All News

The Hacker News

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjakgVGto_-OqvtF3jAOQ798lNCkt6Q_gm0N0NbfBIlHEGjbhyphenhyphenKudDV3Ol1GISKbuXy0SRlgOISfK2qMv_H7x7ClP7R_d8Nm0ylMp5o7EkHxPCIpIagimxxBAEFasCQe1ZUmmGw4aAOGKQilG-P_PeqJr03SYsTvvbNg08VRwtDwYbXyrvFxYgV5PIavKuu/s790-rw-e365/nodejs-malware.jpg

The Hacker News

October 10, 2025

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Fortinet warns Stealit malware uses Node.js SEA and fake installers to deliver stealers, RATs, and persistence.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_Fr0HN_Hopnq6XStUBjqKYba-6EufmmmRHA4BhMnOzU8XOhKZFdMZ8zz77i00ecMI3Y_L63SHfYAjGT-lWUQGmUIRUtGeJkEya7ODnzQUDGQba7RTKt4MQT-SkvfBSx-qlvubg2b6KOwgmMydj0Fqg2cJjKzGJZRupeOL8Jm3sU9IZzg3pAF6nrVVg8uv/s790-rw-e365/payroll.jpg

The Hacker News

October 10, 2025

Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries

Storm-2657 exploits phishing and weak MFA to hijack HR SaaS accounts and redirect payroll funds.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6M2Mk_m5h6N65jjDGVX4AmHsBVW6ou9RQrloE9wFrzWPykoJJtMgqx48QokDdXk6qZUYJh61b_9z0o1z7MorZg-kSeGgsYuGhxVt6LmjvAECLCAVHfo5yL1MI23zoK9eDrrvjWA5ou5_5Vh-Lo2DgcrYHeHP3hBuDepj_xAtDHV_hYhFZVSzgrDHrfF2b/s790-rw-e365/forta.jpg

The Hacker News

October 10, 2025

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra confirms GoAnywhere MFT flaw CVE-2025-10035 exploited since September 11 to deploy ransomware.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9E9Gk-E3tAqszpQaTnUcbiDzkBhMI5gfgepK0Q8azLXmHEolhPwrn3gEWDzisFgMW1RLbxgdLGS1rXZvKn35tKNiE7MqF60phyphenhyphentHpcBhKgidflNb3-LUAGfzdJCfevDfGOIJrRkQ2ECt1wrGwnvPMwot3aEqSJjyAoQWDCOBLYpzd8Y6zNiZrZhdcrqs/s790-rw-e365/_con.jpg

The Hacker News

October 10, 2025

The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?

AI-driven SOCs cut false positives by 80% and response times by 60%, redefining cybersecurity efficiency.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQBV8_oOxPwudRj1LYeRYYfTfqGdJNspxDsZdEaik1CN3pwKs_iRvpPO2M94Vg3jRoxTGhUFMsbFVWdKvoBvZMs8Enyz9LRlhw2cNsgDiNLxlOgU4g-ADGcg8yFt6q3pUoxgnBhL_xZdNQUnAwLHyujuVRm4HmBonEiU1A_D3O4vCzTzJVK_M_mwW8f2Mb/s790-rw-e365/msms.jpg

The Hacker News

October 10, 2025

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Researchers uncover 175 npm packages used in Beamglea phishing campaign targeting 135 companies.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFpozHtF1PQTsD-RpUuVO5cSYufG01hWx1-Y8NFgpTTQakZg-HZjSRQBt_2eSZE0zwa_6HGEkxF22vaC0HyEW0e4T0S4Po91yO-PbdjXwcS0foskmlO8x8WXs6WpzuoJFfhIqfwNHv9_BJTxWH-1xgxBm95pmIs4K6602uQmSP2qDftAZJBDNWFgz_mWSI/s790-rw-e365/glad.jpg

The Hacker News

October 10, 2025

From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability

Huntress reports active exploitation of Gladinet CVE-2025-11371, exposing system files and enabling remote code execution.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3YUJpbDUVwMVovPIMMFT8I_u95idVo9nYnSY0vEwKPMu-4lL_iumsiB-HV_FKlH2W-oFfpeEIQTolc1wcLC2pI9ZiYYboPPhIzqTCBxy3CjqyJtZpLms64cffHGTBm4V0PTUuzn268f12lSMTDuXhzBoN0958WYBiE1ho5cIIr2oLP6zWicEO4an7qEd5/s790-rw-e365/oracle-flaw.jpg

