All News

The Hacker News

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEix7lO2tZlaVPDw-zl3ldkESe8_Mexg6Aiq_qRHAlTL5gFubmelER0V-H7fIB8ysGrvHMzl_aXKk6reTFDx_TMwNAPKFwJL5yRjIPMr6OXhQuMvUJk4q2bqq_mpoRQoGyI9mRuOVx2c8sHb80w9_XgweJa7jTgRtO8tYIgbVpBck8XN-wkas8GtdCSrKsbP/s728-rw-e365/russian-hacker-isp.jpg

The Hacker News

July 31, 2025

Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies

Russian APT Secret Blizzard uses ISP-level AitM attacks to deploy ApolloShadow malware on embassy devices in Moscow.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1ulF8cugZ2yWSj-9HHCQQC0Hxj3aOXBCT9QRBVV28T0TwBuWRO9jTTQWHVip3ZHrtkwPM_xtLMO4CTv8bi3dG5La6FjlXtY6Jd3ShhscdYravCifcKBMP6hyphenhyphenP91u_xURqpAOmSSWCvuoxuu0cFSzJmi55MsaCfFUrWzdunKw5a24gt1mHVo4iD547q0jM/s728-rw-e365/phishing.jpg

The Hacker News

July 31, 2025

Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials

Threat actors abuse Proofpoint and Intermedia link wrapping to deliver phishing emails and steal Microsoft 365 credentials.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggqpdQFucf7eMltR3kiV6Dx4ZW44StM2xiEW4mgqPYnY5zhRAKRppB7ddG_AxAp6jgkKacn0cSO8Hhw26pPoyGGQ4xtCgaAS2y5pjkZDczq1ZGQkfo-dl_d8uyS5bVHuKLtlCMA20LqUb3phHBq2M9sw3bgv5opoeFJ23mirJRoQ6oLVoOWJsQmf3jOJAf/s728-rw-e365/korean-hackers.jpg

The Hacker News

July 31, 2025

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

UNC4899 used job lures and cloud exploits to breach two firms, steal crypto, and embed malware in open source.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRnuZtuhhd4JQVPRphZntyGJPVTW-pNxKPCLtBZQfISSkilafWacRYdzNAM82pW4k5Mn9UYwanbePOAAvlTJNnxo5K04OZ0W6b7VWW5cSj7DMFqWPDJ6UVTAB7zH-Y8KVy7BtSLhkjV6mpGaCKZlickWV18oMRLPsNcRgEoP66qNV2MnUx8feNCjKd7Eo/s728-rw-e365/main.jpg

The Hacker News

July 31, 2025

AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals

SentinelOne boosts enterprise cyber defense with AI-powered endpoint security, cutting response time and risk across industries.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyKsRdqJgv59iu-VjJpzBfUpk8502lforNDu1eceFjOEA1gmr6Ryx97qAvg1u__gsuWSnTO5B2Y_E5TPuvpcjszt3mJVGj0jaZNuJv7mXTwl7gbNxoV__t1ym4CSN0jmqmNj3uJf_G3dosBIijWlMrfpEWZ9w2-tYTsiefjx_s8R6ZLUgntvMZQY676h53/s728-rw-e365/atm-hacking.jpg

The Hacker News

July 31, 2025

UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud

UNC2891 used a 4G Raspberry Pi and Linux rootkits to breach ATM networks, exposing flaws in banking infrastructure.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhV4M-OvBrhLlIcUQcu-1oT8woMKpF7-F2z8u69AAwdHtXUVAQOI7c3xacZpNWzLq49pc-5jypThPgwT4wbuHsXQWj_AG9ziZ9udVA9MxzY1shtUUrgSZguW0oW2S2Qvhnlc7sBQRLuXT0xGQ3QmB4MqNyE3zA2Ys35hNyIrdSSCvkEfxeN6vuFvdTLlOE/s728-rw-e365/main.png

