All News

The Hacker News

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAZIT5QfPXpGmzooeQNGYiuOvzVGrd6uTiQJ85ia1Dbm66cl6WXKMXXu3WYGj6NcXkK-f-vHYC44pNLvkvNYSB2OZ_L3vdEn_IPD9QP48QhvwFrEZnLc_7Pc2xKAexzN1t09uLIPuTZK-cMCN8_DP2V5pSRHxGTYM-lEf-WLbhyFWomvDqa8t2Qy7m3-TY/s728-rw-e365/crushftp-hacking.jpg

The Hacker News

April 8, 2025

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

CrushFTP flaw CVE-2025-31161 exploited since March 30; 815 systems unpatched as agencies race to secure.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiibzHOs0h7JCFe1By8GBWAM4RW-Y106Jh3e6MG_dM2osPFhWlbQ87NJ0SG_2C9Qrslu9dtnhKiEhbPUdQ41FogJxsr_YfPty_Q5l9bGyDfSIxRXvDCjwurdimViIRdCt2h7RxEyxLTREHDdQKjc011lo5ZDFlZdxUdMssvO4kr3sdqaPWvR0QXL7TyHGw-/s728-rw-e365/android-update.jpg

The Hacker News

April 8, 2025

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

Google patched 62 flaws, including two actively exploited kernel bugs, closing exploit chains used in Android attacks.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQbchw4kY7qvpPvnhbrgWF7aHK-td7dSua1RaLC_rsGOp2xYAVzVqXji25-82iI5vbxFMHZmCu2NgZcaLL1Iouci1PGpJZiS_Z82j86QknC8ZEtKvKH6HBCl10junr4VsjFH_vSLJqnXii2-hjBc4jEzMGinJcDEcyHtcu3aNnWEYjNc5ngLjd_LLiqRSO/s728-rw-e365/fastflux.jpg

The Hacker News

April 7, 2025

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

Fast flux exploits DNS gaps to evade takedowns since 2007, enabling resilient malware and phishing operations.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDBLKP37H1-wuA-hlBltoiaM22BWRt75RfoEm7G_bpgacuM_O5hghSt1JVWqyGhHzodlnPkyEdEh0odcjbNyp8qYTlbp0TEqyTXFevvipOni54CjUhvfTmFuX9oI7mrRJZt19sSn8me-FHRr8wE2twuIEc8jcaBGt-eewRp2-2h5M0IvmnD0GWiWrKo74/s728-rw-e365/oneidentity-main.jpg

The Hacker News

April 7, 2025

Locking Out Threats: The Evolving Threat of Account Takeovers

MFA bypass attacks surge with session hijacking and token theft, requiring layered defenses to limit breach impact.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSzPDtC6yOZqAYunnDhExdMMhZvp8g4PBzEcjh5mkf4QVvQ2xVbSNJqe-RZZhAYTjUUdztyimgD_QmR3ceSYDTOxJID5wmCDyoLuinftPx5Y3UExUNV9iWgt8VZUxmxjXRu1emZohg50WojBkVpagdCJMFKmI9GdX9rHcfbUj9-ZEHf9OWm2a_fRJKPLki/s728-rw-e365/recap-main.jpg

The Hacker News

April 7, 2025

⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Comeback and More

This week’s THN Recap shows how attackers are outsmarting outdated defenses — and what you can do next.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbC_TIGQTO-1Uc6_izxGwiTfKoX1ezBRQXUnEVk72RH6NFqe6TPbBbM2_LolN_959PBPK7wdIpN0HL8n_V7A4xMqGOrjHz-0_s8cFQeOlUqhzdtsnx3harpixhE2piVqqwZoCAkbCjYloQP94GNEgZfwKyFvWuaJY3Uiy1tjAcVPyUwiZ8_t4s728-rw-e365W5hm/s728-rw-e365/xmcyber.jpg

