Forwarded from The Hacker News
⚠️ Two big cyber hits making waves:
🇷🇺 COLDRIVER hackers are tricking people with fake CAPTCHAs to drop a stealthy PowerShell backdoor that steals files and hides its tracks.
💥 At the same time, Bearlyfy ransomware is tearing through Russian companies—30+ victims so far, ransoms reaching €80K.
Full story → https://thehackernews.com/2025/09/new-coldriver-malware-campaign-joins-bo.html
🇷🇺 COLDRIVER hackers are tricking people with fake CAPTCHAs to drop a stealthy PowerShell backdoor that steals files and hides its tracks.
💥 At the same time, Bearlyfy ransomware is tearing through Russian companies—30+ victims so far, ransoms reaching €80K.
Full story → https://thehackernews.com/2025/09/new-coldriver-malware-campaign-joins-bo.html
Forwarded from The Hacker News
🚨 Two fresh phishing campaigns, one big warning:
🇺🇦 Hackers posing as Ukraine’s National Police use SVG attachments to launch a chain that steals passwords & mines crypto.
🇻🇳 Another crew lures victims with fake copyright notices, ending in PureRAT backdoors for full remote control.
Full story → https://thehackernews.com/2025/09/researchers-expose-svg-and-purerat.html
🇺🇦 Hackers posing as Ukraine’s National Police use SVG attachments to launch a chain that steals passwords & mines crypto.
🇻🇳 Another crew lures victims with fake copyright notices, ending in PureRAT backdoors for full remote control.
Full story → https://thehackernews.com/2025/09/researchers-expose-svg-and-purerat.html
Forwarded from The Hacker News
🚨 CISA: Hackers exploited GeoServer CVE-2024-36401 RCE to breach a U.S. federal agency on July 11, 2024—moving laterally across servers and deploying China Chopper web shells & LotL tools.
Full advisory → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#geoserver-hole-exploited
Full advisory → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#geoserver-hole-exploited
Forwarded from The Hacker News
🚨 China-linked cyber groups are upgrading their weapons:
• PlugX: hides in the Mobile Popup app, decrypts payloads in memory with XOR-RC4-RtlDecompressBuffer, packs a keylogger.
• Bookworm: slips shellcode in UUID strings to dodge detection.
Full story → https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html
• PlugX: hides in the Mobile Popup app, decrypts payloads in memory with XOR-RC4-RtlDecompressBuffer, packs a keylogger.
• Bookworm: slips shellcode in UUID strings to dodge detection.
Full story → https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html
Forwarded from The Hacker News
🚨 First real-world MCP server backdoor spotted!
A fake npm package postmark-mcp silently BCC’d every email to an attacker—over 1,600 downloads before removal.
⚠️ One line of code. Thousands of stolen emails.
Read now → https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html
A fake npm package postmark-mcp silently BCC’d every email to an attacker—over 1,600 downloads before removal.
⚠️ One line of code. Thousands of stolen emails.
Read now → https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html
Forwarded from The Hacker News
🚨 Microsoft warns — Hackers used LLM-generated code to hide malware in an SVG file disguised as a business dashboard, bypassing defenses with self-addressed emails + invisible scripts.
Details → https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html
Details → https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html
Forwarded from The Hacker News
🕵️♀️ Missed the action? Hackers didn’t rest—neither should you.
See the key security stories you might have missed.
Check full recap → https://thehackernews.com/2025/09/weekly-recap-cisco-0-day-record-ddos.html
See the key security stories you might have missed.
Check full recap → https://thehackernews.com/2025/09/weekly-recap-cisco-0-day-record-ddos.html
Forwarded from The Hacker News
🚨 SOCs are drowning: 40% of security alerts go uninvestigated, and 61% of the ones ignored later turn out to be critical.
Teams face 3,000+ daily alerts and 70-minute investigations—far slower than the 48 minutes attackers need to compromise.
