🚨 Microsoft warns — Hackers used LLM-generated code to hide malware in an SVG file disguised as a business dashboard, bypassing defenses with self-addressed emails + invisible scripts.

Details → https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html

🕵️‍♀️ Missed the action? Hackers didn’t rest—neither should you.

See the key security stories you might have missed.

Check full recap → https://thehackernews.com/2025/09/weekly-recap-cisco-0-day-record-ddos.html

🚨 SOCs are drowning: 40% of security alerts go uninvestigated, and 61% of the ones ignored later turn out to be critical.

Teams face 3,000+ daily alerts and 70-minute investigations—far slower than the 48 minutes attackers need to compromise.

Read → https://thehackernews.com/2025/09/the-state-of-ai-in-soc-2025-insights.html

🚨 EvilAI is live and global: Malware hidden inside “legit” AI & productivity apps is quietly invading manufacturing, healthcare, gov & tech across 🇮🇳 🇺🇸 🇫🇷 🇧🇷 and more.

🕵️‍♂️ Uses real code-signing certs, AES-encrypted C2, even NeutralinoJS tricks to slip past detection.

Read → https://thehackernews.com/2025/09/evilai-malware-masquerades-as-ai-tools.html

🚨 Linux/Unix alert: CISA just flagged a critical Sudo flaw (CVE-2025-32463, CVSS 9.3) now exploited in the wild.

Attackers can hijack sudo’s --chroot option to run arbitrary commands as root—even if not in sudoers.

Details → https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html

🚨 U.K. police just seized £5.5B ($7.4B) in crypto—the largest Bitcoin confiscation in history.

A Chinese fraudster duped 128,000 victims, laundered funds into 61,000 BTC, and tried to hide in London with fake IDs.

The twist? She was caught buying property.

Full story → https://thehackernews.com/2025/09/uk-police-just-seized-55-billion-in.html

🚨 Shadow AI is exploding inside enterprises. Employees are adopting LLM-powered apps without oversight—creating blind spots, supply chain risks, and data leaks.

Wing Security says traditional defenses can’t keep up. The fix? Real-time discovery + AI supply chain governance.

Read → https://thehackernews.com/2025/09/evolving-enterprise-defense-to-secure.html

🚨 A new Android banking trojan is here: Datzbro.

It doesn’t just steal logins—it recreates your screen in real time for full device takeover.

Victims? Seniors lured via fake “active trip” groups on Facebook.

Details → https://thehackernews.com/2025/09/new-android-trojan-datzbro-tricking.html

🔥 [New] VMware zero-day (CVE-2025-41244) exploited in the wild!

UNC5174 popped root by abusing a regex bug in get_version() — drop /tmp/httpd, open a socket, and you’re root.

Already active since Oct ’24.

Details → https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.html

🛠 AI won’t fix your workflows—it might break them.

Learn how top teams actually blend humans + LLMs without over-engineering.

Secure, auditable, scalable.

📅 Join the webinar → https://thehacker.news/ai-automating-cybersecurity

🚨 Microsoft just made Sentinel an agentic SIEM.

Now GA: Sentinel data lake + preview of Graph & MCP server.

AI agents can retro-hunt, trace attack paths & plug into VS Code. From reactive to predictive defense.

Details → https://thehackernews.com/2025/09/microsoft-expands-sentinel-into-agentic.html

🚨 Google’s Gemini AI had a “Trifecta” of flaws that let attackers steal user data + hijack cloud assets.

The wildest part? Hackers could smuggle prompts inside HTTP headers to make Gemini expose IAM misconfigs & query Cloud APIs on their behalf.

Read → https://thehackernews.com/2025/09/researchers-disclose-google-gemini-ai.html

Containers boost speed and scale, but they also introduce risks that can be overlooked.

In this 30-minute session, we’ll challenge the biggest myths surrounding container security.

Save your spot now: https://thn.news/tech-stack-defense

💡 SOC alert chaos isn’t a volume problem—it’s the model.

Conifers’ CognitiveSOC™ turns raw alerts into context-rich stories: false positives drop, MTTR shrinks from hours → minutes.

More context, less chaos → https://thehackernews.com/2025/09/stop-alert-chaos-context-is-key-to.html

🚨 New China-linked hacking group uncovered: Phantom Taurus.

Targets: foreign ministries, embassies, & military ops across Africa, the Middle East, & Asia.

Their weapon? A custom .NET malware suite (NET-STAR) that hijacks IIS servers, timestomps files, & evades AMSI/ETW.

Read → https://thehackernews.com/2025/09/phantom-taurus-new-china-linked-hacker.html

🔥 A $50 hardware hack just broke Intel SGX & AMD SEV-SNP—the backbone of confidential cloud computing.

Researchers built a cheap DDR4 interposer that slips past trust checks, then flips a switch to rewrite encrypted memory on the fly.

The kicker? Fixing it would require redesigning memory encryption itself.

Details → https://thehackernews.com/2025/10/50-battering-ram-attack-breaks-intel.html

CISOs are done buying shiny tools.

The new playbook? Threat-Informed Defense—using intel + adversary emulation to prove if your controls actually stop real attacker TTPs.

From poisoned CI/CD pipelines to identity-based API attacks—here’s how to operationalize it ↓ https://thehackernews.com/expert-insights/2025/09/turning-intelligence-into-action-with.html

⚠️ CERT-UA: Hackers are sneaking a new CABINETRAT backdoor into Ukraine via Excel XLL add-ins shared on Signal.

Shellcode is hidden inside a PNG (“Office.png”), launched by excel.exe /e in stealth mode.

Details here → https://thehackernews.com/2025/10/ukraine-warns-of-cabinetrat-backdoor.html

🚨 New Android banking trojan spotted — Klopatra has hijacked 3,000+ devices in Spain & Italy.

It hides with Virbox-grade protection (never seen before in Android malware), uses hidden VNC to drain bank accounts at night—while victims think their phone is off.

Details here → https://thehackernews.com/2025/10/new-android-banking-trojan-klopatra.html

🚨 Attackers are hijacking industrial routers to blast out smishing texts across Europe.

Milesight routers expose an API that lets anyone send SMS without authentication. At least 572 devices remain wide open.

Find details here → https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html

🚨 58% of security pros were told to hide a breach this year — a 38% spike since 2023.

The irony? While execs boast “confidence,” 84% of real attacks slip in through tools already inside your network.

The part no one’s talking about ↓ https://thehackernews.com/2025/10/2025-cybersecurity-reality-check.html