All News
The Hacker News
The Hacker News
June 20, 2025
Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms
Qilin ransomware intensifies, offering legal counsel to affiliates, rising as a top cybercrime platform with 304 victims in 2025.
The Hacker News
June 20, 2025
Iran's State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
Iran TV, crypto exchange hack escalate cyber conflict with Israel. Hacktivist groups target critical infrastructure.
The Hacker News
June 20, 2025
6 Steps to 24/7 In-House SOC Success
24/7 SOCs are essential for off-hours breach protection. Discover how to build one with AI and efficient staffing.
The Hacker News
June 20, 2025
Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
Cloudflare blocks record 7.3 Tbps DDoS attack, targeting hosting provider, with 122,145 source IPs across 161 countries.
The Hacker News
June 20, 2025
67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
A new cybersecurity campaign has exposed 67 trojanized GitHub repositories, targeting gamers and developers with malicious Python tools.
The Hacker News
June 19, 2025
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
Android malware AntiDot and GodFather target mobile users with phishing, NFC attacks, and app virtualization.
The Hacker News
June 19, 2025
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
North Korean hackers used deepfake Zoom calls and Telegram links to infect Mac systems at a crypto firm.
The Hacker News
June 19, 2025
Secure Vibe Coding: The Complete New Guide
AI-generated code is accelerating dev speed—but it’s also exposing users to stealthy, undetected flaws.
The Hacker News
June 19, 2025
Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
Hackers now exploit trusted apps like Zoom and Dropbox to launch stealth attacks. Learn how to detect LOTS threats
The Hacker News
June 19, 2025
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
Russian hackers used Gmail app passwords and fake State Dept. emails to access inboxes of academics.
The Hacker News
June 19, 2025
Meta Adds Passkey Login Support to Facebook for Android and iOS Users
Meta is bringing passkey support to Facebook, Messenger, and Meta Pay, aiming to boost mobile login security
The Hacker News
June 19, 2025
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Linux systems face critical local privilege escalation threats via CVE-2025-6018/6019 flaws—users must patch now.
The Hacker News
June 18, 2025
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
Malware campaign abuses Cloudflare Tunnel and phishing lures to deliver in-memory RATs across multiple regions.
The Hacker News
June 18, 2025
1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub
Minecraft players hit by Java malware hidden in mods, stealing data from Discord, browsers, and crypto wallets via GitHub
The Hacker News
June 18, 2025
FedRAMP at Startup Speed: Lessons Learned
Startups can now achieve FedRAMP Moderate faster. Beyond Identity shares real strategies, costs, and team insights.
The Hacker News
June 18, 2025
Water Curse Hijacks 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign
Water Curse exploited 76 GitHub accounts to deliver stealthy malware targeting developers and supply chains.
The Hacker News
June 18, 2025
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents
Former CIA analyst sentenced to 37 months for leaking Top Secret intel on Israel-Iran plans. National security impact.
The Hacker News
June 18, 2025
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
CISA warns CVE-2023-0386 is being actively exploited, impacting Linux systems via OverlayFS. Patching is urgent.
The Hacker News
June 18, 2025
Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
Veeam patches 3 major flaws, including CVE-2025-23121, to stop RCE risks in backup software. Update now.
The Hacker News
June 18, 2025
Iran Restricts Internet Access to Prevent Cyber Attacks Amid Escalating Regional Conflict
Iran throttles web, cites cyber threats; Israeli group hacks bank; U.S. warns of Iranian ICS malware.
The Hacker News
June 17, 2025
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
Chrome and Yandex zero-days exploited to deploy Trinper backdoor via phishing; Russian entities targeted.
The Hacker News
June 17, 2025
LangChain LangSmith Bug Let Hackers Steal OpenAI API Keys and User Data via Malicious Agents
LangSmith flaw let hackers steal OpenAI API keys and data via LangChain agents. Enterprises risked IP leaks.
The Hacker News
June 17, 2025
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Phishing emails in Taiwan deploy Gh0stCringe and HoldingHands RAT via fake tax lures and PDF malware.
The Hacker News
June 17, 2025
Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms
Scattered Spider targets U.S. insurance firms using social engineering and MFA bypass tactics. GTIG urges vigilance.