The Hacker News

April 7, 2025

Security Theater: Vanity Metrics Keep You Busy

Vanity metrics mask real risks; Gartner forecasts CTEM adoption could cut breaches by two-thirds by 2026.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim6-qtZRWHS1tQTTkSLxAJEPuZNwds0SE-9EmKCtCJ-l3_U24gRDCSbH04NjUCT0v4dIjcpaz9WFWfEkdWuHKSH1QSwnUWwehtLdDH_WtFI5FFyPYemDnqlMX-9Cupb1pD6L0jNqwBB8R4QwcDvZ3OWHj5PDXrkHNvIO4AFv2pZwjyb59rEx7I_D2IN_kL/s728-rw-e365/crypto-seed.jpg

The Hacker News

April 7, 2025

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks

PoisonSeed exploits CRM credentials to spread cryptocurrency seed phrase attacks, risking major wallet compromises.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-ZaNQicYT5BQx7e5lfyosmaQo6Jnh8ILmX574nYtXe8jDYY79ORiByqIhmRN76FMrkkDo-zZ_xL0wohtaO17ho3fYeGN_eRDeHEs_-_ADzmGf_b5enJkZu_JnAKCBvjnvvjOBJpFHJvtphUWrj0Mgfg2ezBGi9dmgRS517ANWZ-U3KEmtB0A5zDZSpD0/s728-rw-e365/git-main.jpg

The Hacker News

April 7, 2025

The New Frontier of Security Risk: AI-Generated Credentials

GitHub Copilot adoption rose 27% (2023–2024), causing a 40% spike in secret leaks, widening enterprise attack surfaces.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3EDB3IhYwDGsGiUyRF0FRrtq-NxDC15oipXEsDMoXVZPPbBYkYLTTcSnfN8ZMMcvkF_AV3F2SiKPFQhEVVCmJSY1mxJqtih-zBWzqWL4AOb1tLtxe47ntO7jNsisbKyUKaKFNpIPwma_F3E9jmjcwIPVbc73mvyafp7u28AQgH-i2CUGSpyuSE9Nsk3Y/s728-rw-e365/drata-main.jpg

The Hacker News

April 7, 2025

Supercharging Security & Compliance with AI Copilots

AI copilots streamline security compliance by automating audits, evidence collection, and policy support, improving efficiency by up to 60%.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAMAnz-LMCwpKGmZD-x3MQ_sDKw7Zz3eEyNAHZnqsbm7_p1cjlkW89E44ABBQ6GCRQ-Lq7D9WUlimx5hA4OHCivazKWdEcLRpEa3-FISA-8e2jvM4vCWEGmXyjC4pZVGGdZy574s-K4t6Y47hPYQ2eDSh-DNYztFxg329ov9HCfXNNDmO-1j_vu9Pk4uOT/s728-rw-e365/ms-hacker.jpg

The Hacker News

April 5, 2025

Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

EncryptHub compromised 618+ targets using Microsoft flaws and custom malware after failed freelance attempts.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9Uh-eKu2wWqw5UIL6iqmOHKmW_z0LpG5XpNYQl7RBOkLAtQX1_tSGNalKwkIxXsmBdY0h8YoC10MySsHpgWuH_rjUWFvmQd6UCXTykgwYJ4JlNVs4d35qssuKawUVnL0YuFd0-Xsb6ixzF8RZVwK2ipl1gkCqqhf1majJPXiC7bEe_P5Ex6UdlHAUFU1X/s728-rw-e365/npm.jpg

The Hacker News

April 5, 2025

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

North Korean actors used 11 npm packages downloaded 5,600+ times to spread BeaverTail malware, expanding attacks to Bitbucket.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzTn75yFyPinclCY83tyxHxJHN8b9sCd99orKpxwXImOHPgy7AeTX26xlVMcaGFsG0VmgocZgb4HYREa-OHE2K0SdCnFWdzUanSIWaTmVpEA1Dfk2qk2YcA5_KJX63t-ywByAPh2rZRKFV4WojfpK810BOqZdSAV45kSyaRu5r52T-iEEh1rff51xSWcvM/s728-rw-e365/pypi-malware.jpg