The Hacker News

July 31, 2025

Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs

SOCs face alert overload and rising costs as SIEMs struggle with cloud complexity and false positives.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiyrEWM8cKXZmuATYdVwe7GQMAx37moLSG8_ohkY4d2FdpLUBmRWdU7o7Uj_Nl_w-zybDkrWv_R9bwozz_Ls6bz9Z7oC7y5Whd62NeLRE2Za70PZLrw6Rhffxo3_7e5EkG4EIVRyHs7OVU47xrJKAKDl_Jl9Pjv0I3NtmKrQYKwNhqnDDuiInnPmLwuQq3/s728-rw-e365/wordpress-shell.jpg

The Hacker News

July 31, 2025

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Critical WordPress flaw CVE-2025-5394 lets attackers take over sites using the "Alone" theme. 120K+ attempts blocked.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiielj835oaQX7e_M8ZMZwr61HPcC5VoJzhuAohyKRVewxUBJnw-xlh4DU5g1jlZkvmefHKp6fz9CjVo68Bn4AgsoD2B8UTPWMkp7a9XqC14o3QifAjblV7-9SoX3UVWk58KO_EkEpF_QNHm8lpDYaxlFzSS1TGi-5yO2apPB2wrREZQaGbRSrOJFSR2EFP/s728-rw-e365/btc.jpg

The Hacker News

July 30, 2025

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Malware campaign using Facebook ads and fake crypto apps delivers JSCEAL, targeting credentials and wallets.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7PmGsgllMAOwglnKzxlkwwg_pjF0l5IDIeFKjdhC9_2lSS6a9TFqT1JFST8hwaNaq32tikFQJtI-pmGx-gwU0KxFqdDmUMjhSKRIRfqwZrdBnxMC3eJlZIfu0pWCva_HdexQ9H6vuocpNQ8FuIsJb4kcnlehBno5ch56BSjzUSEhV5mnQkyjipyQjsg93/s728-rw-e365/ransomware-remove.jpg

The Hacker News

July 30, 2025

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

Decryptor for FunkSec ransomware released as group goes dormant; 172 victims affected across 3 sectors.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhD5mpdH_Rdj2GEDoo7x6Nc8Dj7pijI7r-HX9dZguAGZyjaSbRLTN89p0YAVfDfX-w5qsoMs-9u0vBrXEJvtYncuFbU3rJUQBU122UEcTK6fKv_MXUF1jThq6l0648MIoxgLtqonOaD1w03N1ZZWjMC9E6Pfue2kQe8z2rmddyic3JNYe-eME3aPhSq-Av8/s728-rw-e365/cctv-hacking.jpg

The Hacker News

July 30, 2025

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Critical RCE flaws in Dahua smart cameras affect 9 models; threat enables device hijack over LAN/Internet.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7z42gfV5k0mxeUrvL198B0pWi4j29rSCQZcffMmXUAYUZjT89xEVl9Uw1l78H5ggQfZEnnblY9Un2dJVMbOTQxUzU8FBN_fSUSjemj00HHUQPzQLumEle6KYNFMhJp3BhWdIBM0ymcGHRItYixZIxBRcIsPEnAQvNRmCpo9_EFED5T8hwvPS6BYfEktVY/s728-rw-e365/hackerss.jpg

The Hacker News

July 30, 2025

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

China-linked firms behind Silk Typhoon filed patents for cyber tools, revealing links to MSS and offensive hacking ops.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5fgFUOU2kTBOMKtiPDu6O1Cm0hyphenhyphenrc19HTGpcWdgunVtDy4f1Zemmna7ZO-lVE1BQJlYUTZP03NryUBWLyi2p5BNDmw8NwePsCYY4-tWjVbrWpxoVqjIvAXmaWzz69PltskUVouzAPkUDzQ_bwpVF-272Q_b8Fi7Wjz6x7QcAJuHC8qiYgc9z3dRyOdpg/s728-rw-e365/pillar.jpg

The Hacker News

July 30, 2025

Product Walkthrough: A Look Inside Pillar's AI Security Platform

Pillar Security unveils full-lifecycle AI platform securing assets from design to runtime—critical for safe AI deployment.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-osedpltO3AiRiXWxxPTLez_R-54NY1Eos0JbNVI-yREaajdzbdb7YHC78kmkJAMyQVE0YfrX1GoasH4Ru1PCzq0KKJepBK2IFSPx8HI07i5MFsegUNCFLRsnh3T4zWFSnJGmHb2o2EAEp1TMf1A5UBdlxVLgfA2rbZwHtL7wLdE5lbaqMf2uhNiBzzaL/s728-rw-e365/apple.jpg

