The Hacker News

27 October 2025 12:59

CISOs planning 2026 budgets are rethinking priorities.

Data visibility & DSPM are moving from “nice-to-have” to the foundation for risk reduction, faster audits & ROI.

Read: Why Data Visibility Belongs in Your 2026 Cybersecurity Budget 👇 https://thn.news/security-priority-guide

The Hacker News

27 October 2025 08:39

⚡ OpenAI’s new ChatGPT Atlas browser can be hijacked by a fake URL.

A prompt injection disguised as a normal link tricks the omnibox into running hidden commands.

One click, and your AI agent takes orders from attackers.

Read here ↓ https://thehackernews.com/2025/10/chatgpt-atlas-browser-can-be-tricked-by.html

The Hacker News

24 October 2025 18:31

Microsoft just patched a critical WSUS flaw (CVE-2025-59287) — and attackers are already using it.

One crafted request = full SYSTEM control.

The twist? It comes from BinaryFormatter — the same tool Microsoft killed off last year.

Patch now ↓ https://thehackernews.com/2025/10/microsoft-issues-emergency-patch-for.html

The Hacker News

24 October 2025 13:14

🚨 A bug in the FIA driver portal exposed Formula 1 drivers’ personal data — including passports and licenses.

Anyone could become an “admin” with a single API request.

The flaw is now fixed — but it was open for days ↓ https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html#admin-bug-exposes-formula-1-driver-data

The Hacker News

24 October 2025 12:05

🚨 Hackers turned YouTube into a malware factory. Over 3,000 fake “tutorials” hide stealers like Lumma and Rhadamanthys.

They hijack real channels — likes, comments, and all — to look legit.

Even that “Photoshop crack” or “Roblox cheat” video could infect you.

Read here ↓ https://thehackernews.com/2025/10/3000-youtube-videos-exposed-as-malware.html

The Hacker News

23 October 2025 17:30

North Korean hackers are posing as recruiters—again.

This time, they’re stealing drone tech from Europe’s defense firms.

The trap? A fake job PDF hiding a remote access tool.

It’s been active—undetected—since March.

Read → https://thehackernews.com/2025/10/north-korean-hackers-lure-defense.html

The Hacker News

23 October 2025 13:36

From crypto fines to malware & data leaks — the week’s biggest cyber hits:

🇨🇦 Cryptomus fined $176M
🛰️ Starlink scam crackdown
🤖 AI vuln in Oat++ MCP
📧 Tykit phishing campaign

.... 15+ more important news stories.

Read the latest #ThreatsDay Bulletin 👇 https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html

The Hacker News

23 October 2025 13:22

In this 20-minute session, learn how to harden your images, secure dependencies, and lock down your CI/CD pipeline against real-world supply chain attacks.

📅 Tuesday, Oct 28 | 8 AM PST | 11 AM EST

🎥 Register Now ↓ https://thn.news/secure-stack-webinar

The Hacker News

23 October 2025 07:49

🚨 New Adobe Commerce flaw (CVE-2025-54236, CVSS 9.1) under active attack.

Over 250 exploit attempts in 24 hours—mostly on unpatched Magento sites.

PoC is public. Patch now.

Details → https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html

The Hacker News

22 October 2025 19:30

⚠️ An Iranian hacking group used a real email account to plant a new backdoor in 100+ Middle East government networks.

They sent it through real diplomatic inboxes — and it worked.

Read ↓ https://thehackernews.com/2025/10/iran-linked-muddywater-targets-100.html

The Hacker News

22 October 2025 16:24

🚨 Developers, check your NuGet packages.

A fake NuGet package “Netherеum.All” — spelled with a Cyrillic ‘e’ — was stealing wallet keys from Ethereum .NET projects.

It even faked 11.7M downloads to look real.

Full story ↓ https://thehackernews.com/2025/10/fake-nethereum-nuget-package-used.html

The Hacker News

22 October 2025 15:20

Your cloud might flag the same issue across five tools — XDR, CSPM, SIEM, CMDB, and more.

Each reports it differently. None resolve it.

That’s the real challenge: detection is easy; remediation isn’t.

Learn how Pentera Resolve turns alerts into action → https://thehackernews.com/2025/10/bridging-remediation-gap-introducing.html

The Hacker News

22 October 2025 14:21

🔒 8-character passwords are dead.
💀 Hackers crack “P@ssw0rd!” in months.
🔡 The fix isn’t symbols — it’s length.

16 simple letters beat any complex mix.
Use words, not symbols.

Why your policy still fails ↓ https://thehackernews.com/2025/10/why-you-should-swap-passwords-for.html

The Hacker News

22 October 2025 11:00

🚨 PassiveNeuron is still active.

Hackers are breaking in through Microsoft SQL servers, planting custom malware (Neursite & NeuralExecutor), and even using GitHub to hide their command servers — a rare move in state-level spying.

Full story → https://thehackernews.com/2025/10/researchers-identify-passiveneuron-apt.html

The Hacker News

22 October 2025 06:40

🚨 TP-Link’s Omada gateways just got hit with four major security flaws — two can let hackers run commands without logging in.

A remote attacker could take full control — no password needed.

Patch now. Details ↓ https://thehackernews.com/2025/10/tp-link-patches-four-omada-gateway.html

The Hacker News

27 October 2025 09:56

Qilin ransomware just got smarter.

It’s hitting Windows and Linux together, wiping Veeam backups, and using a vulnerable driver to shut down security tools — all in one strike.

