Hacking List -  2024  2023  2021  2020  2019  2018

DATE

NAME

Info

CATEG.

WEB

1.11.24

LottieFiles Issues Warning About Compromised "lottie-player" npm Package LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to Hack

The Hacker News

26.10.24 Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response HackThe Hacker News

28.9.24

Kia dealer portal flaw could let attackers hack millions of carsA group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate.Hack

BleepingComputer

28.9.24

CISA: Hackers target industrial systems using “unsophisticated methods”​CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using "unsophisticated" methods like brute force attacks and default credentials.Hack

BleepingComputer

28.9.24

Kansas water plant cyberattack forces switch to manual operationsArkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning.Hack

BleepingComputer

27.9.24

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking UsersRussian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (akaHackThe Hacker News

26.9.24

Hackers Could Have Remotely Controlled Kia Cars Using Only License PlatesCybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, couldHackThe Hacker News

26.9.24

MoneyGram confirms a cyberattack is behind dayslong outageMoney transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday.Hack

BleepingComputer

20.9.24

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction FirmsThreat actors have been observed targeting the construction sector by infiltrating the FOUNDATION Accounting Software , according toHackThe Hacker News

15.9.24

Fake password manager coding test used to hack Python developersMembers of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.Hack

BleepingComputer

10.9.24

Highline Public Schools closes schools following cyberattackHighline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack.Hack

BleepingComputer

8.9.24

LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacksYet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites.Hack

BleepingComputer

8.9.24

Red team tool ‘MacroPack’ abused in attacks to deploy Brute RatelThe MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore.Hack

BleepingComputer

8.9.24

Revival Hijack supply-chain attack threatens 22,000 PyPI packagesThreat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks.Hack

BleepingComputer

5.9.24

Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival HijackA new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt toHackThe Hacker News

31.8.24

DICK'S shuts down email, locks employee accounts after cyberattackDICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that sensitive information was exposed in a cyberattack detected last Wednesday.Hack

BleepingComputer

25.8.24

Hackers now use AppDomain Injection to drop CobaltStrike beaconsA wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows.Hack

BleepingComputer

21.8.24

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes ClustersCybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited,HackThe Hacker News

16.8.24

New AMD SinkClose flaw helps install nearly undetectable malwareAMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.Hack

BleepingComputer

16.8.24

Microsoft discloses unpatched Office flaw that exposes NTLM hashes​Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker.Hack

BleepingComputer

11.8.24

CISA warns of hackers abusing Cisco Smart Install featureCISA recommends disabling the legacy Cisco Smart Install feature after seeing it abused by threat actors in recent attacks to steal sensitive data, such as system configuration files.Hack

BleepingComputer

4.8.24

World leading silver producer Fresnillo discloses cyberattack​Fresnillo PLC, the world's largest silver producer and a top global producer of gold, copper, and zinc, said attackers gained access to data stored on its systems during a recent cyberattack.Hack

BleepingComputer

1.8.24

Over 1 Million Domains at Risk of 'Sitting Ducks' Domain Hijacking TechniqueOver a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. TheHackThe Hacker News

27.7.24

DeFi exchange dYdX v3 website hacked in DNS hijack attackDecentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised.Hack

BleepingComputer

25.7.24

Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 ToolThe threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute RatelHackThe Hacker News

23.7.24

Experts Uncover Chinese Cybercrime Network Behind Gambling and Human TraffickingThe relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A ChineseHackThe Hacker News

16.7.24

GitHub Token Leak Exposes Python's Core Repositories to Potential AttacksCybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to theHack

The Hacker News

15.7.24

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping ToolA threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infectHack

The Hacker News

6.7.24

Cloudflare blames recent outage on BGP hijacking incidentInternet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak.Hack

BleepingComputer

5.7.24

Australian charged for ‘Evil Twin’ WiFi attack on planeAn Australian man was charged by Australia's Federal Police (AFP) for allegedly conducting an 'evil twin' WiFi attack on various domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people's email or social media credentials.Hack

BleepingComputer

5.7.24

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major CompaniesThe supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findingsHackThe Hacker News

3.7.24

Israeli Entities Targeted by Cyberattack Using Donut and Sliver FrameworksCybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks likeHackThe Hacker News