The Hacker News

April 5, 2025

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Researchers found Disgrasya downloaded 37,217 times, targeting WooCommerce with carding scripts that steal payment data.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCJMdiwIavBa0wI3kGPkWYZD-72a5YNecTRZCai6gVL3dtWmeAKH9BdSk3-xf2w_IPDZysjnE0WNCqZuNdzNoGvmfri07SXOlF19YZ2QqboQ0dglgzBAcZLK29Urky4PSeKc0fQd3J2YatwcuwQE-ASUMCidjt98twk5i7ebhWV2d-qHAsGQn5vYgVwKf4/s728-rw-e365/github-hack.jpg

The Hacker News

April 4, 2025

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

Leaked SpotBugs PAT in November 2024 led to a GitHub supply chain attack, compromising Coinbase in March 2025.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrDCWS6B07Vztre5CTnGdL-I37Lu0C34z3XQa5fb1S9C-V_JZNoMReZ2tMCvArfIpt6oTEe_fodu880Z3kchFv4xa6G75J5Gqc413hlGjzLnEC2TtQmGVn5A76S6dzcRXvkwq3OzE9GhO2QuUGssSP1pg1m-x3EzIBUiCLyUgqa1qPMbYgqCS7oUHJHO4/s728-rw-e365/chaingaurddev.jpg

The Hacker News

April 4, 2025

Have We Reached a Distroless Tipping Point?

Chainguard OS cuts container vulnerabilities by 94% by continuously updating upstream packages, enhancing security and efficiency.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCltg902mTaOYxU2hZDJqQJhi9eJluvxfnbIAsb0TGxGbkPpcC2bFLnQmwCw0xC-ve4pgNLlSGzT1rUVmaIyWGodNQihyphenhyphenWcgsL9fUGrMAcfYJ-zz2XtKlN-7-L6WZF6Md48cG9sQYj_xsdC55um9N2jlmq-wKw5C3FeBC-IsEhCmuihjjNxXsFakuZOeyB/s728-rw-e365/hackers.jpg

The Hacker News

April 4, 2025

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

Ivanti patches CVE-2025-22457 exploited by UNC5221 in March 2025, risking remote code execution and credential theft.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinjtUMF19M1JEXdaLMbMDAmPNKflZgbYuwqdLc8ll6_lmTivextTVfdGVPHVEn_6eAovS_QCjua0l6HDL-tgs2Pzy9wpfVOkxF_a_4FwAyBAZEXha-7rpgQpNalwH3LpO0IdRMh4YAeD-rzXyXaaqx_kn2NttO2sJ35SDXk9OTBQ35pfpOVNSBKvDJS2K2/s728-rw-e365/hacker-exposed.jpg

The Hacker News

April 4, 2025

OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers

Novice hacker Coquettte exposed through OPSEC failure using Proton66 to distribute malware and illicit content via fake antivirus sites.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMxvAwVD_wGKDTL5DasfV5uoYt8gqjhd6jismbKI0mAkH46-2RttjCnagGH4bUpmGOZe6Ijc6whb9u0iNcJh1yxsFFpVw75Tfj7fosyTmYnxyOV_EZy0Dy-7CIlzICWyLFwejIDhLIPYou7EM8BslM5H1bnQD1Btg_hTddOpgApGQDCrzawYTgTU1uNokp/s728-rw-e365/cyberattacks.jpg

The Hacker News

April 4, 2025

CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware

CERT-UA reports three cyberattacks since fall 2024 using WRECKSTEEL malware to steal Ukrainian state data.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8SZm2bMnr5sNUMNrpVcl2Z6VCjSWYXv-MzAMnuywVJnQzC0XE_kAA7iyOHbhHif8FrVBbx3lYCnwzec0agkDYE66k-FVRJOECGH7ohydohuo55kepS81NIk63PLR7ZcShnHRTAb4dvGSsNMUyi_PVRrwgcpXVUw5bbc9t0bjggrtf0zQW8umDl_iHJGUE/s728-rw-e365/apache.jpg

The Hacker News

April 4, 2025

Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code

Apache Parquet flaw CVE-2025-30065 enables remote code execution from crafted files, risking data pipelines.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5Xcc9Zn_nbhrMNv2piZYznJXBb7bqlU0YWcAidDMQz8iQkNOYKozLC2PD0NDqBWWJoyK1ySs2rDCXnUPh4JJN0EKtWtBr7iGL4C5QOeyLDn8GTp3LoaAQRCIEyQK73PrsP8ACVH7kAEJJFcrQx_iNQRmTnYbsmAcQmEUTL29qjDeNljuzlEOoFFM3ywiG/s728-rw-e365/phish.jpg