The Hacker News
June 17, 2025
Are Forgotten AD Service Accounts Leaving You at Risk?
Botnet attack exploited over 130,000 forgotten AD accounts. Learn why service account oversight matters.
The Hacker News
June 17, 2025
Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments
Three flaws in Sitecore XP v10.1+ let attackers gain remote access using default credentials—impacting banks, airlines, and global enterpris...
The Hacker News
June 17, 2025
Backups Are Under Attack: How to Protect Your Backups
This article discusses how ransomware attacks are targeting backups and what to do to keep your data and backups secure.
The Hacker News
June 17, 2025
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Langflow’s RCE flaw is under active attack, infecting servers with Flodrix botnet malware via public PoC. Unpatched AI apps remain at risk.
The Hacker News
June 17, 2025
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
TP-Link and Zyxel router flaws are under active attack, affecting global users and federal systems. Urgent updates needed.
The Hacker News
June 17, 2025
Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement
Meta rolls out ads on WhatsApp Status using limited data like location and language, raising privacy questions.
The Hacker News
June 16, 2025
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network
U.S. DoJ seizes $7.74M in crypto linked to North Korean IT worker scheme exploiting AI, fake IDs, and BYOD loopholes.
The Hacker News
June 16, 2025
Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment
Anubis ransomware encrypts and erases data, leaving no recovery options for targeted industries.
The Hacker News
June 16, 2025
⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More
⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More | Read more hacking news on The Hacker News cybers...
The Hacker News
June 16, 2025
Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine
Cynomi's playbook helps providers scale from tactical services to strategic cybersecurity programs with MRR growth.
The Hacker News
June 16, 2025
The Hidden Cost of Treating Compliance as an Afterthought
Embedding compliance from the start reduces risk, avoids fines, and improves security across operations.
The Hacker News
June 16, 2025
Exposed Developer Secrets Are a Big Problem. AI is Making Them Exponentially Worse
24M secrets leaked on GitHub—AI use and rushed coding to blame. Devs and data at risk.
The Hacker News
June 16, 2025
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
Malware-laced PyPI and npm packages steal developer credentials, CI/CD data, and crypto wallets. Attacks target macOS, AI workflows, and clo...
The Hacker News
June 14, 2025
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
Malware campaign hijacks expired Discord invite links to steal crypto wallets and infect users globally.
The Hacker News
June 13, 2025
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
Over 269K sites infected with JSFireTruck malware in one month, redirecting visitors to scams and malware.
The Hacker News
June 13, 2025
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
CISA warns ransomware groups exploiting unpatched SimpleHelp RMM to breach organizations worldwide, risking data theft and double extortion
The Hacker News
June 13, 2025
CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
Traditional SOCs are overwhelmed by alerts; CTEM helps enterprises focus on real risks and business impact for better security outcomes.
The Hacker News
June 13, 2025
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
Apple patched zero-day flaws exploited to deploy Paragon’s Graphite spyware targeting journalists and civil society, raising global spyware...
The Hacker News
June 12, 2025
WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
Infoblox reveals VexTrio’s sprawling adtech scam network affecting thousands globally via compromised sites.
The Hacker News
June 12, 2025
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes | Read more hacking news on The Hacker News cybersecurity ne...
The Hacker News
June 12, 2025
AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
Invisible AI agent identities expose organizations to attacks, risking data and cloud security.
The Hacker News
June 12, 2025
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
Critical zero-click AI vulnerability EchoLeak exposed sensitive Microsoft 365 Copilot data; Microsoft patched it to prevent data leaks.
The Hacker News
June 12, 2025
Non-Human Identities: How to Address the Expanding Security Risk
70% of secrets from 2022 remain active in 2025, putting enterprises’ machine identities at risk of breaches and compliance failures.
The Hacker News
June 12, 2025
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
ConnectWise rotates ScreenConnect certificates by June 13 after config data concerns, impacting on-prem users to prevent remote access risks...
The Hacker News
June 12, 2025
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
A new ATO campaign using TeamFiltration breached 80,000+ Microsoft Entra ID accounts via password spraying, impacting hundreds of cloud tena...
The Hacker News
June 11, 2025