Read → https://thehackernews.com/2025/09/the-state-of-ai-in-soc-2025-insights.html
Teams face 3,000+ daily alerts and 70-minute investigations—far slower than the 48 minutes attackers need to compromise.
Read → https://thehackernews.com/2025/09/the-state-of-ai-in-soc-2025-insights.html
Forwarded from The Hacker News
🚨 EvilAI is live and global: Malware hidden inside “legit” AI & productivity apps is quietly invading manufacturing, healthcare, gov & tech across 🇮🇳 🇺🇸 🇫🇷 🇧🇷 and more.
🕵️♂️ Uses real code-signing certs, AES-encrypted C2, even NeutralinoJS tricks to slip past detection.
Read → https://thehackernews.com/2025/09/evilai-malware-masquerades-as-ai-tools.html
🕵️♂️ Uses real code-signing certs, AES-encrypted C2, even NeutralinoJS tricks to slip past detection.
Read → https://thehackernews.com/2025/09/evilai-malware-masquerades-as-ai-tools.html
Forwarded from The Hacker News
🚨 Linux/Unix alert: CISA just flagged a critical Sudo flaw (CVE-2025-32463, CVSS 9.3) now exploited in the wild.
Attackers can hijack sudo’s --chroot option to run arbitrary commands as root—even if not in sudoers.
Details → https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html
Attackers can hijack sudo’s --chroot option to run arbitrary commands as root—even if not in sudoers.
Details → https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html
Forwarded from The Hacker News
🚨 U.K. police just seized £5.5B ($7.4B) in crypto—the largest Bitcoin confiscation in history.
A Chinese fraudster duped 128,000 victims, laundered funds into 61,000 BTC, and tried to hide in London with fake IDs.
The twist? She was caught buying property.
Full story → https://thehackernews.com/2025/09/uk-police-just-seized-55-billion-in.html
A Chinese fraudster duped 128,000 victims, laundered funds into 61,000 BTC, and tried to hide in London with fake IDs.
The twist? She was caught buying property.
Full story → https://thehackernews.com/2025/09/uk-police-just-seized-55-billion-in.html
Forwarded from The Hacker News
🚨 Shadow AI is exploding inside enterprises. Employees are adopting LLM-powered apps without oversight—creating blind spots, supply chain risks, and data leaks.
Wing Security says traditional defenses can’t keep up. The fix? Real-time discovery + AI supply chain governance.
Read → https://thehackernews.com/2025/09/evolving-enterprise-defense-to-secure.html
Wing Security says traditional defenses can’t keep up. The fix? Real-time discovery + AI supply chain governance.
Read → https://thehackernews.com/2025/09/evolving-enterprise-defense-to-secure.html
Forwarded from The Hacker News
🚨 A new Android banking trojan is here: Datzbro.
It doesn’t just steal logins—it recreates your screen in real time for full device takeover.
Victims? Seniors lured via fake “active trip” groups on Facebook.
Details → https://thehackernews.com/2025/09/new-android-trojan-datzbro-tricking.html
It doesn’t just steal logins—it recreates your screen in real time for full device takeover.
Victims? Seniors lured via fake “active trip” groups on Facebook.
Details → https://thehackernews.com/2025/09/new-android-trojan-datzbro-tricking.html
Forwarded from The Hacker News
🔥 [New] VMware zero-day (CVE-2025-41244) exploited in the wild!
UNC5174 popped root by abusing a regex bug in get_version() — drop /tmp/httpd, open a socket, and you’re root.
Already active since Oct ’24.
Details → https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.html
UNC5174 popped root by abusing a regex bug in get_version() — drop /tmp/httpd, open a socket, and you’re root.
Already active since Oct ’24.
Details → https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.html
Forwarded from The Hacker News
🛠 AI won’t fix your workflows—it might break them.
Learn how top teams actually blend humans + LLMs without over-engineering.
Secure, auditable, scalable.