The Hacker News

April 3, 2025

Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware

Tax-themed phishing hit 2,300 U.S. firms in Feb 2025 using QR codes and fake login pages.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhO_c-XOYl7-Hq892uDpCyqNOVKadcDQO2mWTDDiFRoFdtPMOIMfDbWkh6t6LkdQkvpJEId71tppdArll4nPbPV59fKOszhtlr2_c1yeKz-Ri5-ugi0uD3XD4NyD_43flOfyk1d8WaiY8R48Pgpat6V-JvwKebnK75zGRjUq_fRWHgOZzK3DZoatWKjOlKa/s728-rw-e365/ClickFix-malware.jpg

The Hacker News

April 3, 2025

Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware

Lazarus Group deploys GolangGhost via fake job interviews using ClickFix, targeting Windows/macOS users with finance roles.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTSVTRKCYISiJJmvIuWiQKnfQ4IaR8H9jM4tXaJzvtZDSrna4Vb-zPpHwZR7A_DnXzibnEsuLVGnvt_zZKEityIGQoliSJiMlKodysLyoTF4Tujx2aXsiCae7gUX415hYdRIbl-32PelGkJN8QWBHyFyBCuX5Ur98BQ9eEmFkPW8M6d17IRDrU9Egrwevr/s728-rw-e365/-ai-security-webinar.jpg

The Hacker News

April 3, 2025

AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar

AI-driven cyberattacks now clone voices and manipulate data in real time—adapt fast or fall behind.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwQCcQW4EBU0VfJHTvXykserKPJ1bz9dmRqSBvAEBIGXlHlC2gv0yRDztWQ8qUOBNMx3oIA0MAdlFqNV-20OMlTXwQ-EL9Z-AJcHHtVO5KAXe4jCF_RRy36usQ1SLJCe1WZtz1zexdhQ8lxQWN6dS9b6p_ZDacmxsCDnO4YTKJPwDoREBW-SwU-8IJEl8/s728-rw-e365/ai-security.jpg

The Hacker News

April 3, 2025

AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock

Compliance concerns delay AI adoption across enterprises, exposing them to faster, AI-driven cyberattacks.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlZoxvxFaT4TepNFMjnofOlr7j6fVoeRXgT7XHtDFvm3bvnN18jJA6yxLJOd-1sRUPSNpZTo7-1ReJWJ_WVW9p8FS0DmO570e6YqPMPQVc5iloVJqp8RacYYELpQoVZ2SwdxwjZ9SucZ7bhXik5WaqYKPltyQTl6b5IN7PpWuSVV4K7CCR8HhyphenhyphenkJzVklJ0/s728-rw-e365/quickshare-attack.jpg

The Hacker News

April 3, 2025

Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent

Quick Share flaw CVE-2024-10668 bypasses earlier fixes, enabling DoS or unauthorized file delivery.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9lQtdkhP6iiKlnwFYB298yo4CfuuQ87avx_KyORFmN8Yt0TAzKCOFdor4Y9BC2Xp9Ag92jTIsWWyw0NINosiLhqtjCgAbPeIss2pnn0mt1h90Ab6Gg5BZ1B5b_A_s0ancfFyR4CVNGaN7U_EufOKYW2DrCJEAmiaf8e8gfVy757Ms68AMNUEaG8WHHxuX/s728-rw-e365/android-malware.jpg

The Hacker News

April 3, 2025

Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices

Triada malware infected 2,600+ Android devices via counterfeit phones in March 2025, enabling remote access and crypto theft.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGKPkCGAcRdk6A5JDQxFjzb0MJnptNLIougw5jjYG0L_h8PELRj371auFqpXF-2DouP6ZyqKWtamj7dMneIG-G0weJCifrvsF-fLIVVx2_rVvCtKHyXEnQ8vnUplzvwJyQej3HXvhTKItI8JoRrKjADM7gcBuh7DEtfmqE98AnnPrtqGAnIKXVCAtCW035/s728-rw-e365/stripe-skimming.jpg

