CyberSecurityBoard
Sponsor Register Login

Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000

According to a Dark Web Informer post shared on X, the package includes the zero-day payload, a curated target list of vulnerable telecom infrastructure, and specialized dorking tools for Shodan, Censys, Fofa, Google, and ZMap designed to identify additional vulnerable systems. Despite its age and known security limitations, the Signaling System 7 (SS7) protocol, developed in 1975 and standardized in 1980, remains a critical component of global telecommunications networks. SS7 exploits have been around for years, but a fresh zero-day targeting gateway infrastructure could potentially bypass existing security measures implemented by carriers. Security researchers have identified a listing on a prominent cybercrime forum where a newly registered vendor offers what they claim is a zero-day vulnerability affecting SS7 gateways. Experts recommend that organizations implement additional security layers beyond SMS-based authentication, such as app-based multi-factor authentication, to protect against these threats. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The transition to 4G and 5G networks with newer protocols like Diameter offers improved security, but approximately 30% of mobile connections still rely on 2G and 3G networks that use SS7. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. While telecommunications providers have implemented some protections since the SS7 vulnerabilities were first published in 2014, the protocol’s fundamental design issues remain. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications. The exploit, priced at $5,000, provides buyers with comprehensive tools to compromise telecommunications infrastructure at a fundamental level. Its architecture includes critical components such as Mobile Switching Centers (MSCs), Home Location Registers (HLRs), and Visitor Location Registers (VLRs).

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 05 May 2025 11:05:07 +0000


Cyber News related to Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000

Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000 - According to a Dark Web Informer post shared on X, the package includes the zero-day payload, a curated target list of vulnerable telecom infrastructure, and specialized dorking tools for Shodan, Censys, Fofa, Google, and ZMap designed to identify ...
2 months ago Cybersecuritynews.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
1 year ago Securityweek.com Silence
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
Surveillance Company Using SS7 Bypass Attack to Track the User's Location Information - This discovery highlights the ongoing arms race between surveillance entities and telecommunications security, as attackers continue exploiting the complex ASN.1 protocol structures inherent in SS7 networks to evade detection and maintain ...
5 days ago Cybersecuritynews.com
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
1 year ago Darkreading.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 year ago Bleepingcomputer.com CVE-2024-27834
Hacking Protected Java-Based Programs - This article provides examples of hacking techniques that can help Java developers avoid vulnerabilities in their programs. It is not intended to train hackers but rather for naive developers who think that standard obfuscators will save them from ...
1 year ago Feeds.dzone.com
Barracuda fixes new ESG zero-day exploited by Chinese hackers - Network and email security firm Barracuda says it remotely patched all active Email Security Gateway appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers. The company deployed a second wave of security updates a day ...
1 year ago Bleepingcomputer.com CVE-2023-7102 CVE-2023-7101
How to Think Like a Hacker - Not only did I enjoy and learn from Khan's presentation, I had several follow-up conversations with him regarding cybersecurity, hacking, industry trends and much more. I was impressed with his passion, expertise and role as a vCISO and cybersecurity ...
1 year ago Securityboulevard.com
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273 CVE-2021-1435
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own - During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. Palo Alto ...
2 months ago Bleepingcomputer.com
Hacker 'ShinyHunters' Pleads Not Guilty in Cybercrime Case - A hacker known as 'ShinyHunters' has pleaded not guilty in a case of cybercrime. The hacker is accused of taking part in illegal activities to steal data from victims, including passwords, credit card information, and other personal details. The ...
2 years ago Blog.cloudflare.com Hunters
Nine 9 tips before putting your Android Smartphone or Apple iPhone for resale - Many Americans are likely considering selling their old smartphones to upgrade to the latest models released by OEMs, featuring innovative features and new operating systems. Before selling your smartphone to a friend or a company, it's crucial to ...
1 year ago Cybersecurity-insiders.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-40477 APT28
Digital Criminal Ontology; Trading Pistols for Programmers - Since computers were first connected with Ethernet cables, Hollywood started romanticizing hackers. The movie was a science fiction thriller starring Matthew Broderick and Ally Sheedy as high school students who accidentally hacked a military ...
1 year ago Cyberdefensemagazine.com
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com CVE-2023-38831 APT28 APT29
Hacker Conversations: Stephanie 'Snow' Carruthers, Chief People Hacker at IBM X-Force Red - Social engineering is effectively hacking human thought processes. Social engineering is a major factor in the overall process but is not directly part of repurposing electronic systems. A social engineer is usually classified as a hacker, and is ...
1 year ago Securityweek.com
Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer - In a recent cybersecurity incident, three Polish hackers achieved success in repairing the malfunctioning software of a train, initially serviced by independent repair shops for a regional rail operator. The narrative took a twist when accusations ...
1 year ago Hackread.com
GTA 6 Hacker: Life in Secure Hospital for Cybercrime Intent - The teenage hacker who leaked details about Grand Theft Auto 6 is now facing a life sentence in a guarded institution, which is a surprise development. The person, identified as Lapsus, was placed under an indefinite hospital order because of worries ...
1 year ago Cysecurity.news
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)