The Hacker News

31 October 2025 14:33

⚠️ Chinese hackers are exploiting a critical 9.3 CVE (CVE-2025-61932) in Motex Lanscope Endpoint Manager.

It lets them run SYSTEM-level commands and plant a Gokcpdoor backdoor with new multiplexed C2 channels.

Active attacks confirmed ↓ https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html

The Hacker News

31 October 2025 09:49

CISA and NSA just issued a warning:

Exchange servers are still getting hacked. Now a new WSUS flaw (CVE-2025-59287) lets attackers run code remotely.

Even patched systems aren’t fully safe.

If you manage Exchange or WSUS, read this ↓ https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html

The Hacker News

31 October 2025 09:04

Developers accidentally leaked VS Code tokens — letting attackers publish fake extensions.

Eclipse has revoked the tokens and added new safeguards after a campaign dubbed “GlassWorm.”

Read → https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html

The Hacker News

30 October 2025 18:01

💀 Google says it blocks over 10 billion scam calls and messages every month.

But scammers have adapted — they’ve gone social.

Now they send fake job offers in group chats, even adding fake “friends” to make it look real.

The new scam tactic most experts overlooked ↓ https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html

The Hacker News

30 October 2025 17:29

⚠️ “Patch everything” is dead.

At the BAS Summit, CISOs said it straight — not every vuln matters, only the exploitable ones do.

Breach simulation shows where you bleed, not where scanners scream.

Proof beats panic. Read how BAS powers real defense → https://thehackernews.com/2025/10/the-death-of-security-checkbox-bas-is.html

The Hacker News

30 October 2025 12:03

⚡ Cybercrime just got quieter, cheaper, and a lot more precise.

💥 DNS flaws exploited
💥 Rust binaries hiding payloads
💥 Supply-chain heists rising
💥 New RATs everywhere

Your weekly ThreatsDay recap has it all → https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html

The Hacker News

29 October 2025 16:39

🚨 PHP servers are under attack.

Mirai, Mozi, and Gafgyt botnets are exploiting old CVEs to hijack WordPress and Craft CMS sites.

Some break-ins start from leftover PhpStorm debug sessions still running in production.

Check if yours is exposed ↓ https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html

The Hacker News

29 October 2025 15:58

⚡ Your AI-driven compliance might already be non-compliant.

Regulators aren’t ready — but you can be.

Join the live session Nov 3 to uncover hidden risks and real fixes.

Register free → https://thehackernews.com/2025/10/discover-practical-ai-tactics-for-grc.html

The Hacker News

29 October 2025 12:57

🚨 Russian hackers breached Ukrainian networks — no malware needed.

They hijacked Windows tools (PowerShell, RDPClip, OpenSSH) to steal data and stay hidden for months.

Real fileless persistence — living in memory, invisible to AV.

Learn how they did it & how to detect it ↓ https://thehackernews.com/2025/10/russian-hackers-target-ukrainian.html

The Hacker News

29 October 2025 09:12

🚨 CISA confirmed ACTIVE exploitation of new flaws in Dassault Systèmes’ DELMIA Apriso and XWiki.

One lets any guest run code.
Another gives full admin access.
Hackers are already dropping crypto miners.

Agencies have until Nov 18 to patch ↓ https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html

The Hacker News

28 October 2025 17:34

🚨 New Android Trojan ‘Herodotus’ is on the move.

It’s hitting phones in 🇮🇹 Italy & 🇧🇷 Brazil — stealing 2FA codes, logins, even lock PINs — and typing like a human to slip past fraud detection.

🔗 Read full report → https://thehackernews.com/2025/10/new-android-trojan-herodotus-outsmarts.html

The Hacker News

28 October 2025 17:15

AI-driven attacks move faster than humans can react.

The real risk? Teams flying blind.

ANYRUN flips the script — predicting attacks before they strike. 99% unique IOCs. Zero lag. Full context.

Early detection turns panic into power → https://thehackernews.com/2025/10/why-early-threat-detection-is-must-for.html

The Hacker News

28 October 2025 09:25

⚠️ ALERT: A Chrome zero-day (CVE-2025-2783) was exploited to deliver spyware built by Memento Labs — the firm behind past government surveillance tools.

One click in Chromium = full sandbox escape.

Read this → https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html

The Hacker News

27 October 2025 17:45

⚡ Security and speed shouldn’t be enemies.

But when AI agents multiply faster than controls can keep up, most orgs fall into firefighting mode.

Join our live session to see how forward-thinking teams are:

✅ Governing thousands of AI agents automatically
✅ Embedding security guardrails that scale
✅ Shipping AI features faster — and safer

Live webinar: Learn how to scale AI securely, without compromise → https://thehacker.news/securing-ai-adoption

The Hacker News

27 October 2025 15:34

🚨 New exploit targets ChatGPT Atlas AI browser.

Researchers at LayerX found a CSRF flaw that lets attackers inject code into its persistent memory, surviving across browsers, sessions, and devices.

Once infected, even a normal chat can silently execute hidden commands.

Full report ↓ https://thehackernews.com/2025/10/new-chatgpt-atlas-browser-exploit-lets.html

The Hacker News

31 October 2025 14:29

Most MSPs are walking straight into a trap.

Clients now expect enterprise-level cybersecurity — but many providers are still selling basic IT support.