The Hacker News

July 30, 2025

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple and Google fix CVE-2025-6558, a zero-day bug in Chrome and Safari risking browser security.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb_X0qYyIcH-M0bDL7Y1LgpA0Cq6g8lp0UtxlOUhPGUdehXwtL7q4FwjNSSm-oo_28z4_umFDm1bKwuAofAlWAcp8XScsGw9pl-ZOVglgSANm8SZF2IiOfHXCiSHXxfnUqLG0267X6LObs2NPJnUNA3gUvJRTIIbefFLhRCEcgkObL8b0HRPz9_EHVrIoC/s728-rw-e365/google-chrome.jpg

The Hacker News

July 30, 2025

Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero

Google unveils DBSC in Chrome and new Project Zero disclosure rules to boost account and patch security.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvjNVsCMKwz9Huzm29FbykybekeriRDpEaf6TpBNXKLutOkJbtOGYic0Q8fkaEKK4cw1kYJqwsxfJhQPAiOUkKHoRPDCBtoZUuQvZAbVDbZJdzM7y1q75Dt2Ob742ELsAVmjdYzrte0IPieyDJLZSnzE5WocJTrXtOvDVYmoNO5nLKxElrWZlrcrOk4uFo/s728-rw-e365/linux-malware.jpg

The Hacker News

July 30, 2025

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

SAP flaw CVE-2025-31324 exploited to deploy Auto-Color malware at U.S. chemicals firm; Linux systems targeted.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4UfJ5X3KnZSGNLQWHkZEj3tr504BLeCMnMIbqjLU32VhyphenhyphendREJor62gmz1w4JKEhP7nDgugZFi34tbQvV2Sx3HO6mW2GDID9Z3GYLYHHcN4gMDIoNElzgVxQRn7tcSSNzaAx6uQixcS7U50zA452s_bNIcyC773loyLz_X6W18bU5_VPJUQ0_aI53jlb7m/s728-rw-e365/malware-hacker.jpg

The Hacker News

July 30, 2025

Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure

Recent arrests slowed Scattered Spider, giving businesses a chance to study tactics and boost defenses.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeZrcBOQhbS9YVJR_Cvi4P3Mx4x2g228c8m4JNJwsCEQMq8lLszB1AtcyLIzT_tibWs9glwIFXAx-0Gb4XJywbKQCJW33ilf01r_Bo8soG6Z0jLa7mYrJoBchDnnrUMJinzRTge6DN4m0fMAqDqELO3YU-14uE5IheUFIklhuDVz1UiKTV_D_pEG_2WRu9/s728-rw-e365/base44.jpg

The Hacker News

July 29, 2025

Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

Wiz found a critical Base44 flaw letting attackers access private apps via public app_id. Fixed by Wix.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRKoKyTG1vCW6-50V_5WrmFvTmEvvKttYiAvH_713-cjhKXKEDxigpXgI0c6KtS8gru-kAOKa_yjr2B12TgtZMRlq1zSKo-E6O9-G0WNq3ud5psPnx1ScYO89FfZsC182jfxewCSaAW-gvXeF3ZS1jKGGkajI_d6qsn1iWAnH8Y4oVQxLkgJZ5Fhop7iqK/s728-rw-e365/python.jpg

The Hacker News

July 29, 2025

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

Phishing emails mimicking PyPI target developers to steal credentials via fake sites. Users urged to stay alert.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj4Zcja37l0T66AY6zMHOoBDRmMLQMZZrstpAfJEO-1ZEVlyj4dBOEnhFQtZYhTWeFRKODouDBlJEcKpcwGLMs0KOO4SF-hXTYXuAbpkoOZBQR88_PlUi6FbAux1cieN2zA3kPjVmcALyCU0AP-4P5A0XEeqUQGtFM67mjXsbKC8B92LdDSQkrLKD8m473/s728-rw-e365/ransomware-malware.jpg