📅 Join the webinar → https://thehacker.news/ai-automating-cybersecurity
Learn how top teams actually blend humans + LLMs without over-engineering.
Secure, auditable, scalable.
📅 Join the webinar → https://thehacker.news/ai-automating-cybersecurity
Forwarded from The Hacker News
🚨 Microsoft just made Sentinel an agentic SIEM.
Now GA: Sentinel data lake + preview of Graph & MCP server.
AI agents can retro-hunt, trace attack paths & plug into VS Code. From reactive to predictive defense.
Details → https://thehackernews.com/2025/09/microsoft-expands-sentinel-into-agentic.html
Now GA: Sentinel data lake + preview of Graph & MCP server.
AI agents can retro-hunt, trace attack paths & plug into VS Code. From reactive to predictive defense.
Details → https://thehackernews.com/2025/09/microsoft-expands-sentinel-into-agentic.html
Forwarded from The Hacker News
🚨 Google’s Gemini AI had a “Trifecta” of flaws that let attackers steal user data + hijack cloud assets.
The wildest part? Hackers could smuggle prompts inside HTTP headers to make Gemini expose IAM misconfigs & query Cloud APIs on their behalf.
Read → https://thehackernews.com/2025/09/researchers-disclose-google-gemini-ai.html
The wildest part? Hackers could smuggle prompts inside HTTP headers to make Gemini expose IAM misconfigs & query Cloud APIs on their behalf.
Read → https://thehackernews.com/2025/09/researchers-disclose-google-gemini-ai.html
Forwarded from The Hacker News
Containers boost speed and scale, but they also introduce risks that can be overlooked.
In this 30-minute session, we’ll challenge the biggest myths surrounding container security.
Save your spot now: https://thn.news/tech-stack-defense
In this 30-minute session, we’ll challenge the biggest myths surrounding container security.
Save your spot now: https://thn.news/tech-stack-defense
Forwarded from The Hacker News
💡 SOC alert chaos isn’t a volume problem—it’s the model.
Conifers’ CognitiveSOC™ turns raw alerts into context-rich stories: false positives drop, MTTR shrinks from hours → minutes.
More context, less chaos → https://thehackernews.com/2025/09/stop-alert-chaos-context-is-key-to.html
Conifers’ CognitiveSOC™ turns raw alerts into context-rich stories: false positives drop, MTTR shrinks from hours → minutes.
More context, less chaos → https://thehackernews.com/2025/09/stop-alert-chaos-context-is-key-to.html
Forwarded from The Hacker News
🚨 New China-linked hacking group uncovered: Phantom Taurus.
Targets: foreign ministries, embassies, & military ops across Africa, the Middle East, & Asia.
Their weapon? A custom .NET malware suite (NET-STAR) that hijacks IIS servers, timestomps files, & evades AMSI/ETW.
Read → https://thehackernews.com/2025/09/phantom-taurus-new-china-linked-hacker.html
Targets: foreign ministries, embassies, & military ops across Africa, the Middle East, & Asia.
Their weapon? A custom .NET malware suite (NET-STAR) that hijacks IIS servers, timestomps files, & evades AMSI/ETW.
Read → https://thehackernews.com/2025/09/phantom-taurus-new-china-linked-hacker.html
Forwarded from The Hacker News
🔥 A $50 hardware hack just broke Intel SGX & AMD SEV-SNP—the backbone of confidential cloud computing.
Researchers built a cheap DDR4 interposer that slips past trust checks, then flips a switch to rewrite encrypted memory on the fly.
The kicker? Fixing it would require redesigning memory encryption itself.
Details → https://thehackernews.com/2025/10/50-battering-ram-attack-breaks-intel.html
Researchers built a cheap DDR4 interposer that slips past trust checks, then flips a switch to rewrite encrypted memory on the fly.
The kicker? Fixing it would require redesigning memory encryption itself.
Details → https://thehackernews.com/2025/10/50-battering-ram-attack-breaks-intel.html