The result? Lost clients, slower growth, and higher risk exposure.

Is your MSP ready to lead with security? ↓ https://thehackernews.com/2025/10/the-msp-cybersecurity-readiness-guide.html

The Hacker News

31 October 2025 09:10

A Mac app just bypassed macOS permission checks — silently turning on the mic and camera.

ThreatLocker’s new Device Access Control (DAC) for macOS, now in Beta, flags hidden risks like unencrypted drives, SMBv1, and weak sharing settings — before attackers can exploit them.

Learn more ↓ https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html

The Hacker News

31 October 2025 08:10

CISA added a new VMware zero-day to its KEV list.

CVE-2025-41244 (CVSS 7.8) lets local users on VMs with VMware Tools + Aria Operations gain root access.

Exploited since Oct 2024 by China-linked UNC5174.

Patch released last month ↓ https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html

The Hacker News

30 October 2025 17:47

🔥 A tool built for defenders is now arming attackers.

AdaptixC2 — an open-source C2 in Golang — was made for red teams.

Now, Russian ransomware gangs use it in fake Microsoft Teams help-desk scams.

Details ↓ https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html

The Hacker News

30 October 2025 15:46

🚨 A single line of JavaScript can crash any Chromium browser.

Researcher Jose Pino calls it Brash — it abuses how document.title handles rapid updates.

24 million title changes per second = instant crash.

Still unpatched. Details ↓ https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html

The Hacker News

30 October 2025 11:17

🚨 PhantomRaven hit the npm registry — 126 malicious packages, 86K+ installs, stealing npm tokens, GitHub creds, and CI/CD secrets.

They hide malware in remote dynamic dependencies that show 0 deps, so scanners miss them.

Details → https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html

The Hacker News

29 October 2025 16:12

⚠️ AI browsers like ChatGPT Atlas and Perplexity Comet can be tricked into using fake data.

A new exploit — “AI-targeted cloaking” — lets attackers show one version of a page to humans and another to AI crawlers.

Same old SEO trick.
New weapon: misinformation at scale.

Read how it works ↓ https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html

The Hacker News

29 October 2025 13:33

🔴 The next big breach won’t start with a stolen password.

It’ll come from your own AI.

Agentic AIs are the new “confused deputies” — doing what attackers tell them, with the access you gave them.

The scariest part? You trained the threat ↓ https://thehackernews.com/2025/10/preparing-for-digital-battlefield-of.html

The Hacker News

29 October 2025 09:35

🚨 10 fake npm packages (~9.9K installs) hid a cross-platform info stealer.

It spawns a fake terminal, pulls a 24 MB payload from 195.133.79[.]43, and drains keyrings — not just browser creds.

Instant access to email, cloud, VPNs, and prod DBs.

Read details ↓ https://thehackernews.com/2025/10/10-npm-packages-caught-stealing.html

The Hacker News

28 October 2025 20:18

🔥 Researchers just broke Intel & AMD’s newest “secure” enclaves — again.

A sub-$1K hardware rig can steal attestation keys from fully patched systems running SGX, TDX, and SEV-SNP with Ciphertext Hiding.

Even constant-time crypto and DDR5 encryption couldn’t stop it.

Learn how TEE-Fail cracks open AI and confidential VMs ↓ https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html

The Hacker News

28 October 2025 17:21

🚨 North Korea–linked BlueNoroff is running two active campaigns — GhostCall & GhostHire — into 2025.

GhostCall fakes Zoom/Teams meetings to drop malware via bogus SDK “updates.”

GhostHire targets Web3 devs on Telegram with booby-trapped GitHub tests.

Full report ↓ https://thehackernews.com/2025/10/researchers-expose-ghostcall-and.html

The Hacker News

28 October 2025 11:48

Google Workspace isn’t secure by default.

Many startups operate with open sharing, broad app access, and limited oversight.

The risk? It often looks completely normal.

See how lean teams are locking it down → https://thehackernews.com/2025/10/is-your-google-workspace-as-secure-as.html

The Hacker News

28 October 2025 05:15

⚠️ SideWinder hackers strike again.

A European embassy in New Delhi was hit using fake Adobe Reader updates and signed apps to sneak in StealerBot malware — stealing passwords, screenshots, and files.

Other targets: Sri Lanka, Pakistan, and Bangladesh.

Full report ↓ https://thehackernews.com/2025/10/sidewinder-adopts-new-clickonce-based.html

The Hacker News

27 October 2025 17:13

⚠️ WARNING: X users with security keys (like YubiKeys) must re-enroll 2FA by Nov 10, 2025 — or get locked out.

The update moves keys from twitter[.]com to x[.]com as Twitter’s domain is retired.

Details ↓ https://thehackernews.com/2025/10/x-warns-users-with-security-keys-to-re.html

The Hacker News

27 October 2025 13:59

🔥 The week in cyber: patches weren’t fast enough, trust wasn’t enough, and attackers weren’t waiting.

→ WSUS exploited
→ LockBit 5.0 returns
→ Telegram backdoor
→ F5 breach deepens
→ YouTube malware surge
→ MuddyWater spying
→ Lazarus fake jobs
→ CoPhish OAuth attack
→ Russia bug law
→ UN cyber treaty

⚡ Read the recap: https://thehackernews.com/2025/10/weekly-recap-wsus-exploited-lockbit-50.html