THE HACKER NEWS 98

Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers. "We first became aware of this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees," security researchers Tom Hegel, Aleksandar Milenkoski, and Jim Walter said in an analysis published Monday. PurpleHaze is assessed to be a hacking crew with loose ties to another state-sponsored group known as APT15 , which is also tracked as Flea, Nylon Typhoon (formerly Nickel), Playful Taurus, Royal APT, and Vixen Panda. The adversarial collective has also been observed targeting an unnamed South Asian government-supporting entity in October 2024, employing an operational relay box (ORB) network and a Windows backdoor dubbed GoReShell. The implant, written in the Go programming language, repurposes a...

India में Drop Shipping कैसे शुरू करें (Full Guide) Step 1: एक Profitable Niche चुनें India में niche बहुत जरूरी है क्योंकि हर चीज नहीं बिकती। Popular Niche ideas in India: Kitchen tools & home décor Women’s fashion accessories Grooming products (beard oil, hair serum) Kids toys & learning games Spiritual / pooja items Fitness gadgets (e.g., yoga mats, resistance bands) Phone accessories Tools for Niche Research:] Google Trends India Amazon/Flipkart best sellers Meesho trending product --- Step 2: Supplier चुनें (जो इंडिया में ही डिलीवर करे) भारत में सप्लायर ढूंढना AliExpress जितना आसान नहीं है, लेकिन ये कुछ बेस्ट ऑप्शन हैं: Top Indian Drop Shipping Suppliers: 1. Meesho – Reselling app, कोई इन्वेस्टमेंट नहीं 2. GlowRoad – Direct supplier से जुड़ सकते हैं 3. Shop101 (अब बंद है, Meesho merge हो चुका) 4. IndiaMART – Bulk के लिए अच्छा हैं  5. Baapstore – Paid membership, automated system 6. Snazzyway (Women products niche) --- Step 3: अपना Online Store बनाएं Free Options: Meesh...

  What happens when cybercriminals no longer need deep skills to breach your defenses? Today's attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they're not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security unnoticed. This week's threats are a reminder: waiting to react is no longer an option. Every delay gives attackers more ground. ⚡ Threat of the Week Critical SAP NetWeaver Flaw Exploited as 0-Day — A critical security flaw in SAP NetWeaver (CVE-2025-31324, CVSS score: 10.0) has been exploited by unknown threat actors to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. The attacks have also been observed using the Brute Ratel C4 post-exploitation framework, as well as a well-known technique called Heaven's Gate to bypass endpoint protect...

 Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe , a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis. The tech giant noted that it observed the binary to connect to an external server named "sac-auth.nodefunction[.]vip" to retrieve an AES-encrypted data that contains a list of password spray targets. The tool also accepts as input a text file called " accounts.txt " that includes the username and password combinations to be used to carry out the password spray attack. "The threat actor then used the information from both files and posted the credentials to the target tenants for validation," Microsoft said. Cybersecurity In one successful instance of account compromise obse...

 Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be used to create reverse shells and execute commands on infected endpoints," Cisco Talos researchers Joey Chen, Asheer Malhotra, Ashley Shen, Vitor Ventura, and Brandon White said. Cybersecurity The malware was first documented by Google-owned Mandiant in late March 2023, attributing its use to a threat actor it tracks as UNC961. The activity cluster is also known by other names such as Gold Melody and Prophet Spider. The threat actor has been observed leveraging a huge arsenal of known security flaws in internet-facing applications to obtain initial access, followed by conducting ...

