All News
The Hacker News
The Hacker News
June 13, 2025
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
Apple patched zero-day flaws exploited to deploy Paragon’s Graphite spyware targeting journalists and civil society, raising global spyware...
The Hacker News
June 12, 2025
WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
Infoblox reveals VexTrio’s sprawling adtech scam network affecting thousands globally via compromised sites.
The Hacker News
June 12, 2025
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes | Read more hacking news on The Hacker News cybersecurity ne...
The Hacker News
June 12, 2025
AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
Invisible AI agent identities expose organizations to attacks, risking data and cloud security.
The Hacker News
June 12, 2025
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
Critical zero-click AI vulnerability EchoLeak exposed sensitive Microsoft 365 Copilot data; Microsoft patched it to prevent data leaks.
The Hacker News
June 12, 2025
Non-Human Identities: How to Address the Expanding Security Risk
70% of secrets from 2022 remain active in 2025, putting enterprises’ machine identities at risk of breaches and compliance failures.
The Hacker News
June 12, 2025
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
ConnectWise rotates ScreenConnect certificates by June 13 after config data concerns, impacting on-prem users to prevent remote access risks...
The Hacker News
June 12, 2025
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
A new ATO campaign using TeamFiltration breached 80,000+ Microsoft Entra ID accounts via password spraying, impacting hundreds of cloud tena...
The Hacker News
June 11, 2025
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Black Basta affiliates use Teams phishing, Python scripts, and cURL to attack finance, insurance, and construction sectors.
The Hacker News
June 11, 2025
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Coordinated brute-force attacks target Tomcat Manager; exposed cameras leak sensitive data globally.
The Hacker News
June 11, 2025
INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure
INTERPOL and 26 countries dismantled 20,000+ malicious IPs tied to info-stealing malware, disrupting global cybercrime networks.
The Hacker News
June 11, 2025
Why DNS Security Is Your First Defense Against Cyber Attacks?
DNS attacks threaten every online interaction; securing DNS with ClouDNS protects businesses and prevents costly disruptions.
The Hacker News
June 11, 2025
SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords
SinoTrack GPS flaws let attackers remotely control vehicles and track locations, affecting all platform versions. Change passwords now.
The Hacker News
June 11, 2025
How to Build a Lean Security Model: 5 Lessons from River Island
Lean security with automated exposure and threat detection helps River Island protect 200+ stores and e-commerce without growing the team.
The Hacker News
June 11, 2025
Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild
Microsoft patches 67 vulnerabilities, including a WEBDAV zero-day actively exploited by Stealth Falcon. Critical for enterprise security.
The Hacker News
June 10, 2025
Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
Adobe patched 254 flaws, mostly in Experience Manager, impacting cloud and on-prem users, preventing critical code execution risks.
The Hacker News
June 10, 2025
Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud
Salesforce Industry Cloud has 20+ config risks exposing sensitive data; customers must fix most issues to avoid compliance and security brea...
The Hacker News
June 10, 2025
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
FIN6 uses fake resumes hosted on AWS to deliver More_eggs malware, targeting recruiters to steal credentials and card data
The Hacker News
June 10, 2025
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
Rust-based Myth Stealer malware spreads via fake gaming sites, stealing browser data from millions worldwide.
The Hacker News
June 10, 2025
The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
46% of firms faced non-human identity breaches last year, risking automation security. Managing NHIs is now critical for enterprise protecti...
The Hacker News
June 10, 2025
Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account
Google fixed a flaw allowing attackers to brute-force recovery phone numbers, risking SIM swaps.
The Hacker News
June 10, 2025
Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
Rare Werewolf APT uses phishing and legitimate tools to attack Russian and CIS firms, stealing credentials and deploying crypto miners.
The Hacker News
June 10, 2025
CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog
CISA warns of critical Erlang SSH and Roundcube vulnerabilities actively exploited, affecting servers and webmail users worldwide.
The Hacker News
June 9, 2025
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
Reconnaissance and cyberattacks from July 2024 to March 2025 hit 70+ firms, including SentinelOne, linked to Chinese threat actors.
The Hacker News
June 9, 2025
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
Mirai botnets exploit Wazuh Server flaw CVE-2025-24016 to conduct DDoS and infect IoT devices worldwide.