The Hacker News

July 29, 2025

Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims

Chaos ransomware rises after BlackSuit takedown, hitting U.S. targets with $300K demands and stealthy evasion tactics.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHkNFpltbfrUNjDkYsT4_gGAdkCS6JDebJCY-naQ0meC6LcUw8qH4XseTWBuJsAx4eBDeZlJMnsLN7B82Ix-7ykAjsKy1GEt6Vylh_0XWNaY9VbNxe5kv4GY6BLINqTAJieCX4-44EmGCeRWZJKghEj_Xt__vjJ3xaygnXZQk49RythF3kdzayeEVwKp0/s728-rw-e365/main.png

The Hacker News

July 29, 2025

How the Browser Became the Main Cyber Battleground

Browser-based identity attacks surge in 2025, targeting SaaS apps and weak credentials across enterprise accounts.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQuckNU07ZmlLXVVfT7d1Akb3lDZVlgaPp_7QHm0yctmAp_Xv8g6NdB7k8EczY8MvtyZpDzWuG59tlOY2R_eHwdhII1gDKwRo8PUymse-pBBJ05b_cVp7ZQXtS9-C5jM9R9Rg4TJ1NJU9JGfjlmgxUtphGohTTY7By3Y7TyrCusBbXlfL7QkPBSG2A5A2F/s728-rw-e365/appsss.jpg

The Hacker News

July 29, 2025

Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks

A massive mobile malware campaign targets Android and iOS users in Asia, stealing personal data through fake apps.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEroFq6pJ95WQuHk7GEcSJc5IRlAe-Pkn0yIqoQI_pe4Z297g_MyWUvqUbISWZS5SvZOhacpmsU0wihxrOVMv4oOkxD_Z-MyyQqr-y08PG1WH1btQGYd-eWCCP-IBAelEvZMF5Aq25iMK1YYrD_TRsi8zRF8Pk_dn4S8_2_l15g0TfyDxw-tQy9DTaJe0/s728-rw-e365/ref.png

The Hacker News

July 29, 2025

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

JavaScript injection attacks surged in 2024, hitting major brands via Polyfill.io. Learn why frameworks failed.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBmXXBSMWlm8sU9bP-rehMgRkv_ZltnVWaCiQG9nZpoqd8Z_Caxpzx3lMYfSYhJTfCJgnibJ0vUNO1_WndYpX5Koh8n7nz4t2ZDpI0imGAh2zgB4aMn27ZTcTxD2He2ktLpNFEIY-KnxESEjmlqj4AERLNbf9SJKDQED2fyes29_7tSzQ8FHYmlzhNW7xJ/s728-rw-e365/papercut.jpg

The Hacker News

July 29, 2025

CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation

A CSRF flaw in PaperCut NG/MF is under active attack; CISA mandates patching for federal systems.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWwpF4I5G-ye-24xy9-oYUbzlj9GcIFXhX2Qsx1NLjJ7feWI4EmG3tPOyh8E7Sm0CohSn8REMHpJrU28g-YyppaP2l8PyMJz1A9OlIm0dkYTzpDmFXxGNquDcG7H7JmcOnXpxLAmmnvxgt8bkJedSbyoDOhPYPjvLSVwLZOfkqdEcZOurfxKe2fWtO9Gft/s728-rw-e365/toptal.jpg

The Hacker News

July 28, 2025

Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads

Hackers breached Toptal’s GitHub to publish npm malware, risking dev systems and cloud data integrity.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjqkXOj8gfeIMwbA9rVA_zHeUDx9nMLNSSKWlQsg0VaB4cuOkAMu0c_dZqqctivSryAUrnN2MxGjMFonvfLoW-_mEBM91b4dy89JxaEGPL6JFgYw4auINP8OQR9TgTLDMkRRgHpqMZJLbDW8Bt-xYxnI4r8wjw-UI5q7cFvkn0y5nijBgTB3aY0MkaUvJD/s728-rw-e365/re.jpg

The Hacker News

July 28, 2025

⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More

From insider arrests to AI-powered fraud, here’s what mattered in cyber this week—no fluff, just the signal.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmMlfmwOGtv8X2GTiGyII3T7Oul8yfBW70LU0AbcRWvPXQL92aoh3xIrFVIj0-qjFIRAgBU56ifu8Kn-RlXaVtCje4PreqC32hsukralwrhd1s9N3xE6xTx0POrf3J-yOjjR9Xmii-_mUs2gCB_E9ynOsQrUGQ5ByVcfwrECq2-AP7Lbo_vIUyZi-JWn0/s728-rw-e365/main.png

The Hacker News

July 28, 2025

Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach

Legacy email filters miss post-delivery threats in Microsoft 365 and Google Workspace, exposing data. Here's how EDR-style tools change the...