2.7.24

Australian Man Charged for Fake Wi-Fi Scam on Domestic FlightsAn Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal userHackThe Hacker News

30.6.24

Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operatorThe recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion.Hack

BleepingComputer

28.6.24Plugins on WordPress.org backdoored in supply chain attackA threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them.Hack

BleepingComputer

28.6.24Polyfill.io JavaScript supply chain attack impacts over 100K sitesOver 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites.Hack

BleepingComputer

28.6.24New attack uses MSC files and Windows XSS flaw to breach networksA novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console.Hack

BleepingComputer

27.6.24CDK Global hacked again while recovering from first cyberattackCar dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack.Hack

BleepingComputer

27.6.24Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain AttackGoogle has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domainHackThe Hacker News
25.6.24New Attack Technique Exploits Microsoft Management Console FilesThreat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) filesHackThe Hacker News
9.6.24New Gitloker attacks wipe GitHub repos in extortion schemeAttackers are targeting GitHub repositories, wiping their contents, and asking the victims to reach out on Telegram for more information.Hack

BleepingComputer

8.6.24ARRL says it was hacked by an "international cyber group"American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information.Hack

BleepingComputer

6.6.24

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPICybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repositoryHack

The Hacker News

5.6.24

Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud CustomersCloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targetedHackThe Hacker News

1.6.24

Cybercriminals pose as "helpful" Stack Overflow users to push malwareCybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.Hack

BleepingComputer

1.6.24

Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following aHackThe Hacker News

1.6.24

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT DevicesMicrosoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "TheseHackThe Hacker News

31.5.24

Okta warns of credential stuffing attacks targeting its CORS featureOkta warns that a Customer Identity Cloud (CIC) feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April.Hack

BleepingComputer

29.5.24

Arc browser’s Windows launch targeted by Google ads malvertisingA new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads.Hack

BleepingComputer

27.5.24

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAICybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used toHackThe Hacker News

23.5.24

American Radio Relay League cyberattack takes Logbook of the World offlineThe American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World.Hack

BleepingComputer

21.5.24

NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent WarningThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGenHackThe Hacker News

18.5.24

Hackers use DNS tunneling for network scanning, tracking victimsThreat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.Hack

BleepingComputer

11.5.24

University System of Georgia: 800K exposed in 2023 MOVEit attackThe University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks.Hack

BleepingComputer

10.5.24

Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models

Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large

Hack

The Hacker News

9.5.24DocGo discloses cyberattack after hackers steal patient health dataMobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data.Hack

BleepingComputer

4.5.24Okta warns of "unprecedented" credential stuffing attacks on customersOkta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks.Hack

BleepingComputer

4.5.24WP Automatic WordPress plugin hit by millions of SQL injection attacksHackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.Hack

BleepingComputer

30.4.24Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing AttacksIdentity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credentialHackThe Hacker News
24.4.24Apache Cordova App Harness Targeted in Dependency Confusion AttackResearchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App HarnessHackThe Hacker News
20.4.2422,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacksApproximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024.HackBleepingComputer
19.4.24BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' ToolTechnology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech asHackThe Hacker News
17.4.24Cisco warns of large-scale brute-force attacks against VPN servicesCisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide.Hack

BleepingComputer

17.4.24Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentialsCisco Talos is actively monitoring a global increase in brute-force attacks against a variety of targets, including Virtual Private Network (VPN) services, web application authentication interfaces and SSH services since at least March 18, 2024. HackCISCO TALOS
17.4.24Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH ServicesCisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN)HackThe Hacker News
16.4.24New SteganoAmor attacks use steganography to target 320 orgs globallyA new campaign conducted by the TA558 hacking group is concealing malicious code inside images using steganography to deliver various malware tools onto targeted systems.Hack

BleepingComputer

14.4.24UK flooded with forged stamps despite using barcodes — to prevent just thatRoyal Mail, the British postal and courier service began switching all snail mail stamps to barcoded stamps last year. The purpose of the barcode was to enhance security, deter stamp reuse, and possibly prevent forgeries—which it has failed to do.Hack

BleepingComputer

11.4.24Over 90,000 LG Smart TVs may be exposed to remote attacksSecurity researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs.Hack