The Hacker News

October 10, 2025

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

Oracle EBS zero-day CVE-2025-61882 exploited since August 2025; GTIG links campaign to Cl0p actors.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOEstrhyphenhyphenCizrJ5PlhokPBRwlpC1NBlLi1ZOZIPhyphenhyphenPzYz_G9Ym0BQ-3RfmcK-GWOnK4TpboCcI9WU5r_ZbK5Jl97nD7MIAEOFyjyByLvCzyMl-jOGCe4VA1tnpnFTeT40m9GfbTiIdaCm_iS5fW-Fse_Hvq2TadRhGUQ6FcoRGLUaFYdD-RFNaMA7i60-IU/s790-rw-e365/chinese.jpg

The Hacker News

October 9, 2025

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

UTA0388 uses ChatGPT-driven phishing to deploy GOVERSHELL malware across Asia, Europe, and North America.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBW7NzBs5DgAJ2IJw5cj7fUW4lCbGH00TXlg15BFhceJegdd3WWB7zOuuRrNArH4wFRUIcoxzLyybLpU-m2SRJrK1cey_QlfvhRmOO3pSJkPHQPxOLOHz80pP-n-tmpT-1Kt4GX9kPR_HJkiTiWGZewCE6yxuhRg1juJOSx45L6NXuuo7_8Qmfe3O4rpPd/s790-rw-e365/spyware.jpg

The Hacker News

October 9, 2025

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

ClayRat Android spyware uses fake apps and Telegram to steal data and spread via contacts.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKVCoCUU92cuMge4jrED5l3NtGlvapm8j6ZW9_3ejj7hw3wIjj5ZTZZJnRL4-ljMYkxkKupkFzLnAdHehAlJP0ysckQfI2yMRfga9n4Bvw2UEPbmCfq-pZcbk5ivZV4bTMzCaLPf4wfzICo52y_sJcXDm9hn5pLTJ4AzmdVpMmwaWl6_sfTrMW7E8Hb4wT/s790-rw-e365/sonic.jpg

The Hacker News

October 9, 2025

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks

SonicWall reports unauthorized access to encrypted firewall backup files, impacting under 5% of users.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxdLoRmhgk02ysA3JqNdrlVNNh7Q59n-ohX3VRVW745LTKfuV7Dqi25wLBnKZlefHEl-TBPyhXI9jexCMkkfN6zBLyrQA1C6VgUn7NYfwdRJekim7_VLmGq-gtqMU-q73-q7dTEUGyf0CziIZJGgoymYa7o9Dm3qOi5_TRRFfbQhRVqgwivu_uWz-rEG3W/s790-rw-e365/threatsday-info.jpg

The Hacker News

October 9, 2025

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

Cyber threats evolve fast—blending AI, social engineering, and cloud attacks. Stay informed with practical insights to build digital trust.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj4_E2pRjfdBlyYUmNobyFyhXQHT4b_Y6YBgz_LLjB8fNzvPvWIGGFdGzVt6cJtt_-fnmh3EchkRQdFgAJwuNJ3DDh_a-fd55E8k1ADBfY5iJDEHg9s8V_7pqErkIFPhmfrftOGzkfyI6COronxWAR7XdOv40qkv4XEzRZT7X6nQuNfxbUkRCm5n6lpCU3/s790-rw-e365/reco.jpg

The Hacker News

October 9, 2025

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Token theft drives major SaaS breaches in 2025, exposing gaps in OAuth, API, and app integration security.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHcdU1Cz-4l67OKynaQJ3I8fsIczjJy8Er8zBil5NZb4T5HbslQSGXQd3GfPVmexCSRJdKajgcpr0Qn5GeYUnwPthimGseTrVuCp-xRi7ZJHqaeUKP-Vkes3M4E1KJcEZqhMcLMfe0II_BWLvCWbzau7iw_Vn6AxtRkLpVzW4DXvts6Bb2MUb_W-Meesgg/s790-rw-e365/russian-hackers.jpg