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsN72I_dig68jgOwgDvQxWOb2WmMGMNoMpQUgE1XYTkbWN5kwQAnLzTeP7E9Iz-P9yO_n5V6NitcgNegiC-NUm9kkl8nwolpY3BNbUOaZaVhFw-UFZbDkxEQ8EH2K-EAIUATc3Rx-l-L_ptgBcqtUywatOaNhMbuzT3DAYc2nnvDWwXHOMdWikyM2POger/s728-rw-e365/ransomware.jpg

The Hacker News

July 28, 2025

Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure

Scattered Spider targets VMware ESXi in fast, stealthy ransomware attacks across U.S. retail and airline sectors.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglruwfr8kOE_6j2C3padKJIwVhmq8lqdlYj1yzqLwCAWOmt-JEQLKEsySvcLClAfIVFYXJNOyLlS1tYuuDJ_gF-W12o1GukS3T04SoMVfW8sgk_hzNcS9Vhb6xhJM4_vU-2wg9NMXH4Uc335cS7SYnsUXH0GHuL71NQ7kyPH-vSbfgZyQD4r8sk4OQH4U/s728-rw-e365/beyond-main.jpg

The Hacker News

July 28, 2025

EDR Detects, EPM Prevents. Why Using Both is a Winning Formula for Modern Endpoint Protection

EPM and EDR together protect endpoints by closing identity-based gaps that malware-free attackers exploit.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjf1_6YYkQ-zZ6XYMDfViWj1UXcPc8IAU97a_M-aS6Y4v4XnA_II0iT6NQv3dz8gJvDnBQTKfTQhwZQPn4wD2nwQJ3Zu_1PPet21oqsnl0x5RdC9viPJ5pC25mz6rYAghDKwchSOHPdqrcIhl46Qrf-run82RVUfDILM1X8OAs6JYn5x5OQHWTaI0D7dqwM/s728-rw-e365/exploit.jpg

The Hacker News

July 28, 2025

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Tridium Niagara flaws expose critical infrastructure to takeover if misconfigured, affecting security and system uptime.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpr10V0JmmoSA6716cnZV_JU9Adb3o5C7w_BXFVkO8LTkmSxoyhOk8_X_KHpd2kgccLsaLzzg6wSSIiSdpx_uzFKEuHwOhEArcwI_ZjaPNjDYNC2vGtEcyneASEM12hikkEL__sHkYuRTvI3P1_2ttN0Kam0Yen4qx8Fth0itv4bGmasF8jG142lob1bKU/s728-rw-e365/it-worker.jpg

The Hacker News

July 25, 2025

U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm

U.S. sanctions North Korean front company, 3 individuals for $17M IT worker fraud funding WMDs.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlbk8BTiFhCiDP0Jb5HQ1RuKa9BaL_mzE75Dg3rn7VJ9fU1HmiY3lsEgdqoJvTw12FK9DX4l7a-JlchthqvAoGL7JuZU5Q8wyONHzyRsu7QjBajOlG2jBVuTiWaKV7wHM72R3JUvLphwZuJW7fSIftVndyHoYwfh6OvhwYOA_hTdYHynzTeVderjvgqzee/s728-rw-e365/lnk.jpg

The Hacker News

July 25, 2025

Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files

Patchwork targets Turkish defense firms with LNK phishing to steal UAV, missile data amid geopolitical tension.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIFdsp-9cbSTNjCCNdogLSst63_-7ag4wXClQ0eTg_gvQletIyTVeCwX00fK27vMQNqVTFq9UiwD73aCTVfU85_BAZSsm75dcGyD6pux2CS-Ui9_im9JuUdnru8SfhKoPzUirbYZJHdOQJRMey9b-jroo19-CBMhmNpUUfwNI_xfk-kJVF6KrhRVZ2pyPB/s728-rw-e365/defense.jpg

