Lucene search
+L

20917 matches found

The Hacker News
The Hacker News
added 2025/07/07 11:26 a.m.33 views

⚡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More

Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don't start with alarms—they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection—that's a...

10CVSS8.8AI score0.99945EPSS
Exploits162
The Hacker News
The Hacker News
added 2025/07/07 11:0 a.m.15 views

Manufacturing Security: Why Default Passwords Must Go

If you didn't hear about Iranian hackers breaching US water facilities, it's because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn't its scale, but how easily the hackers gained access — by simply using the manufacturer's defaul...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/07 4:51 a.m.20 views

TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors

A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan RAT called DRAT. The activity has been attributed by Recorded Future's Insikt Group to a threat actor tracked as TAG-140, which it said overlaps...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/05 6:12 a.m.9 views

Taiwan NSB Alerts Public on Data Risks from Douyin, Weibo, and RedNote Over China Ties

Taiwan's National Security Bureau NSB has warned that China-developed applications like RedNote aka Xiaohongshu, Weibo, Douyin, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried ou...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/05 5:44 a.m.12 views

Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS

Threat actors are weaponizing exposed Java Debug Wire Protocol JDWP interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts. "The attacker used a modified version of XMRig with a hard-"coded configuration, allowing them to avoid suspicious command-li...

9.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/04 12:59 p.m.75 views

NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors

Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle aka APT-Q-95 that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China. According t...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/04 9:31 a.m.6 views

Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It

Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leak —and most teams don't even realize it. If you're building,...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/04 9:30 a.m.21 views

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-324...

9.3CVSS7.1AI score0.47467EPSS
Exploits77
The Hacker News
The Hacker News
added 2025/07/04 7:17 a.m.11 views

Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission

Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they were idle to passively send information to the company. The verdict marks an end to a legal class-action complaint that was originally...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/03 4:2 p.m.25 views

Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/03 10:53 a.m.11 views

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/03 10:30 a.m.8 views

The Hidden Weaknesses in AI SOC Tools that No One Talks About

If you're evaluating AI-powered SOC platforms, you've likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/03 9:25 a.m.11 views

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities...

9.4CVSS8AI score0.98557EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/07/03 4:24 a.m.15 views

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager Unified CM and Unified Communications Manager Session Management Edition Unified CM SME that could permit an attacker to login to a susceptible device as the root user, allowing them ...

10CVSS7.6AI score0.96732EPSS
Exploits12
The Hacker News
The Hacker News
added 2025/07/02 5:9 p.m.6 views

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics. "Unusually for macOS malware, the threat actors employ a process injection...

8.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/02 11:0 a.m.8 views

That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what's legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response EDR fall short at detecting the most important threats to your...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/02 10:45 a.m.13 views

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. "A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers,...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/02 8:56 a.m.5 views

U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC has levied sanctions against Russia-based bulletproof hosting BPH service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world. The sanctions...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/02 5:48 a.m.11 views

Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale

Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence AI tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. "This observation signals a new evolution in the weaponization of Generative AI by threat actors who have...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/01 6:3 p.m.8 views

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence AI company Anthropic's Model Context Protocol MCP Inspector project that could result in remote code execution RCE and allow an attacker to gain complete access to the hosts. The vulnerability,...

9.4CVSS9.1AI score0.38532EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/07/01 4:26 p.m.14 views

TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader. Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/01 1:51 p.m.16 views

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

A new study of integrated development environments IDEs like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. "We...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/01 11:0 a.m.9 views

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It's where 85% of modern work now happens. It's also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices crea...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/01 8:55 a.m.25 views

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 CVSS score: 8.1, has been described as a type confusion flaw in the V8 JavaScript and WebAssembly engine. "Type...