 चेन्नई सुपर किंग्स बनाम सनराइजर्स हैदराबाद: आईपीएल 2024 का धमाकेदार मुकाबला तारीख: 28 अप्रैल 2024 स्थान: एमए चिदंबरम स्टेडियम, चेन्नई मैच नंबर: 46 परिणाम: चेन्नई सुपर किंग्स ने सनराइजर्स हैदराबाद को 78 रनों से हराया प्लेयर ऑफ द मैच: रुतुराज गायकवाड़ --- मैच का संक्षिप्त सारांश सनराइजर्स हैदराबाद ने टॉस जीतकर पहले गेंदबाज़ी करने का फैसला किया। लेकिन चेन्नई सुपर किंग्स की बल्लेबाज़ी ने इस फैसले को गलत साबित कर दिया। CSK ने 20 ओवर में 3 विकेट पर 212 रन बनाए। जवाब में SRH की टीम 18.5 ओवर में केवल 134 रन पर सिमट गई और मैच 78 रनों से हार गई। --- चेन्नई सुपर किंग्स की पारी – 212/3 (20 ओवर) रुतुराज गायकवाड़ और डेरिल मिचेल की शानदार बल्लेबाज़ी ने चेन्नई को एक विशाल स्कोर तक पहुँचाया। रुतुराज गायकवाड़ – 54 गेंदों में 98 रन (10 चौके, 3 छक्के) डेरिल मिचेल – 32 गेंदों में 52 रन शिवम दुबे – 20 गेंदों में नाबाद 39 रन (4 छक्के) SRH के गेंदबाज विकेट लेने में तो कामयाब रहे लेकिन रन रोकने में असफल रहे। टी. नटराजन, भुवनेश्वर कुमार और जयदेव उनादकट ने 1-1 विकेट लिया, लेकिन बहुत महंगे साबित हुए - सन...

  परिचय Ruby एक लोकप्रिय प्रोग्रामिंग भाषा है जिसे विशेष रूप से web development के लिए इस्तेमाल किया जाता है, और Ruby on Rails framework इसका प्रमुख उदाहरण है। हाल ही में रिसर्चर्स ने एक गंभीर सुरक्षा खामी (vulnerability) खोजी है, जिसे Rack::Static vulnerability कहा जा रहा है। इस लेख में हम इस vulnerability की पूरी जानकारी देंगे – यह कैसे काम करती है, किसे प्रभावित करती है, इसके खतरे क्या हैं, और इससे कैसे बचा जा सकता है। --- Rack और Rack::Static क्या है? Rack क्या है? Rack एक modular interface है जो Ruby web frameworks (जैसे Rails, Sinatra) और web servers के बीच communication को संभव बनाता है। यह middleware architecture पर आधारित होता है, जिससे developers modular तरीके से request और response को manage कर सकते हैं। Rack::Static क्या करता है? Rack::Static एक Rack middleware है जो static assets (जैसे HTML, CSS, JavaScript files, images आदि) serve करने के लिए responsible होता है। यह asset files को /public या किसी directory से serve करता है। use Rack::Static, :urls => ["/media...

2025 का पहलगाम आतंकी हमला: जब पर्यटकों को बना दिया गया धर्म के नाम पर निशाना --- प्रस्तावना 22 अप्रैल 2025 की सुबह, जब देश के लोग आम दिनों की तरह अपने काम में व्यस्त थे, तब जम्मू-कश्मीर के प्रसिद्ध पर्यटन स्थल बैसारन घाटी (पहलगाम) से एक खौफनाक खबर ने पूरे भारत को दहला दिया। पर्यटकों पर हुए इस बर्बर आतंकी हमले में 28 निर्दोष लोगों की जान चली गई। हमले की खास बात यह थी कि आतंकियों ने पहले पीड़ितों से नाम और धर्म पूछा, और फिर हिंदू यात्रियों को चुन-चुन कर गोली मारी। --- घटना का पूरा विवरण यह हमला पहलगाम के पास स्थित बैसारन घाटी में हुआ, जो अपनी खूबसूरती के लिए "मिनी स्विट्जरलैंड" कहलाती है। उस दिन, घाटी में दर्जनों भारतीय और विदेशी पर्यटक मौजूद थे। कुछ टूरिस्ट्स ट्रेकिंग कर रहे थे, कुछ पिकनिक मना रहे थे, और कुछ सेल्फी ले रहे थे। तभी दो से तीन आतंकियों का समूह, जो स्थानीय वेशभूषा में था, अचानक उनके सामने आया। उनके पास AK-47, हैंड ग्रेनेड और अन्य हथियार थे। उन्होंने टूरिस्ट्स को घेर कर एक-एक से नाम पूछा, आईडी कार्ड देखा, और जिनके नाम से उनका धर्म हिंदू प्रतीत होता था, उ...