The Hacker News

October 9, 2025

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Russian hackers’ AI-driven cyberattacks on Ukraine surged to 3,018 incidents in early 2025.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQr77l3KfGngFbogrkpR-NnGUpe7k1b4riMJzgAoW2vQJydnf-6Wbrm_vpuaTa7mW7NcYNS51LJmtt0LbA0zJ6sckAx9aYVaw-5R4T_e_PC6oUcUCDyJSZwRS_uz2d7TWZbRDCYrjGI3E-k3ydbpW_qtOcS-bvrP5gGvKL9bMPnUnxaS175Sx-haH1XVCq/s790-rw-e365/wordpress.jpg

The Hacker News

October 9, 2025

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Critical WordPress flaw CVE-2025-5947 exploited in 13,800 attacks lets hackers hijack Service Finder sites.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOYtQ6iBZXeM_9-6-jbrGzyCTATFy9WOpr6EwvQtQ5CnLpPu8kgdYgU-N2QuSW6lSHPJBAu5a0L1PJdHUloy8IHJoLoU7GjAYinyJCBVEW_4I8jHryCgx5petplyS1wOc8W4utwQWqgY_dCu6JvoJ1VYpA_5LjOW-xFblJOKYSZJaWhKQOgOVbWuR5_mlB/s790-rw-e365/clioci.jpg

The Hacker News

October 8, 2025

Hackers Exploit WordPress Themes to Power Next-Gen ClickFix Phishing Attacks

Researchers expose new WordPress malware and ClickFix phishing kits exploiting cache smuggling for stealth attacks.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFEU3_4hcDo6-rpmSdC4oOu6lqXwcs3zW75gC_vy27ch8215WSh_iF7dFmhHFNicFoE8OVHQ_OBo6mkPv5k1h-zla2zh9NB9NafhAhUl09c1JdaZyFNiL2J4WEbWvBPbWzqWK9_QcF0DD02XdxRyNmxNOV3P9Fur-cdMGfmvR2wRjm02Occ8nXnmd7sP79/s790-rw-e365/chinese-hacker.jpg

The Hacker News

October 8, 2025

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

Chinese-linked hackers use Nezha and Gh0st RAT to compromise over 100 servers via phpMyAdmin flaws.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7l0YTvsStRgMRAiw_OA_YpgmYvFPbaQjLuAnwMcEeeotQBHL-adsp8HhOZNf2DDJ8Ndc1URdC-47JRVjp5gWHItkY0XNkFLGnuAMkqmmbVLzMgyOCTZHHWDOpsT6W7EScav0tKAuII3U9leT1pjduP6UKFgShDYFU-vRKHBe0zTJVv6vO-1p1Xf9vAg_C/s790-rw-e365/ransomware-attackers.jpg

The Hacker News

October 8, 2025

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

DragonForce, LockBit, and Qilin form a powerful ransomware alliance as LockBit 5.0 emerges.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivwsTf3ky6VtqQNr71Isd3UjCjU91fQSbDth8CN_3x4djTM6cpsvwUFIgI5NmlL1egPOlFkSqvpWKOT8d_sehIcb71Af-MbYuauCbHwbdqzI3N-u0Sli972aMWvccaR1LZqHunBp-Z_dMtum5NXcaCcefHAe7hD1eRFGz7x5s35Er8JLhIgjDkEaMYNL0/s790-rw-e365/password-security.jpg

The Hacker News

October 8, 2025

Step Into the Password Graveyard… If You Dare (and Join the Live Session)

Weak passwords cost millions; learn real breach lessons and prevention tools in Specops’ live webinar.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEeozb0vcoEHmYPAHRjF_BarXG0GIfTsono3rvP0iaLcasgFGchotwAxyhSKOcNoTsLlmzcIcawrbn4Yr7-FJCXYb0ndzLomPC9FKh3PfYx-EeV9pzpjm9nUezERDwzKGF6PbZKfv0jlozgQe6c7VUL_POXXOkkf5ed2moXnW3WccqLtxgl54KSrwgGoBZ/s790-rw-e365/figma.jpg

The Hacker News

October 8, 2025

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely

Figma MCP flaw CVE-2025-53967 lets attackers execute arbitrary code; patch released in version 0.6.3. (

