Lucene search
+L

20919 matches found

The Hacker News
The Hacker News
added 2025/07/28 6:19 a.m.5 views

Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure

The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. "The group's core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/28 4:12 a.m.10 views

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. "These vulnerabilities are fully exploitable if a Niagara system is...

9.8CVSS8.2AI score0.07416EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/07/25 3:5 p.m.10 views

U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology IT worker scheme designed to generate illicit revenues for Pyongyang. The...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/25 2:15 p.m.4 views

Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files

The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. "The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitation...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/25 1:14 p.m.7 views

Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor

Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration. The activity, dubbed Operation CargoTalon , has been assigned to a threat cluster tracked as UNG0901 short for Unknown Group 901...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/25 10:33 a.m.8 views

Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks

Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners. The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively...

8.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/25 10:25 a.m.5 views

Overcoming Risks from Chinese GenAI Tool Usage

A recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/24 5:14 p.m.14 views

Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems

Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. "An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which, if...

9.2AI score0.00612EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/07/24 5:5 p.m.28 views

Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign. The activity, observed this year, is primarily designed Now to infiltrate organizations' VMware ESXi and vCenter environments as well as network...

9.8CVSS8.2AI score0.99956EPSS
Exploits64
The Hacker News
The Hacker News
added 2025/07/24 3:13 p.m.17 views

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing

Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans RATs. The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/24 2:14 p.m.23 views

Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices

Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access SMA 100 Series appliances that could be exploited to achieve remote code execution. The two vulnerabilities impacting Sophos Firewall are listed below - CVE-2025-6704 CVSS score: 9.8 - A...

9.8CVSS9.9AI score0.11635EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/07/24 11:36 a.m.3 views

Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that t...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/24 11:0 a.m.3 views

Pentests once a year? Nope. It's time to build an offensive SOC

You wouldn't run your blue team once a year, so why accept this substandard schedule for your offensive side? Your cybersecurity teams are under intense pressure to be proactive and to find your network's weaknesses before adversaries do. But in many organizations, offensive security is still...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/24 10:59 a.m.5 views

China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community

The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama's 90th birthday on July 6, 2025. The multi-stage attacks have been codenamed Operation GhostChat and Operation PhantomPrayers by Zscaler ThreatLabz...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/24 10:37 a.m.21 views

Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update shared Wednesday, said the findings are based on an "expanded analysis and threat intelligence from our continu...

8.8CVSS8.5AI score0.99907EPSS
Exploits9
The Hacker News
The Hacker News
added 2025/07/24 6:48 a.m.6 views

Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace

Europol on Monday announced the arrest of the suspected administrator of XSS.is formerly DaMaGeLaB, a notorious Russian-speaking cybercrime platform. The arrest, which took place in Kyiv, Ukraine, on July 222, 2025, was led by the French Police and Paris Prosecutor, in collaboration with Ukrainia...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/24 5:11 a.m.20 views

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins aka mu-plugins are special plugins that are automatically activate...

8.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/23 5:15 p.m.8 views

Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware

The threat actor behind the exploitation of vulnerable Craft Content Management System CMS instances has shifted its tactics to target Magento CMS and misconfigured Docker instances. The activity has been attributed to a threat actor tracked as Mimo aka Hezb, which has a long history of leveragin...

10CVSS9.6AI score0.99829EPSS
Exploits14
The Hacker News
The Hacker News
added 2025/07/23 12:58 p.m.22 views

New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials

The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework calledUI AutomationUIA to harvest sensitive information. "The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banki...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/23 11:0 a.m.12 views

Kerberoasting Detections: A New Approach to a Decade-Old Challenge

Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It's because existing detections rely on brittle heuristics and static rules, which don't hold up for detecting potential attack patterns in highly variable...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/23 9:28 a.m.9 views

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/23 6:24 a.m.14 views

CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA, on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. To that end, Federal Civilian Executive Branch...

9.8CVSS9.9AI score0.99979EPSS
Exploits41
The Hacker News
The Hacker News
added 2025/07/23 6:23 a.m.15 views

CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

The U.S. Cybersecurity and Infrastructure Security Agency CISA added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-2775 CVSS score: 9...

9.8CVSS8.7AI score0.79475EPSS
Exploits4
The Hacker News
The Hacker News
added 2025/07/22 3:45 p.m.11 views

Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups

Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking groups called Linen Typhoon and Violet Typhoon as early as July 7, 2025, corroborating earlier reports. The tech giant said it also observed a third China-based...

9.8CVSS8.4AI score0.99979EPSS
Exploits41
The Hacker News
The Hacker News
added 2025/07/22 1:8 p.m.11 views

Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine ISE and ISE Passive Identity Connector ISE-PIC to acknowledge active exploitation. "In July 2025, the Cisco PSIRT Product Security Incident Response Team, became aware of attempted...