  linux-iouring-poc-rootkit-bypasses system call based threat detection tools परिचय Linux एक शक्तिशाली, ओपन-सोर्स ऑपरेटिंग सिस्टम है जिसे विश्वभर के सर्वरों, डेस्कटॉप और एम्बेडेड सिस्टम्स में उपयोग किया जाता है। इसकी ओपन आर्किटेक्चर ने इसे बेहद लचीला और अनुकूलनीय बना दिया है, लेकिन यही लचीलापन कभी-कभी इसके लिए एक जोखिम भी बन सकता है। हाल ही में शोधकर्ताओं ने एक नए प्रकार के Linux rootkit का प्रदर्शन किया है जो system call आधारित थ्रेट डिटेक्शन टूल्स को पूरी तरह बायपास कर सकता है। इस rootkit का मुख्य आधार है Linux का एक नया और अत्याधुनिक फीचर — IO_uring। यह लेख इस नवीनतम सुरक्षा खतरे का गहराई से विश्लेषण करता है, यह समझाता है कि IO_uring कैसे काम करता है, यह rootkit कैसे system call आधारित detection तकनीकों को चकमा देता है, और इससे निपटने के लिए क्या कदम उठाए जा सकते हैं। IO_uring क्या है? IO_uring, Linux kernel द्वारा उपलब्ध कराया गया एक asynchronous I/O framework है जिसे 2019 में पेश किया गया था। इसका उद्देश्य है कि high-performance I/O operations को traditional system call overhe...

  Introduction In the ever-evolving world of cybersecurity, enterprise software often becomes a prime target for malicious attackers. Recently, a critical flaw was discovered in Commvault's Command Center, a centralized management console used widely for data backup and recovery. This flaw, if exploited, allows unauthenticated remote attackers to execute arbitrary code, potentially compromising entire corporate infrastructures. This blog provides a comprehensive breakdown of the vulnerability, its technical underpinnings, risk level, impact, real-world exploitation, mitigation strategies, and best practices moving forward. --- What Is Commvault? Commvault is a leading data protection and data management company offering enterprise-level backup and recovery solutions. One of its flagship components is the Commvault Command Center, a web-based console used to manage data protection tasks across hybrid environments. Command Center enables administrators to monitor and control backup j...

A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning. Attackers promote the trojanized app as a free, cracked version of the premium Alpine Quest Pro, using Telegram channels and Russian app catalogs for distribution. AlpineQuest is a legitimate GPS and topographic mapping app for Android used by adventurers, athletes, search-and-rescue teams, and military personnel, valued for its offline capabilities and precision. The app has two versions: a free Lite version with limited features and a paid Pro version that is free of tracking libraries, analytics, and advertisements. The spyware, which was discovered by researchers at Russian mobile antivirus company Doctor Web, hides inside a fully working Alpine Quest app, reducing suspicion and creating valuable data theft opportunities. Once launched, it attempts to steal communication data and sensitive...

  WhatsApp has introduced a new Advanced Chat Privacy feature to protect sensitive information exchanged in private chats and group conversations. The new privacy option can be enabled after tapping the chat name and is designed to prevent attempts to save media and export chat content. "Today we're introducing our latest layer for privacy called 'Advanced Chat Privacy.' This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said. When the setting is on, you can block others from exporting chats, auto-downloading media to their phone, and using messages for AI features. That way everyone in the chat has greater confidence that no one can take what is being said outside the chat." The company added that this is the first version of this feature, and it's rolling out to all users who have updated WhatsApp to the latest version. WhatsApp is also working o...

  Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device code phishing to achieve the same goals, indicating that Russian adversaries are actively refining their tradecraft. "These recently observed attacks rely heavily on one-on-one interaction with a target, as the threat actor must both convince them to click a link and send back a Microsoft-generated code," security researchers Charlie Gardner, Josh Duke, Matthew Meltzer, Sean Koessel, Steven Adair, and Tom Lancaster said in an exhaustive analysis. At least two different threat clusters tracked as UTA0352 and UTA0355 are assessed to be behind the attacks, although the possibility that...

 Microsoft has fixed several known issues that caused Blue Screen of Death (BSOD) and installation issues on Windows Server 2025 systems with a high core count. As Redmond said when it acknowledged this known issue in October, impacted devices may experience a wide range of symptoms, including Windows Server 2025 installation or upgrading processes failing or hanging, and server start-up taking as much as three hours or more in some cases. Affected systems might also get blue screen errors when launching, restarting, or attempting to run apps. However, these issues are not consistently triggered on impacted servers. Servers which have a high number of logical processors might experience issues running Windows Server 2025. This is presently observed on servers which have more than 256 logical processors," the company said. IT admins who want to find out if these known issues impact their Windows Server 2025 systems are advised to check if they show as having over 256 logical proces...