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjH27wmKHmbucQzDMPHCmT6HdEZSoRqWpBH0SVcGRZfdUktxb0C9_MVjhE6PYR4VYbp9nSIAtN4ghVo8wmz1NGcOL_4OPK8gqaJcRPhGtTEkVKlLa8i6ti3nyZM5IJSYROd5FEkf9gVD0ZQ4vSpIWuSRHV938OFfapC0PZ2c3ch9pajFWeaF323ONJkIkS/s790-rw-e365/ai.jpg

The Hacker News

October 8, 2025

No Time to Waste: Embedding AI to Cut Noise and Reduce Risk

Automated pentest delivery replaces static reports, cutting weeks off remediation and reducing MTTR through real-time workflows.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6chC19HKnXwdVSqh15tLVk9oZnCqKy6GmdtBpDR181tsPB6mrx4hyphenhyphenfO_ef44UZkKjSlpQnCiifEtuA4W6aSh29FTn2buJ2DQf8rhKxKukFLSJQ2b3SozL4hIdBWX7KtR2ikKEZ2Cf4wMb0IwcOxkBM_RPm_aKYuqRUHclcauw4yB8JCqWdEUiTdhsSKoZ/s790-rw-e365/chatgpt.jpg

The Hacker News

October 8, 2025

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

OpenAI disrupts Russian, North Korean, and Chinese threat groups misusing ChatGPT for malware and scams

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3onTtFdPw7bt2VAq1edGyWHsu4DDxj8IH3SLKamrZiJw8iBkcCwfBIhC4fp_W045XPW8H1oZnhH9cmbRqXwvYjV9MRfYPBM04ZOhD86mIOLnBkulJjQNogk7D7FZNxSUNCn80uUqVSOnmCM3YIshI5WqGw5hmgEHX2rVNGXTUeqRft0rCqgEEFlsjuus/s728-rw-e365/oneidentity-main.jpg

The Hacker News

October 8, 2025

Identity and AI Threats: Developing an Access Management Defence-in-Depth Strategy

AI-driven threats are redefining identity security, demanding smarter authentication and preemptive defense strategies.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMjRrqq-UN3pljzGEnoc_k8mvTwIWaW5ABEVsV-07P8aqUuVceB598GqhFiHbVj4fLUjaEV1A2-hLXaJY-CYpNS8tUyDKljg4oBDZBlaxfDLTGuWgVUKb0Hyal8Gl6ksA2jJjhcO4dod0hFK5Og2biOZw9aD0r_eWjgaMMlukktTkp6MSbaPJ60hiO6UlN/s790-rw-e365/hackers.jpg

The Hacker News

October 7, 2025

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

BatShadow uses fake job ads and Microsoft Edge redirects to spread Go-based Vampire Bot malware.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2_yOppUpR_OzddDQoSv2TmchRraf0gplmCW9EB2E3CKL_L2W7Mn0vOUsZCw8MOuy871WmTwFbzImnFvDfRr7GK8DKeReeZqhZYVKIl5i7viICUT7Fm9HxvqVbluyxYeHxq-eTTx_kDSZcWyEx7YrrrkHjT0JjC3g-s7KCqB27YspV8URR4eeRnKwK6Vd0/s790-rw-e365/google-ai.jpg

The Hacker News

October 7, 2025

Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them

Google’s DeepMind unveils CodeMender, an AI agent that auto-fixes code vulnerabilities and enhances software security.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAb3HN9cQzmGSvd5iH1Pb396dWpf7EA2w3eN4JupNp1IVbz4cRypiYci-dkgnswgphQx-Jty8z4Qgu_idzIkQgXCH0ePVGhqZoT11LVw_utt0TvRhjk5hqetM1MiGmgbw9hdscLxBZ3AHF8aa0uYj_YmzmBDz6-G8HDpTyxvDr4IScTY7xK5oe__YwiD0/s790-rw-e365/ai-data-leak.jpg