10CVSS8.7AI score0.96732EPSS
Exploits12
The Hacker News
The Hacker News
added 2025/07/22 1:0 p.m.9 views

Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate

Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign. The activity has been attributed by Arctic Wolf Labs to a financially motivated hacking group called Greedy Sponge. It's believed to be...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/22 11:0 a.m.5 views

How to Advance from SOC Manager to CISO?

Making the move from managing a security operations center SOC to being a chief information security officer CISO is a significant career leap. Not only do you need a solid foundation of tech knowledge but also leadership skills and business smarts. This article will guide you through the practic...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/22 7:59 a.m.18 views

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed first exploitation attempts targeting an unnamed major Western government, with the...

9.8CVSS10AI score0.99979EPSS
Exploits51
The Hacker News
The Hacker News
added 2025/07/21 5:18 p.m.17 views

Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security MOIS and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/21 4:27 p.m.15 views

China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure

The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. "The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware," Kaspersky researchers Den...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/21 11:38 a.m.29 views

⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More

Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying unnoticed—slipping through the cracks in...

9.8CVSS8.6AI score0.99979EPSS
Exploits52
The Hacker News
The Hacker News
added 2025/07/21 11:25 a.m.3 views

Assessing the Role of AI in Zero Trust

By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it's now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more than satisfy baseline regulatory...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/21 6:13 a.m.6 views

PoisonSeed Attack Turns Out to Be Not a FIDO Bypass After All

Cybersecurity firm Expel, in an update shared on July 25, 2025, said it's retracting its findings about a phishing attack that it said leveraged cross-device sign-in to get around FIDO account protections despite being not in physical proximity to the authenticating client device. "The evidence...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/21 3:30 a.m.16 views

Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also disclosed details of another vulnerability that it said has been addressed with "more robust protections." The tech giant acknowledged it's "aware of active attacks targeting on-premises...

9.8CVSS8.3AI score0.99979EPSS
Exploits41
The Hacker News
The Hacker News
added 2025/07/21 3:25 a.m.11 views

Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access

Hewlett-Packard Enterprise HPE has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as CVE-2025-37103, carries a...

9.8CVSS8AI score0.01474EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/07/21 3:0 a.m.14 views

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps to ban...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/20 4:13 p.m.11 views

EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware

The financially motivated threat actor known as EncryptHubaka LARVA-208 and Water Gamayun has been attributed to a new campaign that's targeting Web3 developers to infect them with information stealer malware. "LARVA-208 has evolved its tactics, using fake AI platforms e.g., Norlax AI, mimicking...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/20 9:52 a.m.18 views

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 CVSS score: 9.8, has been described as a variant of CVE-2025-49704 CVSS score: 8.8, a code injection and...

9.8CVSS8.4AI score0.99979EPSS
Exploits41
The Hacker News
The Hacker News
added 2025/07/20 9:40 a.m.12 views

Malware Injected into 7 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens. The captured tokens were then used to publish malicious versions of the packages directly to the registry without a...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/20 7:35 a.m.21 views

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309 , the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS...

10CVSS8.5AI score0.99947EPSS
Exploits47
The Hacker News
The Hacker News
added 2025/07/18 6:42 p.m.6 views

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/18 6:23 p.m.15 views

UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 aka Unknown Group 0002 as part of a broader cyber espionage campaign. "This threat entity demonstrates a strong preference for using shortcut files LNK, VBScript, and...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/18 6:13 p.m.27 views

Ivanti Flaws Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure ICS appliances. According to a report published by JPCERT/CC today, the threat actors behind the...

9.8CVSS8.8AI score0.99979EPSS
Exploits20
The Hacker News
The Hacker News
added 2025/07/18 11:32 a.m.21 views

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

The Computer Emergency Response Team of Ukraine CERT-UA has disclosed details of a phishing campaign that's designed to deliver a malware codenamed LAMEHUG. "An obvious feature of LAMEHUG is the use of LLM large language model, used to generate commands based on their textual representation...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/18 11:32 a.m.8 views

Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services

Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape...

9CVSS9.4AI score0.37055EPSS
Exploits7
The Hacker News
The Hacker News
added 2025/07/18 11:3 a.m.5 views

Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices

Google on Thursday revealed it's pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. "The BADBOX 2.0 botnet compromised over 10 million uncertified devices running...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/18 10:30 a.m.6 views

From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware

With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/17 5:40 p.m.9 views

Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters

Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS malware-as-a-service operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/17 2:11 p.m.26 views

Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE-2021-41773 CVSS score: 7.5, a high-severity path traversal vulnerability in Apache HTTP...

10CVSS10AI score0.99992EPSS
Exploits301
The Hacker News
The Hacker News
added 2025/07/17 11:30 a.m.12 views

Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine

An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName05716 that has been linked to a string of distributed denial-of-service DDoS attacks against Ukraine and its allies. The actions have led to the dismantling of a maj...

7.2AI score
Exploits0
Total number of security vulnerabilities20919