The Hacker News

July 25, 2025

Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor

Russian defense firms hit by cyberattacks using EAGLET malware via phishing lures; threat actors linked to Head Mare and Hive0156.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMSNa0R1dK-j5WwX9mBukEpFktu_px_g6uoAvBIMvSkvXdfePyto73PZPhWXxAI4rFXP14K5jd43GBjqeQ37eB4iFGl_dhOwVNw5-un4LwdYAmo-FZiVkXcLYzeZtRoD9LoGpaS3_S7rNJeyfKorhhXTZV2ANqZwllYRm-S8KbygUR7ToZIiljPHWjkHup/s728-rw-e365/wiz-main.jpg

The Hacker News

July 25, 2025

Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks

Two malware campaigns, Soco404 and Koske, target cloud services with cryptominers via images and misconfigurations.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiECL9S2LZON3NKn6ksXDasILwXSTHzZXXJsTs9beDf4FUkZ_VdlS5WNTVxMg7vTQ7JJjZ001mzDRUSGIC-ixqTdaeOQyFjM5HpPtcNhdlt70WzF-UGri1xBZQ0ZDPU5y006ColYjLYvObaUEF1880BnvjcJ859EIIlmHRPxppN8rA4ux3xdGHJTRUTH8/s728-rw-e365/genai.jpg

The Hacker News

July 25, 2025

Overcoming Risks from Chinese GenAI Tool Usage

China-based GenAI tools used by 1,059 employees exposed sensitive enterprise data, raising global compliance concerns.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioFgy77Nhemnu-J7tFZrPrNWqU3YYisg8msYMStMHGEBzrWptx-dT1VQk4w73r9WhQoH54Q_hRY5EIdQmhRrim0I4e-QFEQspo1kEw27WC2b85GfuprMjxYzp38XcBb_msHql1-8EAURCMzFPKcvfkJmIDBctcKdQq2xnaxBG1tQcJ_GMFWhVv5q-Y_HuD/s728-rw-e365/phone-hack.jpg

The Hacker News

July 24, 2025

Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems

Mitel fixes critical MiVoice and MiCollab flaws that allow account access and SQL attacks. Users must update to avoid system compromise.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYZ60wB_icpHieyTLBJ566xZlckQVoTMev7-MZkWaU821aXxk-AAieNfUraU_LA0W7A0ScxK9Q4duLGqI1tWXudaMGv7WeY4XoT5k5bclDjBKtJQcGrMlyL1mhk405UxtnFqfbiX-G1gpsiF0d1mNOCDa4ClcFuiwe1il4DozFiYw4xE0p7kipNUS0rI-m/s728-rw-e365/vmware.jpg

The Hacker News

July 24, 2025

Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Fire Ant exploited VMware flaws to breach ESXi and vCenter, targeting isolated systems for persistent access.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7HzHyahYXFo7TTcJh4x17_uOBaLvndXF4VtHRyDHLwT-edB5wsprqJWL8xEup6FD1vtE6M6H90fDAzYIndJ4XUe2xfl10cl5avgpvTEcDZIOFOwHY6Aveu16JzkFiNFxMo_tyKQ8MXFlr9j-YbFbOBX4rAb3vzM0h-UuTJAHFck5XAehV5CkIcGFhOFE1/s2600/prodaft.jpg

The Hacker News

July 24, 2025

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing

CastleLoader malware infected 469 devices via ClickFix, GitHub, and phishing since May 2025. Malware delivery is evolving fast.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ6hZCXeBcj81MW3OHzDhkqd234YOI1mbUXoo7p5VgWM_cayVWYUG2C5APO-ueCyCRgm5MUjzlVA0d96qone2Pqhv32-mdnCH3LAcXBMvqBUcjBSj230tWRst064Mjtm4eBpnzPyvyiFHnaYTVrjn2EOpex0GZFoNpB8xpszAJ8TXWFdHB8qTvQJdH2xQH/s728-rw-e365/sonic.jpg