The Hacker News

October 7, 2025

New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise

LayerX finds AI tools now drive most enterprise data leaks, with 77% of sensitive data pasted via personal accounts.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLHtjziCIhRv5PwpT1cAfKtXq4mo_NNfMegCCb_Qk6y0vVTBsWJ95D6Z8zm1rUhSBgXc1_SXMGyUz_MrJi_lZ-imveOwHrUFysV1iGypleIV_uTpUhPO0L4MQrad1W0de5pRtB9aBqB6gb7fRqJAuUQ5tSivB5r7ABrQXhw2GJGsfK7SA-BJ2raeCItUFk/s790-rw-e365/xworm.jpg

The Hacker News

October 7, 2025

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

Trellix uncovers XWorm 6.0’s advanced plugins, phishing tactics, and resurgence under new operators

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-QtGr5F2Nz_45W-3gFImDExFplzy_SofQQ04Jt6VpQ0AwmHWJL051s7XEDrRyqgKGXwGXswsMV0YLFtlaOpIocgkFYjwK4G-YxTohEfw4VJ-UiEPs2r7CGYYiBtnVOY2X_hfOe4pMhT93BnIy_dINOZurojkpf-AKHDxfVv703OINDm6hqtbnqOQ-Brlr/s790-rw-e365/redis-flaw.png

The Hacker News

October 7, 2025

13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely

Redis fixes 13-year CVSS 10 flaw allowing Lua script-based remote code execution in all versions.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjONYKldOYGHsSAgX0eRSfnUTAjhjbHlDQ7OYBBCnYsH4jW7f-egFBxRvHiJhmtp5EPVKALsBk700DlaF5HXseSDdu0feEDRDbI1D4aibv7d6kHZuvqrCYaQ0kQNk8N9kCAmlQFCy3qFFf9gJLUgTXg-1r0o1iffqYq9bBPuO85uj-Igf8zrSF-Sq2B29A3/s790-rw-e365/Medusa-Ransomware.jpg

The Hacker News

October 7, 2025

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft links Storm-1175 to GoAnywhere flaw CVE-2025-10035, exploited since September for Medusa ransomware.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_E80fLCTOyE9oZStmxUkAY2S7iogIJtqgN9qDKEY2NFBEvyufU3MpJ_e4Hna3sat5lynYV7L1LjCyPYnlouSfeCS06lhZf1az_bkxxXLXFIBETvrGS57yUrmiDQACc6eD9ByzSRyUgsObte06i0mm85QhnuApnq97MmG7pZgk0PAtMj_d0voohEhP2x-8/s790-rw-e365/oracle-cyberattack.jpg

The Hacker News

October 7, 2025

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

CrowdStrike links Oracle EBS CVE-2025-61882 (CVSS 9.8) to Cl0p with moderate confidence; CISA adds to KEV, patch by Oct 27, 2025.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiF0z_po4XXG0pqRMsuMzKsQ2c_2IilXtnzE3gc1CtiYXSKUOypDZJ5Gbv8xmfGP5pGSWNuJq8L6bHB7if2p35F3azkPjwqxBUBCr3KkUFp3Tg_fc8g3wCKvRr2-yTF_-doUkyqDMZvTeQ8fRN4N1BgVY2tn-5nv1LXYuZFLDSa6EvlWQeFoyOYq2tqjyst/s790-rw-e365/chinese-hackers.jpg

The Hacker News

October 6, 2025

New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations

Report links BIETA and subsidiary CIII to China’s MSS, citing covert communication and cyber intelligence tools.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-16ZOwFFzhbYAdpEvzFJqYHRoFcNnOR2NWEDpwL2ya7TeCBsyoRMa2rA5-ibME3xrn_xwEtR9LWQvMfI57HQJI977nOqnoBypqL2-U7PWROlxUEjhGTh_pz6WLk72Mlhczrz-mH9qVfy_hB5Ke6RSnUB340E02Y6mdwxWNn4TffGzRe4fUUfkYH3o2hW7/s790-rw-e365/recap-mainn.jpg

The Hacker News

October 6, 2025

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

Your weekly snapshot of cyber chaos: from Oracle 0-Day exploits to fresh spyware, phishing kits, and ransomware twists—here’s what’s shaping...

