Hackernews

2025

Five New Exploited Bugs Land in CISAs Catalog Oracle and Microsoft Among Targets
Weekly Recap F5 Breached Linux Rootkits Pixnapping Attack EtherHiding More
Analysing ClickFix 3 Reasons Why CopyPaste Attacks Are Driving Security Breaches
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems
Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide
New NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Silver Fox Expands Winos 40 Attacks to Japan and Malaysia via HoldingHands RAT
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
Identity Security Your First and Last Line of Defense
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
Architectures Risks and Adoption How to Assess and Choose the Right AI-SOC Platform
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in Zero Disco Attacks
Beware the Hidden Costs of Pen Testing
ThreatsDay Bulletin 15B Crypto Bust Satellite Spying Billion-Dollar Smishing Android RATs More
CISA Flags Adobe AEM Flaw with Perfect 100 Score Already Under Active Attack
Chinese Threat Group Jewelbug Quietly Infiltrated Russian IT Network for Months
F5 Breach Exposes BIG-IP Source Code Nation-State Hackers Behind Massive Intrusion
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
How Attackers Bypass Synced Passkeys
Two New Windows Zero-Days Exploited in the Wild One Affects Every Version Ever Shipped
Two CVSS 100 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
Moving Beyond Awareness How Threat Hunting Builds Readiness
RMPocalypse Single 8-Byte Write Shatters AMDs SEV-SNP Confidential Computing
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
What AI Reveals About Web Applications and Why It Matters
npm PyPI and RubyGems Packages Found Sending Developer Data to Discord Channels
Researchers Expose TA585s MonsterV2 Malware Capabilities and Attack Chain
Weekly Recap WhatsApp Worm Critical CVEs Oracle 0-Day Ransomware Cartel More
Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30 Vendors
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
New Rust-Based Malware ChaosBot Uses Discord Channels to Control Victims PCs
New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts
Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks
Stealit Malware Abuses Nodejs Single Executable Feature via Game and VPN Installers
Microsoft Warns of Payroll Pirates Hijacking HR SaaS Accounts to Steal Employee Salaries
From Detection to Patch Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation
The AI SOC Stack of 2026 What Sets Top-Tier Platforms Apart
175 Malicious npm Packages with 26000 Downloads Used in Credential Phishing Campaign
From LFI to RCE Active Exploitation Detected in Gladinet and TrioFox Vulnerability
CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw
From HealthKick to GOVERSHELL The Evolution of UTA0388s Espionage Malware
New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps
Hackers Access SonicWall Cloud Firewall Backups Spark Urgent Security Checks
ThreatsDay Bulletin MS Teams Hack MFA Hijacking 2B Crypto Heist Apple Siri Probe More
SaaS Breaches Start with Tokens - What Security Teams Must Watch
From Phishing to Malware AI Becomes Russias New Cyber Weapon in War on Ukraine
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
Step Into the Password Graveyard If You Dare and Join the Live Session
LockBit Qilin and DragonForce Join Forces to Dominate the Ransomware Ecosystem
Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely
No Time to Waste Embedding AI to Cut Noise and Reduce Risk
OpenAI Disrupts Russian North Korean and Chinese Hackers Misusing ChatGPT for Cyberattacks
BatShadow Group Uses New Go-Based Vampire Bot Malware to Hunt Job Seekers
Googles New AI Doesnt Just Find Vulnerabilities It Rewrites Code to Patch Them
New Research AI Is Already the 1 Data Exfiltration Channel in the Enterprise
XWorm 60 Returns with 35 Plugins and Enhanced Data Theft Capabilities
13-Year-Old Redis Flaw Exposed CVSS 100 Vulnerability Lets Attackers Run Code Remotely
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks
New Report Links Research Firms BIETA and CIII to Chinas MSS Cyber Operations
5 Critical Questions For Adopting an AI Security Solution
Weekly Recap Oracle 0-Day BitLocker Bypass VMScape WhatsApp Worm More
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
CometJacking One Click Can Turn Perplexitys Comet AI Browser Into a Data Thief
Scanning Activity on Palo Alto Networks Portals Jump 500 in One Day
Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer
Rhadamanthys Stealer Evolves Adds Device Fingerprinting PNG Steganography Payloads
Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL
Product Walkthrough How Passwork 7 Addresses Complexity of Enterprise Security
New Cavalry Werewolf Attack Hits Russian Agencies with FoalShell and StallionRAT

2023

Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour
Follow Us

Everything coding, technology, and digital Life