The Hacker News

July 24, 2025

Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices

Sophos and SonicWall patched critical RCE flaws in firewall and SMA 100 products affecting select users.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcroBSYliK-aMy-L3E7e2HPPt1xp0CmRWwkyWaLjZ4bN5sb9jwVErQuF1nVObO2mY5vsB-nRg0tHRQ8oHNIbabgweB8iKuqC1mHCRdNSPe-t6zP7rKWMGwV15-8gtIVFaLqSkdYP09N66psm9Fla4hJXSgjxDwUWWM5npUVWKST6JFWJepDwsD4zMVxQFA/s728-rw-e365/login.jpg

The Hacker News

July 24, 2025

Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust

Discover 2025's top identity trends from Auth0. Learn how AI reshapes logins, trust, and security.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivDT_MYV1r5CaZ4TIubNlb3ZNEsQvFOxCTrc9Qpwqkr9CJLtzvoG5VHpl5-LHyX-N3jlleu3ORjBgShHELIdrIz2i76vJQyFDIm9w1FivSdOtX4ZArz2SnDqEpO1MZ9Fe2H2moE9u9p06z99C08GPfDQuOxMDBNQGGcxap4n382PhHzSy2aHQRxbCsfOo/s728-rw-e365/picus.jpg

The Hacker News

July 24, 2025

Pentests once a year? Nope. It’s time to build an offensive SOC

Continuous validation with Picus helped cut vulnerabilities by 50%, boosting security teams’ speed and effectiveness.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYc83RXXm0hhAwBITvPYE-JKyTvBpijk-nJcAGINfw6C3HopJZO_GnTsGFSeP3nFfg_ZGKq6qbCo10l7CmlHqo5HWQYElEgCFEIeQ3kxy3xrjEVyGpGcZYTWuViOYgYAN-uwv_YqrC5XugqcWteqF2dqQks4I77qnAQQ86QhDa86yHuVUsLxLNwJ-8MAfW/s728-rw-e365/Tibet.jpg

The Hacker News

July 24, 2025

China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community

Chinese hackers used fake Dalai Lama birthday apps to spy on Tibetans, risking community privacy and safety.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQmkLgXXEvod9AHLm3gJ4gn8iFTI4q5F-UBhBPOlBlSHC0-YJuMgOwbPglYdiNzs548SmKnAEP7tN7IT55OdEJRZQKi5xTl5-KetRV9FXN8L2YxoE9cYM0qhanXeXvtat9IzaKqgGWqwd12bIfjWv4LajLn7dq38mc293LS8LkwAopBnA2BpBYujJaNFcY/s728-rw-e365/ms-ransomware.jpg

The Hacker News

July 24, 2025

Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

Storm-2603 exploits SharePoint flaws to deploy Warlock ransomware, affecting 400+ victims. Microsoft urges mitigation.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgX1nA2qSofqbIAT-gfbgO22vNym80xeByXe32Ijfn178Y7zlq8rvhEdZqZr7r4gjrYiiDcunPtyeEVU_O1mR74XYdKTXYSJKFzG8mSVtrpxXcokQcBZbhP6mW34iJvnHt3JQcZNSCkzb30gWgLr4ku8ORlO-HHOA_gk2eoSQCE3-v2Oi0MCBLxb610a_C_/s728-rw-e365/euro-arrest.jpg

The Hacker News

July 24, 2025

Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace

XSS.is admin arrested in Kyiv after years enabling cybercrime; Europol disrupts major forum of 50K users.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi32X_LS5gqdsd_K9A_mm4w6k0aHQK1bd0RJHLt2kRkNQDSE7V8qwPEaQc1nTuYek34jHjaKqxY6IYtwV7FzxK5Z6HYlPBTx2UMjTxXJG0ZIHIyWAv_mJ9BA2xRHRw8lvmh3zyeIUWLuMVkxNAYoJ4_AhNvUTlD3SNhJEtmEEWegNJR3OPV0UJzX2w7zqvH/s728-rw-e365/WordPress.jpg