The Hacker News
June 9, 2025
⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks
This week’s recap tracks how trust is being quietly exploited at scale.
The Hacker News
June 9, 2025
Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise
In 2024, dormant accounts, unmanaged SaaS access, and GenAI permissions expose enterprises to data breaches and insider threats.
The Hacker News
June 9, 2025
IAM Compliance Audits: How to Improve Outcomes
71% of companies risk failing IAM audits due to complex regulations and manual errors, increasing breach and penalty risks.
The Hacker News
June 9, 2025
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups
OpenAI banned ChatGPT accounts tied to Russian, Chinese, and Iranian hackers using AI for malware and influence campaigns.
The Hacker News
June 8, 2025
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Supply chain attack infects 16 GlueStack npm packages used by 1M weekly users, enabling malware that steals data and controls systems.
The Hacker News
June 8, 2025
Malicious Browser Extensions Infect 722 Users Across Latin America Since Early 2025
A phishing campaign infects 722 users with malicious browser extensions in Latin America to steal bank login data.
The Hacker News
June 6, 2025
New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users
A new malware campaign tricks macOS users with fake Spectrum CAPTCHA sites to steal passwords and deliver Atomic Stealer malware.
The Hacker News
June 6, 2025
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
Mirai botnets exploit Wazuh Server flaw CVE-2025-24016 to conduct DDoS and infect IoT devices worldwide.
The Hacker News
June 6, 2025
Empower Users and Protect Against GenAI Data Loss
Blocking access to public AI applications is not enough to stop employees from putting data at risk
The Hacker News
June 6, 2025
Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam
Indian call centers defraud Japanese victims via fake tech support, leading to arrests and global cybercrime crackdown.
The Hacker News
June 6, 2025
Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV
AEV automates continuous attack simulations for organizations, helping prioritize exploitable risks and improve cyber resilience.
The Hacker News
June 6, 2025
New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack
PathWiper malware hit Ukraine’s critical systems in 2025, wiping data via admin console access and worsening conflict-driven cyberattacks.
The Hacker News
June 5, 2025
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Several popular Chrome extensions send sensitive user data over unencrypted HTTP, exposing millions to interception and privacy risks.
The Hacker News
June 5, 2025
Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands
New findings reveal Bitter, an Indian-aligned threat group targeting governments via spear-phishing and advanced malware
The Hacker News
June 5, 2025
Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation
Business Value Assessments help CISOs link security risk to cost, showing ROI and reducing breach fallout.
The Hacker News
June 5, 2025
Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware
Iran-aligned BladedFeline hackers hit Iraqi and Kurdish officials using custom malware in ongoing espionage effort.
The Hacker News
June 5, 2025
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown
U.S. and Dutch agencies shut down BidenCash, a carding marketplace with 15M stolen cards and 117K users.
The Hacker News
June 5, 2025
Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
Cisco patches critical ISE flaw affecting AWS, Azure, OCI users—unauthenticated access could expose sensitive systems.
The Hacker News
June 4, 2025
Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App
Google has uncovered a vishing campaign by UNC6040 targeting Salesforce users through fake Data Loader apps.
The Hacker News
June 4, 2025
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads
Chaos RAT malware targets Linux and Windows users via phishing and fake tools, enabling remote control.
The Hacker News
June 4, 2025
Your SaaS Data Isn't Safe: Why Traditional DLP Solutions Fail in the Browser Era
Legacy DLP tools miss 70% of data leaks now happening in-browser across SaaS and AI apps. Learn why this matters.
The Hacker News
June 4, 2025
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Malicious packages on npm, PyPI, and Ruby exfiltrate wallets, delete projects, and exploit AI tools—threatening developers and CI/CD pipelin...
The Hacker News
June 4, 2025
Solving the Enterprise Security Challenge: How to Validate Across Complex Networks
Enterprises overwhelmed by alerts can now test and fix risks faster using Pentera’s AI-driven validation.
The Hacker News
June 4, 2025
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass
HPE patches 8 StoreOnce flaws, including CVE-2025-37093, risking RCE and auth bypass—users must update now
The Hacker News
June 3, 2025
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
Fake Gitcode and DocuSign sites are tricking users into running PowerShell scripts that install NetSupport RAT.- 1
- 2
Showing 50 results of 51 — Page 1