Signal Comes Installed on Agency Computers (theintercept.com)
For years, U.S. officials villainized end-to-end encrypted messaging apps like Signal as the domain of criminals and terrorists and a threat to national security.

National Security, Government Surveillance, Cybersecurity, Messaging Apps, Encryption

117 points by jbegley 7 days ago | 99 comments

GSA Announces FedRAMP 20x (gsa.gov)
Implementing a new approach to accelerate cloud adoption

Government, Cybersecurity, Cloud Computing

21 points by duck 8 days ago | 3 comments

NSA warned of vulnerabilities in Signal app a month before Houthi strike chat (cbsnews.com)
The National Security Agency sent out an operational security special bulletin to its employees in February 2025 warning them of vulnerabilities in using the encrypted messaging application Signal, according to internal NSA documents obtained by CBS News.