Lucene search
+L

20917 matches found

The Hacker News
The Hacker News
•added 2025/07/17 5:37 a.m.•14 views

Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code

Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges. Tracked as CVE-2025-20337,...

10CVSS9.4AI score0.96732EPSS
Exploits30
The Hacker News
The Hacker News
•added 2025/07/16 5:48 p.m.•25 views

Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service MaaS offering that can act as a conduit for next-stage payloads,...

7.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/16 2:0 p.m.•23 views

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access SMA 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has been attributed by the Goog...

9.8CVSS8.9AI score0.99957EPSS
Exploits10
The Hacker News
The Hacker News
•added 2025/07/16 11:58 a.m.•18 views

Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access

Cybersecurity researchers have disclosed what they say is a "critical design flaw" in delegated Managed Service Accounts dMSAs introduced in Windows Server 2025. "The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accoun...

7.6AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/16 11:25 a.m.•3 views

AI Agents Act Like Employees With Root Access—Here's How to Regain Control

The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager. From Hype to High Stakes Generative AI has moved beyond the hype cycl...

7.2AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/16 9:13 a.m.•18 views

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 CVSS score: 8.8, which has been described as an incorrect validation of untrusted input in...

8.8CVSS7.7AI score0.09185EPSS
Exploits14
The Hacker News
The Hacker News
•added 2025/07/16 9:13 a.m.•6 views

New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package nam...

8.8CVSS6.2AI score0.00552EPSS
Exploits0
The Hacker News
The Hacker News
•added 2025/07/16 9:13 a.m.•9 views

Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time

Social engineering attacks have entered a new era—and they're coming fast, smart, and deeply personalized. It's no longer just suspicious emails in your spam folder. Today's attackers use generative AI, stolen branding assets, and deepfake tools to mimic your executives, hijack your social...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/16 7:44 a.m.•8 views

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Google on Tuesday revealed that its large language model LLM-assisted vulnerability discovery framework identified a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 CVSS score: 7.2, is a memory...

7.2CVSS7.7AI score0.73495EPSS
Exploits3
The Hacker News
The Hacker News
•added 2025/07/15 4:30 p.m.•6 views

Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors

Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service DDoS attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. "Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," Omer Yoachimik and...

7.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/15 3:21 p.m.•7 views

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

Cybersecurity researchers have shed light on a new ransomware-as-a-service RaaS operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the Ramp4u forum by the...

7.5AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/15 11:8 a.m.•20 views

State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments

Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020 , where "CL"...

7.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/15 11:0 a.m.•6 views

Securing Agentic AI: How to Protect the Invisible Identity Access

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can't easily see. These "invisible"...

7.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/15 10:53 a.m.•5 views

AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe

Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT , which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. "AsyncRAT has cemented its place as a cornerstone of modern malware an...

7.4AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/15 7:17 a.m.•18 views

North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/14 5:6 p.m.•11 views

The Unusual Suspect: Git Repos

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of...

7.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/14 4:52 p.m.•11 views

New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries

Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan RAT as part of a widespread campaign using a variant of ClickFix called FileFix. "Since May 2025, activity related to the Interlock RAT has been observed in connection with the...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/14 12:52 p.m.•45 views

⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More

In cybersecurity, precision matters—and there's little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we're seeing this week highlight deeper issues behind what might look like routine incidents: outdated tools, slow...

10CVSS9.8AI score0.9671EPSS
Exploits25
The Hacker News
The Hacker News
•added 2025/07/14 8:0 a.m.•9 views

CBI Shuts Down ÂŁ390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center

India's Central Bureau of Investigation CBI has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to ha...

7.2AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/14 5:27 a.m.•12 views

eSIM Vulnerability in eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks

Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices...

7.6AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/12 5:14 p.m.•16 views

GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs

NVIDIA is urging customers to enable System-level Error Correction Codes ECC as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units GPUs. "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design...

7.2AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/12 12:45 p.m.•19 views

Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub

Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APPKEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. "Laravel's APPKEY, essential for encrypting sensitive data, is often leaked publicly e.g., on GitHub,"...

9.8CVSS8.9AI score0.76814EPSS
Exploits13
The Hacker News
The Hacker News
•added 2025/07/11 2:38 p.m.•20 views

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An improper...

10CVSS10AI score0.96732EPSS
Exploits30
The Hacker News
The Hacker News
•added 2025/07/11 12:10 p.m.•25 views

PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution

Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors. The vulnerabilities, dubbed PerfektBlue , can be fashioned...

8.7AI score0.05929EPSS
Exploits5
The Hacker News
The Hacker News
•added 2025/07/11 11:0 a.m.•7 views

Securing Data in the AI Era

The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help. As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes f...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/11 10:58 a.m.•19 views

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 CVSS score: 10.0, is a case of improper handling of null '\0' bytes in the server's web interface,...