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfz3KCjm0Q8FYWkOgHENEAln0t4oa66D-4TJdIrkM-0yEpSksS9oZ_JlWBd68weRkQDK5M3Suy3BcNPfNmq89gP3hcMRDjcekzXMyctxdXoW8NZzvBv1KXshfrnCkRg6P7GgyhotfR06-URHB31CcC4eZLfsm-u8E2sA1PP4F3PDcE5Q1e-5WVDNJoI_0X/s790-rw-e365/ai-cybersecurity.jpg

The Hacker News

October 6, 2025

5 Critical Questions For Adopting an AI Security Solution

Five essential questions help organizations select AI-SPM tools for data protection, compliance, and scalability.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5lq1VwGPxErqaYK5Or5Qfb2Dtmn7IhLPFWGw009bD563o4PaYVAg57qBcDMO7dNIth5f0ltofaFuJ1g8bfK7Z-ixBKQVoXZbUx5rtxHSW8agab1DQ8DW5ZSOyO9n7YpAaEV41QRizEjQR2Gm86_L3Nh5JFbKpzq7tzKe4BgSFKM5y9N0ZE50NaSpK2qF9/s790-rw-e365/scams.jpg

The Hacker News

October 6, 2025

Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers

Chinese hackers’ UAT-8099 group exploits IIS servers with BadIIS malware for SEO fraud and data theft.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnxCYsEXKdQeC582l2xUR18p9qT9PP-_OwgroBPjibHEFWoZPrqTUckH1p0-NMSw0TV5lT6ih4jyxHy3BTV_6ApzqRCK5RAHSJU0S78WyrtWGyecrbDmCy9yrDDnA128PXV_zPCEjOHxyMbYfd52xiy2RMqZJrG1XMGW8urAl3WmkwbZNCAcpg5yTt7p-a/s790-rw-e365/zimbra-email-hacking.jpg

The Hacker News

October 6, 2025

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files

Zimbra patched a CVE-2025-27915 XSS flaw exploited in attacks targeting Brazil’s military via ICS files.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi45_vX3mA13QmCC3yLMn-k1mUEB2XZ1iLaS4Bft_m3UGI2ovVIXPBSK_Dk0tcv_h1jrLw85E9yR_cNFYKruGcrlAechzkw1-DgT6AqL3CtyXWOQIO5tW_nHqTums9SvLA5s-ZTxxx7o6_NclIvpKZShXjyCOi4zWBU_Em12NW5QX3Q0GIoeBIUsI2XCLTt/s790-rw-e365/oracle.jpg

The Hacker News

October 6, 2025

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Oracle releases an emergency fix for CVE-2025-61882 after Cl0p exploits critical EBS flaw.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgorwmjuPzyKTaxrCOk6ybatkgm5ZlrAYowJKAuoKEqLRbddXjRwcg1iMJcfkMId_4UT0XlCrTS2VHboqdKY6rIJUcCy8S7TKaBLPD12uqFxsHdLhtIXjoVVHH11xZv4rAMTnoIvMR8_viqC-Dbh8Wyygk_rTWZIP-e3-I1eB2kLrB1fecck3iwVzAxNco/s728-rw-e365/xm-main.jpg

The Hacker News

October 6, 2025

Cracking the Boardroom Code: Helping CISOs Speak the Language of Business

Boards face SEC and NIS2 accountability, yet weak oversight drives urgent CISO risk reporting training.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwWp92LLwf39kJRGpZlxBeffkH74h78brDhvkWhSeaYBQmczdHMC33qaikHS8QCu-EwN1TEAe3ywdZuh4S033zL_y2R8p4uuoaXyXQp5_yhUIGW3rs3dOmXzHP8RRsfidbx9CzmGxqbzffr6mO418YB6OnyGFVg0gntgQ-JRUDJC3PkB8jlJr9JiqwSn8/s728-rw-e365/action1-main.jpg

The Hacker News

October 6, 2025

Continuous Patch Management: Why the Future of Cybersecurity Demands Real-Time Vulnerability Remediation

Continuous patching and automation replace monthly cycles as breaches average $5.08M globally.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwIREfLD0f9VnhVlWQeaAaQQQLFAE8Yq11lxwmw5UA9-54l9pbKf064vcz5GHQ1Rer9Qc892qln_Fn4RdecChxbCQk2qurb0OndYaSsdAt7qXWn61Binw_OZ96OtLwpRRXfq99QHnoGeCPiuqOE2yBAE2lVhgmUSdAjw32GybKl8HeYJGK3DcyEAOCWpRr/s790-rw-e365/comet-ai.jpg