BleepingComputer

11.4.24Targus discloses cyberattack after hackers detected on file serversLaptop and tablet accessories maker Targus disclosed that it suffered a cyberattack disrupting operations after a threat actor gained access to the company's file servers.Hack

BleepingComputer

7.4.24US Health Dept warns hospitals of hackers targeting IT help desksThe U.S. Department of Health and Human Services (HHS) warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector.Hack

BleepingComputer

7.4.24Hoya’s optics production and orders disrupted by cyberattackHoya Corporation, one of the largest global manufacturers of optical products, says a "system failure" caused servers at some of its production plants and business divisions to go offline on Saturday.Hack

BleepingComputer

4.4.24New HTTP/2 Vulnerability Exposes Web Servers to DoS AttacksNew research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-serviceHackThe Hacker News
31.3.24Retail chain Hot Topic hit by new credential stuffing attacksAmerican retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data.Hack

BleepingComputer

31.3.24Cisco warns of password-spraying attacks targeting VPN servicesCisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.Hack

BleepingComputer

30.3.24Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in SecondsSecurity vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors toHackThe Hacker News
30.3.24New Linux Bug Could Lead to User Password Leaks and Clipboard HijackingDetails have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentiallyHackThe Hacker News
29.3.24PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting DevelopersThe maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx ofHackThe Hacker News
27.3.24Crafting Shields: Defending Minecraft Servers Against DDoS AttacksMinecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-HackThe Hacker News
26.3.24Hackers Hijack GtHub Accounts in Supply Chain Attack Affecting Top-gg and OthersUnidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as wellHackThe Hacker News
23.3.24White House and EPA warn of hackers breaching water systemsU.S. National Security Advisor Jake Sullivan and Environmental Protection Agency (EPA) Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector.Hack

BleepingComputer

16.3.24SIM swappers hijacking phone numbers in eSIM attacksSIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.Hack

BleepingComputer

10.3.24Hacked WordPress sites use visitors' browsers to hack other sitesHackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. HackBleepingComputer
5.3.24Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM HashesThe threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (Hack

The Hacker News

3.3.24Anycubic 3D printers hacked worldwide to expose security flawAccording to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks.Hack

BleepingComputer

2.3.24Epic Games: "Zero evidence" we were hacked by Mogilevich gangEpic Games said they found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers.Hack

BleepingComputer

24.2.24VoltSchemer attacks use wireless chargers to inject voice commands, fry phonesA team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger.Hack

BleepingComputer

22.2.24Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network AttacksA recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is aHackThe Hacker News
22.2.24A New Age of HacktivismIn the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions.HackThe Hacker News
18.2.24RansomHouse gang automates VMware ESXi attacks with new MrAgent toolThe RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors.Hack

BleepingComputer

15.2.24Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue PackagesCybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend theirHackThe Hacker News
9.2.24No, 3 million electric toothbrushes were not used in a DDoS attackA widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack.Hack

BleepingComputer

1.2.24

Microsoft reveals how hackers breached its Exchange Online accountsMicrosoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign.Hack

BleepingComputer

25.1.24

China-backed Hackers Hijack Software Updates to Implant "NSPX30" SpywareA previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests fromHackThe Hacker News

24.1.24

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC BreachHackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud emailHackThe Hacker News

21.1.24

Payoneer accounts in Argentina hacked in 2FA bypass attacksNumerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping.Hack

BleepingComputer

19.1.24

MFA Spamming and Fatigue: When Security Measures Go WrongIn today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguardHackThe Hacker News

18.1.24

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with TransactionsThe point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threatHackThe Hacker News

12.1.24

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS PlatformsA new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaSHackThe Hacker News

11.1.24

Mandiant's X account hacked by crypto Drainer-as-a-Service gangCybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack."Hack

BleepingComputer

5.1.24

Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by MalwareMobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administratorHackThe Hacker News

4.1.24

Hacker hijacks Orange Spain RIPE account to cause BGP havocOrange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration.Hack

BleepingComputer

1.1.24

New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 ProtectionsSecurity researchers have detailed a new variant of a dynamic link library ( DLL ) search order hijacking technique that could be used by threat actors..HackThe Hacker News