
- Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunnelingby info@thehackernews.com (The Hacker News) (The Hacker News) on August 30, 2025 at 12:06 pm
Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called […]
- WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devicesby info@thehackernews.com (The Hacker News) (The Hacker News) on August 30, 2025 at 4:36 am
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently […]
- Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Executionby info@thehackernews.com (The Hacker News) (The Hacker News) on August 29, 2025 at 5:22 pm
Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.Β […]
- Webinar: Learn How to Unite Dev, Sec, and Ops Teams With One Shared Playbookby info@thehackernews.com (The Hacker News) (The Hacker News) on August 29, 2025 at 3:42 pm
Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next […]
- Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authenticationby info@thehackernews.com (The Hacker News) (The Hacker News) on August 29, 2025 at 1:22 pm
Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their […]
- Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaignby info@thehackernews.com (The Hacker News) (The Hacker News) on August 29, 2025 at 1:12 pm
An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several […]
- Can Your Security Stack See ChatGPT? Why Network Visibility Mattersby info@thehackernews.com (The Hacker News) (The Hacker News) on August 29, 2025 at 10:30 am
Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve efficiency across tasks, they also […]
- Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Pageby info@thehackernews.com (The Hacker News) (The Hacker News) on August 29, 2025 at 9:58 am
Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass […]
- FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Availableby info@thehackernews.com (The Hacker News) (The Hacker News) on August 29, 2025 at 9:44 am
The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control […]
- Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domainby info@thehackernews.com (The Hacker News) (The Hacker News) on August 29, 2025 at 9:05 am
Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent identity documents to […]
- Google Warns Salesloft Drift Breach Impacts All Drift Integrations Beyond Salesforceby info@thehackernews.com (The Hacker News) (The Hacker News) on August 29, 2025 at 7:24 am
Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it impacts all […]
- TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookiesby info@thehackernews.com (The Hacker News) (The Hacker News) on August 29, 2025 at 4:17 am
Cybersecurity researchers have discovered a cybercrime campaign that’s using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called […]
- Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Namesby info@thehackernews.com (The Hacker News) (The Hacker News) on August 28, 2025 at 5:10 pm
Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions. Software […]
- Salt Typhoon Exploits Flaws in Edge Network Devices to Breach 600 Organizations Worldwideby info@thehackernews.com (The Hacker News) (The Hacker News) on August 28, 2025 at 2:04 pm
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the […]
- Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Themby info@thehackernews.com (The Hacker News) (The Hacker News) on August 28, 2025 at 11:00 am
Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when that trust is broken? According […]
- Malicious Nx Packages in βs1ngularityβ Attack Leaked 2,349 GitHub, Cloud, and AI Credentialsby info@thehackernews.com (The Hacker News) (The Hacker News) on August 28, 2025 at 10:36 am
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other […]
- U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profitsby info@thehackernews.com (The Hacker News) (The Hacker News) on August 28, 2025 at 8:53 am
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two entities for their role in the […]
- Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacksby info@thehackernews.com (The Hacker News) (The Hacker News) on August 27, 2025 at 7:04 pm
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments. […]
- Someone Created the First AI-Powered Ransomware Using OpenAI’s gpt-oss:20b Modelby info@thehackernews.com (The Hacker News) (The Hacker News) on August 27, 2025 at 5:07 pm
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock. Written in Golang, the newly […]
- Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectorsby info@thehackernews.com (The Hacker News) (The Hacker News) on August 27, 2025 at 3:10 pm
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft […]
- ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Botsby info@thehackernews.com (The Hacker News) (The Hacker News) on August 27, 2025 at 1:47 pm
A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC). According to […]
- The 5 Golden Rules of Safe AI Adoptionby info@thehackernews.com (The Hacker News) (The Hacker News) on August 27, 2025 at 11:30 am
Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the […]
- Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Databy info@thehackernews.com (The Hacker News) (The Hacker News) on August 27, 2025 at 9:39 am
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial […]
- Blind Eagleβs Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infraby info@thehackernews.com (The Hacker News) (The Hacker News) on August 27, 2025 at 9:28 am
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, […]
- Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775by info@thehackernews.com (The Hacker News) (The Hacker News) on August 26, 2025 at 5:29 pm
Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. The […]