10CVSS10AI score0.95343EPSS
Exploits23
The Hacker News
The Hacker News
•added 2025/07/11 10:46 a.m.•6 views

Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals

An Iranian-backed ransomware-as-a-service RaaS named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker...

7.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/11 4:25 a.m.•14 views

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities KEV catalog, officially confirming the vulnerability has been weaponized in the wild. The shortcoming in...

9.8CVSS8.9AI score0.99999EPSS
Exploits57
The Hacker News
The Hacker News
•added 2025/07/10 5:3 p.m.•8 views

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system OS commands. The vulnerability, tracked as CVE-2025-6514 , carries a CVSS score of 9.6 out of 10.0. "The vulnerability allows...

9.6CVSS10AI score0.76637EPSS
Exploits0
The Hacker News
The Hacker News
•added 2025/07/10 2:41 p.m.•4 views

Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord

Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. "These malicious operations impersonate AI, gaming, and Web3 firms using...

7.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/10 12:13 p.m.•8 views

Four Arrested in ÂŁ440M Cyber Attack on Marks & Spencer, Co-op, and Harrods

The U.K. National Crime Agency NCA on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks & Spencer, Co-op, and Harrods. The arrested individuals include two men aged 19, a third aged 17, and a 20-year-old woman. They were...

7.3AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/10 11:0 a.m.•5 views

What Security Leaders Need to Know About AI Governance for SaaS

Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries o...

6AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/10 10:59 a.m.•27 views

New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App

Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the...

7.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/10 10:44 a.m.•5 views

AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs

Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The flaws, collectively called Transient Scheduler Attacks TSA, manifest in the form of a speculative side channel in its CPUs that leverage executio...

5.6CVSS6.1AI score0.00425EPSS
Exploits0
The Hacker News
The Hacker News
•added 2025/07/10 7:24 a.m.•14 views

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 CVSS score: 8.2, has been described as a case of data inference in Now Platform through conditiona...

8.2CVSS6.9AI score0.01905EPSS
Exploits0
The Hacker News
The Hacker News
•added 2025/07/09 4:26 p.m.•9 views

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

The Initial Access Broker IAB known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the monike...

8.6AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/09 1:28 p.m.•6 views

DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware

A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts. The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat APT group...

7.4AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/09 11:25 a.m.•5 views

U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology IT worker scheme. The Treasury said Song Kum Hyok, a 38-year-old North Korean...

7.4AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/09 11:0 a.m.•6 views

How To Automate Ticket Creation, Device Identification and Threat Triage With Tines

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that...

7.5AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/09 8:40 a.m.•11 views

Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks

A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies. The 33-year-old, Xu Zewei , has been charged with nine counts of wire fra...

9.8CVSS9.9AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
•added 2025/07/09 7:10 a.m.•20 views

Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server

For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs th...

9.8CVSS9.1AI score0.2188EPSS
Exploits2
The Hacker News
The Hacker News
•added 2025/07/08 5:35 p.m.•13 views

Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased...

7.2AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/08 4:13 p.m.•22 views

Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play

Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app marketplace. The malware, disguised as a "PDF Update" to a document viewer app, has been...

7.4AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/08 1:1 p.m.•13 views

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code VS Code extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 ...

7.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/08 11:25 a.m.•8 views

5 Ways Identity-based Attacks Are Breaching Retail

From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here's how five retail breaches unfolded, and what they reveal about... In recent months, major retailers like Adidas, The North Face, Dior, Victoria's Secret,...

7.7AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/08 11:8 a.m.•9 views

RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders DVRs and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command...

7.2CVSS7.4AI score0.86489EPSS
Exploits4
The Hacker News
The Hacker News
•added 2025/07/08 10:30 a.m.•10 views

BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites BNS—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or...

6.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/08 8:22 a.m.•12 views

Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms

Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky, has been active since July 2024. "The targeted attack begins with bait emails containing malicious link...

6.2AI score
Exploits0
The Hacker News
The Hacker News
•added 2025/07/08 5:8 a.m.•23 views

CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of flaws is as follows - CVE-2014-3931 CVSS score: 9.8 - A buffer overflow...

9.8CVSS8.9AI score0.9987EPSS
Exploits108
The Hacker News
The Hacker News
•added 2025/07/07 5:26 p.m.•8 views

SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools

Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization SEO poisoning techniques to deliver a known malware loader called Oyster aka Broomstick or CleanUpLoader. The malvertising activity, per Arctic Wolf, promotes fake websites hosting trojanized...

7.5AI score
Exploits0
Total number of security vulnerabilities20917