The Hacker News

October 4, 2025

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

A single malicious URL can hijack Comet AI browser, exfiltrating emails, calendar, and user memory via encoded payloads.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVlh6dseVQZIo9E7j4gKPiWbf9wDAoGVPr4DyhfsZB7iacAtu-Y5NAnMi1sWowgrtNrNQHhyphenhyphencPQgxvdClooUDsgL4e6FXfv5AjFQbVxQMO_PCcOfJ159qmn3kZbX1Q2o01jW1X0v16jPGCi8ttsPyLtwPmK6hZXduXtaA70Ioue0iCJUpU6Bd9myawUyb_/s790-rw-e365/scans.jpg

The Hacker News

October 4, 2025

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day

GreyNoise detects 500% spike in Palo Alto login scans, linking it to recent Cisco ASA exploit trends.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1j33LSzml8_Sl5Fp1kzrz_mVBXrvUzNw1aiEdY7RboQ3CagFk7sajYWtR1I6RTa6TlqIDCmgKc6rKpoFTEgiaadGwsIrznFyjk1i0JsIIsBB-IM9vtDExrH0aaWnY-fRVd4JyvTcNTxdTewEZKUoGBA7blWpBjvgMPwPZisEPWfnuQtbQWE0wB5I9F4aR/s790-rw-e365/dns-malware.jpg

The Hacker News

October 3, 2025

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

Detour Dog used DNS TXT records and botnets to distribute Strela Stealer via StarFish backdoor.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhizM08GLG48jlna2kwiWsliLcBCG5Bbb-iM2NCvEui90N919_bbrt-CS44xzBr3M9ccjqRMuGSPvzCYKKGubVFuaugLDMjfLYR3Dgqp_V0Qg-YZS3nBEzKkzvkO2JfkXAkV2hyy5qBQt6XUp1ta8Ed7eQF4sBeH13OfHBdhj1JJljqMLCnU8lTtMd7aMBM/s790-rw-e365/stealer.jpg

The Hacker News

October 3, 2025

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

Check Point: Rhadamanthys MaaS stealer (v0.9.2) expands fingerprinting, PNG steganography, and tiered pricing from $299–$499/month.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZi_3aFVtIqXv86N1AY3tMum1vYvspKQJ06jdx7TUo4kbJ5xVFGXHxn7gW0cS5jNbxxjBfC_lXvzdGAs_jr_02xTgHCmQeipOk8dPyBb9vCejfZ926QaA45BBRVxRhHLa-Xlv3eW6_qlLDdAArC8RLNE_QE2ByXWQCjiuncQxb1-TINGE_1jaIVjDKV07P/s790-rw-e365/whstsapp.jpg

The Hacker News

October 3, 2025

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

WhatsApp malware SORVEPOTEL infects 477 systems in Brazil, spreading via phishing ZIP files and spamming contacts.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8FRGGcvEftQ7ZU-kAGNuYyzpiiEI3kRRxBjikjcQeX0POahjC7VnAgXrOohBRUumEYmu-VtRqmKjUf5BQuoy_n_cQAqL1aXOOKFC1YxdTjuIF_bETIKETYHmzPu2NyYCWMRpoJyU-P0qobZXVOU_H6ytL1xMkvQKfkwTU1a7fS_KuCeYnkh2RSDAmlaz5/s790-rw-e365/passwork.jpg

The Hacker News

October 3, 2025

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security

Passwork 7 unifies password and secrets management with enhanced usability, granular access, and ISO 27001 compliance.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVsTl631iiQsWoBJb_rx7mzUyk0TbL2bKhgSsH1iwIa2VOMDJLJ-XBqQRyzw8FuyfDQ21duI5iED5f0fxb7YLBctGOaNm2pSXfPhHHQLSv7CfyAFbMQ3enx7o_UVcdhZFfljSL6j8ccy9c_8MvIBUpldpWAgajd8GG-h5wNVviKx0yLKJvY8NYDLbZ2lPp/s790-rw-e365/cyberattack.jpg