Over 100 victims in June alone.

Full story ↓ https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html

The Hacker News

24 October 2025 20:38

🚨 194,000 fake sites. $1B stolen.

The Smishing Triad is posing as USPS, banks, and toll services — all hosted on U.S. clouds to stay invisible.

Next target: brokerage accounts.

Full report ↓ https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html

The Hacker News

24 October 2025 16:02

India’s BOSS Linux systems are under silent attack.

A Pakistan-linked group just dropped a new Golang RAT — DeskRAT — hidden inside fake government PDFs.

It sticks around with 4 persistence tricks and steals files through WebSockets.

Read ↓ https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html

The Hacker News

24 October 2025 12:11

Your SOC passed every test.
But your people? Failed the real one.

Modern AEV tools prove your defenses work —
until humans enter the equation.

The next frontier of validation isn’t technical.
It’s behavioral ↓ https://thehackernews.com/expert-insights/2025/10/beyond-tools-why-testing-human.html

The Hacker News

24 October 2025 09:01

🚨 GlassWorm hits VS Code extensions — 14 infected builds, ~35K installs since Oct 17 2025.

It steals dev creds, drains crypto wallets, turns machines into bots — and auto-updates itself.

Read ↓ https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html

The Hacker News

23 October 2025 16:35

📢 WEBINAR ALERT!

You can’t secure what you can’t see. AI agents are spreading fast — unseen, unmanaged & risky.

Join this free #cybersecurity session to learn how leading security teams are regaining control & speed.

🗓️ 27 Oct, 2025

🔗 Watch This ↓ https://thehackernews.com/2025/10/secure-ai-at-scale-and-speed-learn.html

The Hacker News

23 October 2025 13:35

🚨 Static secrets are fading fast.

Teams using managed identities cut 95% of credential hassle—yet hidden API keys still lurk in legacy systems.

The fix? Run NHI discovery to find every key, then migrate 70–80% to managed identities.

Your roadmap ↓ https://thehackernews.com/2025/10/why-organizations-are-abandoning-static.html

The Hacker News

23 October 2025 09:53

🎁 Hackers found a new jackpot — cloud gift cards.

A group called Jingle Thief broke into retail cloud systems and quietly issued fake gift cards for months, hiding inside Microsoft 365 accounts.

Full story ↓ https://thehackernews.com/2025/10/jingle-thief-hackers-exploit-cloud.html

The Hacker News

23 October 2025 07:38

🚨 CISA just warned about a critical bug in Motex Lanscope (CVE-2025-61932).

Hackers can take control of systems by sending one malicious packet.

It’s already being used in real attacks.

Fix it before Nov 12 ↓ https://thehackernews.com/2025/10/critical-lanscope-endpoint-manager-bug.html

The Hacker News

22 October 2025 18:57

🔴 A fake “Zoom meeting” from Ukraine’s President’s Office just hacked aid workers. The CAPTCHA wasn’t real — it opened a live remote shell through WebSocket.

A one-day domain. Six months of setup. Russian servers behind it.

The trojan’s still active ↓ https://thehackernews.com/2025/10/ukraine-aid-groups-targeted-through.html

The Hacker News

22 October 2025 16:21

Which Industries Are Most at Risk for DDoS Attacks?

While DDoS attacks can hit any organization, some industries face far higher risk—and potentially greater impact when they do.

The latest DDoS Resiliency Score (DRS) report ranks the industries most frequently targeted and explains why.

Here's the list of the highest risk sectors. For the full list of industries, see here - https://thn.news/ddos-risk-map

Highest-risk sectors:
💰 Financial Services – Targets of hacktivism and extortion-driven outages.
⚡ Energy – At risk from politically or state-backed disruptions.
🏛️ Government – Frequent hacktivist targets, especially around elections.
🌐 Telecom – Increasingly hit by ransom-based attacks.
🎮 Gaming & Gambling – Vulnerable to extortion and competitive disruption.
💻 SaaS & Software – Susceptible to DDoS that erodes customer trust.

The Hacker News

22 October 2025 15:00

Hackers linked to China exploited a “patched” Microsoft SharePoint flaw to break into networks across four continents.

It wasn’t just spying — they found a way to bypass the patch that fixed a previous bypass.

Symantec warns the campaign is still spreading.

Read → https://thehackernews.com/2025/10/chinese-threat-actors-exploit-toolshell.html

The Hacker News

22 October 2025 11:08

🤖 Nearly 40% of alerts still go unseen.

AI-SOCs now handle triage, cut false positives, and alert teams with full context. But as Shahar Ben-Hador explains — outsource or not, you still own the breach.

$30K vs $100K+… here’s who should switch ↓ https://thehackernews.com/expert-insights/2025/10/what-happens-to-mssps-and-mdrs-in-age.html

The Hacker News

22 October 2025 09:10

A tiny Rust bug just broke thousands of builds.

It’s called TARmageddon (CVE-2025-62518) — a flaw in the async-tar library that lets attackers slip hidden files inside nested TAR archives.

Unpatched since 2023, developers are now racing to fix it ↓ https://thehackernews.com/2025/10/tarmageddon-flaw-in-async-tar-rust.html

The Hacker News

21 October 2025 21:52

Every new AI tool in your SOC adds another way in for attackers.

The defender might now be the weak spot.

AI agents are making decisions on their own — and trust just became an identity problem.

Learn how to secure them before someone else does → https://thehackernews.com/2025/10/securing-ai-to-benefit-from-ai.html