The Hacker News

April 3, 2025

Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign

Sophisticated skimmer uses legacy Stripe API to validate and steal card data from 49 sites since Aug 2024.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi04ukptBlRS-AOYC-7b_LjWAP1HhMXr7ZX0c-5xOsAriUb4og9_iOYrAmbqEGoMxmOu1gjzxt18ZTlGd2xK4wMQQspWeSfrnyV7wftNTjLA4mW4qHfC1uhu0kfdOmGacDoVbKzDTd6vVfrsMFVq1uM-8chyz-dNU_B7h7AqBsjIB9cdpO5H4cwc4vqeucj/s728-rw-e365/site.jpg

The Hacker News

April 3, 2025

Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation

Kidflix had 1.8M users and 91K CSAM videos; Europol's 38-country probe seized 3K+ devices.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXHpZfMK9c_7qs10Nxs5C01t3Rrv9KfcCuKIcVIYr9bKIFY0blX0GW6PaAE9_MIiJiXJLo8O7-djZyzkO7HhG1b60Yr9-u5g_lG2DSPJFTlYeN6pKZOwvfewuy8Gj1RwDe9oeZzB4_RTOOTwvcvPOcCEr5khGOU7rUqbHOin25VbHlpUQmPgeKT8zKan0e/s728-rw-e365/ImageRunner-vulnerability.gif

The Hacker News

April 2, 2025

Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

ImageRunner exploit let attackers access private GCP container images; Google patched issue Jan 28, 2025.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB1D3ky8Wz2VCWya9L1An-rODEsgnofE0_mzsL9A_5Sg6fatoFocDfEcKsCcuQuMJi459oDFcicItUrMLdKqgb1zgzPji7weB2sV_d_wn10B954h4PCJocLnNa0oIndfDJqwkd-h8cdmARmkIAcA5IFJ0vxdYrsj3Ys9FoY1weFMvNzGLvqJsFlVSySvc/s728-rw-e365/nist.jpg

The Hacker News

April 2, 2025

Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers

93% of service providers struggle with NIST compliance—automation reduces manual work by 70%, boosting efficiency.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3w77_VNhOqHvKMNPiEeri9iIctHc8bg5-8ur61OpsuGsffo7Q-hnwUw4_t2GqYoa5mxzsnNwrNy6p9SYxTzB8kR_jdMmPeJFx3cXhp59uBJdeaJ78ubzbOwsUILyXwL5fuLEP00Qik3z8JzqVWe1I0qheKPQZKBm9SIhP5vBWsQR7W6OZZcjc-vh-EJcS/s728-rw-e365/linux-malware.jpg

The Hacker News

April 2, 2025

Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers

Outlaw malware exploits weak SSH credentials + uses worm-like spread since 2018 + enables cryptojacking.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiECalAu4npkARUJ61hmZv5pyQOZukXmYFwZOf3dX85yncYNPXlNCe0vPYM3JF8QniGP5MeZwVNisMb7yaN6VyGMpJcydN2OhX1gWiShJvnOXY5W3rcychm2pGbaW21micYaOkZmsejRfB_DNwNDtMXpZpXxc831xQmOx9y_YoGlaL-t-RBtQN9SW-x-TM/s728-rw-e365/outpost-ssl.jpg

The Hacker News

April 2, 2025

How SSL Misconfigurations Impact Your Attack Surface

53.5% of websites have weak SSL setups—leaving attack surfaces exposed and increasing breach risk.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgg-KAsX8XCyCgqBF_oo56BVgAWPwKG-4OYWMe8uQBZGB-d1BLLFJZW2leNVn1yrL4YxveaxXbZtbE_ufLigj4UW-8JO43muGUSonzxfYIz6BVvGLw9NQ8yLIi7j_puYOUKokhY7uNpi32hPg5bU7GLtEVxIdItCkWlWxDhyoDOi_UCF6EUcc-fWEbwURAV/s728-rw-e365/windows-hacked.jpg

The Hacker News

April 2, 2025

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

FIN7 deploys Anubis backdoor via malspam to control Windows systems using stealthy, memory-resident payloads.