The Hacker News

October 3, 2025

New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT

Cavalry Werewolf used phishing emails to target Russian state and industry with FoalShell and StallionRAT.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3Vf5tvpRo-cxVfClYZXnuH7mBd-k439wei9RCLJXQkiQk-PdE7VJ2C2ZuARR1GIrg2UTt0aqFh-QALu9Zu5FQDhZHg-11c6UCCfN3n5ILXT9QBobEfGrT-pNfA3GJRcIveodbWL_HkuERMNFQvKCHKhsbp_RD5bRnDjeB-98W6tJJGNIoxJz3nXbF8rxl/s2600/onekey.gif

The Hacker News

October 3, 2025

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

CISA adds actively exploited Meteobridge CVE-2025-4008 and four other critical flaws to KEV catalog.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs19se3oOTe2LKNLUVG1eUCTWL7f7pmFyqFtBgj7tSlhbaY6nRVkoXwoPqW8fGjhLJsxkQYJXs4_1_VfbE2BhpB-_4qQ8YBbRyp39sdMuBB_Lr_LWxBS7mbyL4UN1wi-jbbPaiysanHv-G_fBH4edQvQRSHNX4IRTvdSRL6ZDvRgcZ02svkL14zVCL0Tji/s790-rw-e365/pakistan-cyberattack.jpg

The Hacker News

October 2, 2025

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

Confucius hackers target Pakistan with WooperStealer and Anondoor malware using phishing and DLL side-loading.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfa-xMSqpR1TXI-6NbnLU_43mk5f3vCCEETqWLI3JghfYB-uYaTITrSy3sYfGJdEgUxnnXCmH1qsIb0vEAK9dly_0VfIlUfE0Q5wbsW0ObMzlVtetUUG9lLvkezJ9CpyqfrsF84yXFCOHPL-61508ZN8ISsdDM9MX8XNfopDAUjwwWqKEq7MGDjtLr54Ga/s790-rw-e365/python-malware.jpg

The Hacker News

October 2, 2025

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Malicious PyPI package soopsocks downloaded 2,653 times before takedown, exfiltrating Windows data to Discord.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7V41p7xY0-_lntNTBJiSMyKpbGoEpSZiNXmoq3-JaBmz6js7WmMrmSZA3XKnWtFLSsV0Nd1AByIHXJrmnq9CsmcQ-Y-5wQQR7oIkgPPB38xC6CpzlGa9CseOb8lhY6YxiQPM7g9FNT9ZfTiHBBaWDqYlIJ3COLQLkem-h0Lm3842FApcu9vKUC_AL1ZM/s790-rw-e365/workflow.jpg

The Hacker News

October 2, 2025

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact

Automated workflows accelerate pentest delivery, cut delays, and ensure real-time vulnerability remediation visibility.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_GsKZElNVUgtfDyLl636V5bsjYBST6CK6LVzm6AnTeCVxBTZw1ThseEVQM7GRX0r_LOhMculWoqCdXxcXZSHDzkU10GitC6f0H4B-UKRdomQA1XxrdmBBMHxxcaOGlZ6uKW_fUHYaoc7NzzC5lDvTt9fVUpSz6mN1Y6BBxYySfHAiBNJ7o8UFtAsa7iYW/s790-rw-e365/threatsday.jpg

The Hacker News

October 2, 2025

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

Digest: Claude hardens safety, CVE-2024-3400 scans surge, Drive blocks ransomware, CarPlay RCE persists.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6NCeNSGWmZvY0qC11oOejgnffOr23P92vBPECt4-8D-pxIhPCl1uGF8-5tEbSc9eedjp24dpaWCApAEbLXtr2-vuzj9mZLtn2-G1g6s9hTF0cR63znJh_Swu_9VS_8Mx-bLL6L2RQJozopUPmEOobnGVMxiq4Tti5eXF8h8pxnYWkWrivzA0AiXNEoyxi/s790-rw-e365/oracle-ransomware.jpg

The Hacker News

October 2, 2025

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware

Google Mandiant tracks FIN11’s high-volume extortion emails exploiting Oracle E-Business Suite, possibly linked to Cl0p.

Showing 50 results of 57 — Page 1