8.8CVSS7.7AI score0.08404EPSS
Exploits14
The Hacker News
The Hacker News
added 2025/07/01 7:53 a.m.12 views

U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms

The U.S. Department of Justice DoJ on Monday announced sweeping actions targeting the North Korean information technology IT worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers. The coordinated action sa...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/01 4:21 a.m.11 views

Microsoft Removes Password Management from Authenticator App Starting August 2025

Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft's move is part of a much larger shift away from traditional password-based logins. The company said the changes are also meant to streamline autofill within its two-factor...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/30 4:29 p.m.6 views

U.S. Agencies Warn of Rising Iranian Cyber Attacks on Defense, OT Networks, and Critical Infrastructure

U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. "Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/30 3:17 p.m.8 views

Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects

Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million $540 million from more than 5,000 victims across the world. The international effort, codenamed Operation Borrelli, was carried out by the Spanish Guardia Civil, along with support from...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/30 1:30 p.m.33 views

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading t...

6.5CVSS8.4AI score0.81817EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/06/30 11:0 a.m.6 views

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories 

Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromis...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/30 10:16 a.m.32 views

⚡ Weekly Recap: Airline Hacks, Citrix 0-Day, Outlook Malware, Banking Trojans and more

Ever wonder what happens when attackers don’t break the rules—they just follow them better than we do? When systems work exactly as they’re built to, but that “by design” behavior quietly opens the door to risk? This week brings stories that make you stop and rethink what’s truly under control...

9.8CVSS8.8AI score0.09756EPSS
Exploits4
The Hacker News
The Hacker News
added 2025/06/28 9:48 a.m.11 views

FBI Warns of Scattered Spider's Expanding Attacks on Airlines Using Social Engineering

The U.S. Federal Bureau of Investigation FBI has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector. To that end, the agency said it's actively working with aviation and industry partners to combat the...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/28 7:58 a.m.20 views

GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool

The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool. "Recent campaigns in June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a broad range of sensitive...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/28 7:19 a.m.7 views

Facebook's New AI Tool Asks to Upload Your Photos for Story Ideas, Sparking Privacy Concerns

Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence AI, including those that have not been directly uploaded to the service. According to TechCrunch, which first...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/27 3:58 p.m.9 views

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Threat hunters have discovered a network of more than 1,000 compromised small office and home office SOHO devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box ORB network has been codenamed LapDogs ...

9.8CVSS9.5AI score0.02453EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/06/27 1:25 p.m.14 views

PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack

A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet WPCT, China's education policy...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/27 11:0 a.m.7 views

Business Case for Agentic AI SOC Analysts

Security operations centers SOCs are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today's security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/27 10:25 a.m.6 views

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox aka Void...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/27 7:43 a.m.15 views

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems. MOVEit Transfer is a popular...

9.8CVSS9.6AI score0.99934EPSS
Exploits15
The Hacker News
The Hacker News
added 2025/06/27 6:31 a.m.9 views

OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/26 4:46 p.m.7 views

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry "open-vsx.org" that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/26 1:24 p.m.12 views

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine ISE and ISE Passive Identity Connector ISE-PIC that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers...

10CVSS9.2AI score0.96732EPSS
Exploits12
The Hacker News
The Hacker News
added 2025/06/26 1:3 p.m.11 views

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/26 11:0 a.m.4 views

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/26 8:45 a.m.21 views

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps IRGC has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. "In some of those campaigns, Israeli technology a...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/26 7:19 a.m.14 views

Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa

Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/26 6:2 a.m.13 views

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of vulnerabilitie...

10CVSS6.8AI score0.82714EPSS
Exploits2
The Hacker News
The Hacker News
added 2025/06/26 4:36 a.m.5 views

WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews

Popular messaging platform WhatsApp has added a new artificial intelligence AI-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States,...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/25 4:56 p.m.16 views

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service SaaS applications. Identity security company Semperis, in an analysis of 104 SaaS applications,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/25 2:51 p.m.28 views

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543 , carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could...

9.4CVSS9.5AI score0.99999EPSS
Exploits32
Total number of security vulnerabilities20917