The Hacker News

April 2, 2025

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

Hijack Loader now uses call stack spoofing and ANTIVM modules to bypass detection and persist.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7T76r7kS8PZOsdzi_Rqfb4YQ9TlduBV_oDyqzjBXyrvuLrPjXBthb3OjCYCE8xTnq1h84I8Wfzxt9-v1kK-7lVj1YsxCoxZY8zZIM9knp_wY0_ZAsCQsLz2mUol-4MKoKsTvrZd9W04c39ORJP9qsWlAOeL3a9uhaSaO0cuZ3LC2KRz01mXOTrKxMFccD/s728-rw-e365/main-crypto.jpg

The Hacker News

April 1, 2025

Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

Over 1,500 PostgreSQL servers compromised via weak credentials and SQL abuse, enabling fileless crypto mining.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbxpc3hRdov5Diqy6JBDvzq3Z8vzL4j5F4IoDEur800oUFvl8GJoe6Pd4wgAeworpNX4n8Z2RjKgEkR3G9b4zg4LYrVSUXo_w75oqfTEa0uAYHWLR71cnYgxR3wtBVao50AUMLu56jdNaCafM12WkBUWH0TTp_3H2r1PTSS8dOd_PSEaOG3UXk6IxWCnxE/s728-rw-e365/gmail-End-to-End-Encrypted.gif

The Hacker News

April 1, 2025

Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform

Gmail launches client-side E2EE beta on its 21st birthday, simplifying encryption and boosting admin control.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ-tNebaQQ4zlrOUTWId2atRc-B-_oDKtXIW2pQFT1Xgqh_h_oGvEp-VrziMKj1wmTyh1LLKgxAnqdgSoSXOOJRgsfhFQfNUMB3r_ziK5fT1rSXuFQkZ60PjBCyzmplrygd6GRCN5LyAOjHEEINgikpoqk5zuRtJQojdl7iBxR2UGT89BYeJoH0AcSY2RZ/s728-rw-e365/sms.jpg

The Hacker News

April 1, 2025

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

Lucid PhaaS hit 169 targets in 88 countries by abusing iMessage and RCS to bypass SMS filters

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYFkbv9BXSh7qdjOO8CJFYwa1qrHgvlMUAqX1XLjivHW7JU_gKdsNFdX_Z1tXrq-5ZMNgPROgksD1pS3_o3FmAsMeDZEVpr-2y9eXL0zbCNV-ZJaCfCdxv9GeywyfdC8PM1zRe9cHxhFZYuCENi2BahfgYi4ZOHtD9O5pZnpTHkAQFEAmeLUr88D4UDOgq/s728-rw-e365/ios.jpg

The Hacker News

April 1, 2025

Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices

Apple patched 3 live exploits—CVE-2025-24085, -24200, -24201—across legacy iOS/macOS devices to block escalation attacks.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmbFnFHRVahfGEgdmPP3EiNmei8Y5LXES8k1rTdcEEM24D2x1LNA6qUVztHaj0QddasA5sQ_og2pKN_B7W7v4JG5TpguXlZ9TtvnA1IxWOoPl0ZxE0E-Ergz02j6AWER53xTjHyd46H54q5UCnnfyJjwfN-py1LuqEYB3G2nQUcR9Jp5sEhOnoRop38kTL/s728-rw-e365/scanning.jpg

The Hacker News

April 1, 2025

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

23,958 IPs scanned Palo Alto GlobalProtect portals in late March, signaling systemic recon before potential exploits.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghoxZUqr5nrvYoEsgc4PaaERCGSFBXkUv-SQVCd-Q8yoOo5PUhBR6NrEFly2zxlR6sl5BonMQDlplf7mk8LVsc1FNQPvjNm26QGLB30qg2zpxJkVsXthGQoB3jVOKDbGb4KhjMJ5jZresmEmkiAO7nKgYgEYx062hIuykE1061Wc2uDaRBT9eraO-tEd61/s728-rw-e365/main.jpg

The Hacker News

April 1, 2025

Case Study: Are CSRF Tokens Sufficient in Preventing CSRF Attacks?