The Hacker News

July 24, 2025

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Malware hidden in WordPress mu-plugins grants attackers full access and admin control, putting websites and users at serious risk.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWagiNcGILt3ATlZdarqQIXJfdqJBKyzSaYgOhtwJHHQg1iBWU3dqOfeRrRYiThfofoLGuX0YXc9uo50kgr9ApHUQadxdjSni3LBR868Rd2xWdQMtVYBc6Af63XofzXLZ13cAQ2JgXZb6fU2ktLZ5o8vC5R2E438GX5P6_8GqmXKM1kcs3ky7rN90fzSzT/s728-rw-e365/docker.jpg

The Hacker News

July 23, 2025

Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware

Mimo exploits Craft, Magento, and Docker systems with crypto miners and proxyware to maximize profit.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipddwfmbgaIrSXbnjLuoZuxFfJssWWebxwu3HLZCJiBiNgy34RE0ZrvUFjAXiXPLN4xLXBrJ91ALthZvtQwNDosefq-c_p2y9p81yXZW9C0MziFMdokw2np8R6aj-oIdfAFwpAglqxzuaS3ZgV7UQDFZGXHQcpQbdXawezbUYYbpoQBHcEZQIRnaVSnfeC/s728-rw-e365/windows-ui-malware.jpg

The Hacker News

July 23, 2025

New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials

Coyote malware uses Windows UI Automation to target 75 banks and crypto sites in Brazil, risking credential theft.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiRqRK8FI49st9Cgvx9KkoNxlFIlZBIgLnC8BjxbtOasCLnTWeDeOxV1GQQrs1SH9YqnvGDzS5mtJTJtCQSN2iKGpxuHsWK5zOOeGy6wnCVDXG3SdNj1VAPYLVnU3A1G7oLbBe63qRGa0hUk5yYLUefPDMHEmKSM-On77FHqXwEdSPem0go_9ZmvJMmlc/s728-rw-e365/Kerberoasting.jpg

The Hacker News

July 23, 2025

Kerberoasting Detections: A New Approach to a Decade-Old Challenge

New BeyondTrust research shows statistical models outperform heuristics in detecting Kerberoasting attacks. Better accuracy, fewer false pos...

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVTbR6LJir_eI7N7gkOjMM6_7gbgGB2mlSN35MVS3dyyhxfdxlxJDA-l72RHV3JQkbQDI27mwgjsqhxeljRf_npW8U0kFfybyj9LwxpxxvEGPDWdyY_9fVZNabLzItXSUddM7NicNYPe8Z2hi_g3tNEelWKacPECSL-2rmzzirRBdJ8eCUXse7zPrF34KQ/s728-rw-e365/google.jpg

The Hacker News

July 23, 2025

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

Google’s OSS Rebuild checks package builds to stop supply chain attacks in Python, npm, and Rust.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjgAamceB4QBCVvWaAoL2Llw4ZrQ_zfqREWwtwEdLIQfyE_l-8yQFe1JlxJXyDT-_9Md27yHLoXRtYk9cA09e6J8JqJqdI-Mb4PT7fv8_y5fDjQyfNWZD3_g5muRCtsO0IPG1tb5QQSFbThZu_bcRRJtj5XgQu4Fnr5q8qHKjsGHo2OAqtCV2m-2V7JTf8/s728-rw-e365/cisa.jpg

The Hacker News

July 23, 2025

CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

CISA flags Microsoft SharePoint flaws under active attack by Chinese hackers. U.S. agencies must patch by July 23

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFEwQgrE7qAtgq6C1g6hUPYJ3hP_GfXMu8oycJUGPxE8nGAT5nPcoOHXqTk31Oznhh4kkNt0J1diP_RmOXynKOjIub0ZoNOS0DiQ7hB4UE7RWhR4BxBUT57DfLELkc9Tv656RCY4uG9hqc8ZUckT0Rbc2-pgTr7Nh0rCbIrs1F9HRxSOhRrBwHmf6T-moe/s728-rw-e365/sysaid.jpg

The Hacker News

July 23, 2025

CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

SysAid bugs exploited in the wild; CISA mandates federal patching to stop potential admin takeovers.