Misconfigured third-party script exposed CSRF tokens on retailer’s site + Reflectiz detected it + Breach risk averted.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUg9xRfk-NBs11nqO3ExDvG7lfDaVu27rhVxrpgt0-MSlu6XCY7Z5PcP8MlsUmLe6cgyiMF-0cqKZNslV7olmkb0pI-uvpv35O7OUW2WTxWLVFevrmYh24Aoh8PTz1oeV4UOKm2MGZ9C7RlJ9rK1ijgTElWixp-jS2Lid88IktS1-4f_6xtRzNfzbnfe3Z/s728-rw-e365/chinese-hackers-attackers.jpg

The Hacker News

April 1, 2025

China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions

Earth Alux used VARGEIT and MASQLOADER in APAC and LATAM cyberattacks, bypassing defenses via stealth techniques.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiY0aRrPaF-m2u0R2UBVOBKUW10naXhHR750hZH7lKXa9LfNyBvS4jQ6DfQ4hrQZ19Tj1g8xNLFkU4RKKKA7Wc2z72h_DiKyZWY7BLqn7QWoQyY1AuPcE_wuemHMcbOGspI-tTEFhN7tSxCBcsZNBYh5VuQHA1ATRwFRjRfQpULZ6JkNltYRspSIOuVvQFM/s728-rw-e365/apple-fined.jpg

The Hacker News

April 1, 2025

Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices

Apple fined €150M for applying double consent only to third parties in ATT, breaching French privacy law.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggJa6g8jKzDV-VfotzqyZ5WO-tp1kyFDPHglCvQQAobDG7YbsUkeaeLB-IlqxFysIaIMfeDpmipR_GzW_BWKg3RXjuFheMTgNFh1krGBB_GoQyeajOxttbr2qMqjCDaMqdNrg6iYldX-k6KjR5MyTUwCK-ucJ62_2xpamWvaNzADE9DS-iui-XnYwdW10P/s728-rw-e365/russian-hackers.jpg

The Hacker News

March 31, 2025

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

Water Gamayun exploited CVE-2025-26633 to deploy SilentPrism, DarkWisp, and stealers with persistence.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPGs9FlgRjx323jLr6R1UyNy0lWWISc2edWq4imI_fj-_BJtcrFgd0R10xYSfN2fVkeJ8MqNhCrASXtLqY2uWCPikggp_hMXpRdwltBrTZmmKHIqnXAnyI39VE1XYijoqTZz5sHZ8wc40O1603uoxkgGtayMUg22MrEV30HVjAyB-PpJizNsEORBHOwAFs/s728-rw-e365/wordpress.jpg

The Hacker News

March 31, 2025

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

Threat actors hide malware in WordPress mu-Plugins, exploiting 4 CVEs in 2024 to hijack websites.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZKCfE5YXei1gHXdzOlHq-QdGJ_ZjbBXcLsABNtCFQM-i5Claor0Vtqytqy-7m6zbwgsZme8V4oMoz5pJUfcne-Pyw-F1sAC-VgOYIQ0aa0sHdPYDXFLjEl5fCI-l1ULmw8wSRTGM63_7evJxpKwGMmnXHParuDI5QuUnaWgkpxKuFrCW2FSb3rrNMze83/s728-rw-e365/recap.jpg

The Hacker News

March 31, 2025

⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

Google patched a Chrome 0-day (CVE-2025-2783) used in live attacks on Russian targets via phishing.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq_6t9LdSXCel6_VWE7MK8aOrWpCzpgP0OTAgDxgQMfJTzfx4MY_J60-p4R9fWgnSSscBBniRZkoUz-yocolV2xcXsSQWXeBnnBgNXFb5EfbgrmrWcgasgeEco6ZkXHE5fludN4VlBV_0bzpkh78c9xJeZjOkE23ZSk3T30vg9OKF-voyogFeJqbA0TCk/s728-rw-e365/aws.jpg

The Hacker News

March 31, 2025

5 Impactful AWS Vulnerabilities You're Responsible For

75% of AWS breaches stem from customer misconfigurations + AWS secures infra only + real risk persists.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlN25sawOUlcNHvf04i5rlGONwvvllYqkvd0GqPZ82VVgViJpmdRoTfA2wU5GTH2DcrHtCrkiiQEWlKXSLFdo-yzAXOCzCN5vhICXeWoP6XSOAMXOHgcjTrzp6qaIG9_aIUOKxFr7U4iMD_riq5k9MoeAJAMUCNkig5SCN_x8aS0_J8sqRiej98AhXN6XD/s728-rw-e365/phishing-malware.jpg

The Hacker News

March 31, 2025

Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

Gamaredon targets Ukraine with Remcos RAT via phishing using LNK files tied to reused infrastructure.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirVnLSXTj0nV0elQeB1Ej2bWkTxLFjsP9NAb0zuSBj5kxV3abK4FUck97j6M7qaOdG2_T8yttoqKvKQvLtmsr-G0qUlKA5lfyao-1q8KA1RGxjJhJeoepMwv2AnIUGuBTq68gLzth3hH9Ugv0MNY_1WTqJdW07DMbhoNmc6FRk6XFIxN78gbfijTf9DJ0/s728-rw-e365/zscaler-headline.jpg

The Hacker News

March 31, 2025

What it Means to 'Fight AI with AI' using a Zero Trust Platform

AI worm “Morris II” targets only AI tools, highlighting need for zero trust and smarter patching.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkhyphenhypheneoW69oCkjaVurSbaYCsIEwZ-_mdd2ynA_V9eVIDOIfhFIUZpULKbiIvM1AfnbRxNqLgGijgZXTEuV41rCkIhsZK6Z2xJeRiWaEGW2L4JRzdXpeeAiEA4NW_gmIZmm1sRf7zsfVV27MOy15tggcIZvr-OgxGASbbt_VgkKks2V4rw4S3GpdELrnmv5q/s728-rw-e365/malware-attack.jpg

The Hacker News

March 30, 2025

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

RESURGE malware exploits Ivanti flaw CVE-2025-0282, adding stealth tools and web shells for persistence.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir2MTEFBnBDvG1HzYB810kGKLnr_RhL7Bl6lFHdsrlEMWPuG8LyZkinSppjn9D7H9ReyqIbmt-sGaaHSCTSzlpBoLLw-IZ-JtcCLflvhcX2O-E6Ae9Rff4N6Q9TceCnCt6gShjRdrhd74HyZZLB3129HDTlBy_9EhMRhEvukH3yil8xBI9Xtw0EILxYWU7/s728-rw-e365/trojan.jpg

The Hacker News

March 29, 2025

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

Crocodilus Android malware targets Spain and Turkey using overlays, accessibility abuse, and device takeover.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBX2w2b0OU8NYSPW4qNsxebC6yXcxsAi0SMAuj5F_R53I4o9ORaUwOtsukdZAU5HsYAeOp0dR4LB96QQ4QQhshx9uUuhmrcWCa1gk6cT1Bpoa8oozYeY0eEh8V9YZAAJZgOD4ko4kk8Ix6DFH-YEgdTexJdIWBuaPK0XO9zSyam9VVQpkZGYVZUkA0Eknt/s728-rw-e365/malware-ransomware.jpg

The Hacker News

March 29, 2025

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

BlackLock's misconfigured leak site exposed internal commands, aiding Resecurity in uncovering 46 ransomware victims.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFyI_LQ-MqCu7UZv-PHIqZt71kMhyphenhyphen-9MTEeRCIxbJOgzt2U4YrwPwhwDBMUdEi8BJ4015syM8dEGRV2kITLEkRxXkPeut6QDWjkOXBsSsepsThJE_Njq2Evt68RObgzYeQcswbxHOHbYrrJYqZpEXYFGsPWCVaEN4oh4hjK4rzCkz4hHBBmTrTYI03usQg/s728-rw-e365/hacking.jpg

The Hacker News

March 28, 2025

Researchers Uncover 46 Critical Flaws in Solar Power Systems From Sungrow, Growatt, and SMA

46 solar inverter flaws in Sungrow, Growatt, SMA expose power grids to botnet attacks, risking blackouts.

Showing 50 results of 52 — Page 1