The Hacker News
Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom
Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment.
Join Joseph Carson, Delinea’s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how
Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom
Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment.
Join Joseph Carson, Delinea’s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how
The Hacker News
GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging
The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms.
To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol
GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging
The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms.
To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol
The Hacker News
Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme.
Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been working as a developer for the ransomware gang from 2019
Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme.
Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been working as a developer for the ransomware gang from 2019
The Hacker News
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.
Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.
Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages
The Hacker News
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow.
The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow.
The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all
The Hacker News
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider’s storage security controls and default settings.
“In just the past few months, I have witnessed two different methods for
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider’s storage security controls and default settings.
“In just the past few months, I have witnessed two different methods for
The Hacker News
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source
The Hacker News
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions
Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' actions.
That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and privacy.
"The features available in CSS allow attackers and spammers to track users' actions and
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions
Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' actions.
That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and privacy.
"The features available in CSS allow attackers and spammers to track users' actions and
The Hacker News
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024.
The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024.
The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a
💀 𝐔𝐍𝐃𝐄𝐑𝐆𝐑𝐎𝐔𝐍𝐃 𝐇𝐀𝐂𝐊𝐄𝐑 𝐒𝐄𝐑𝐕𝐈𝐂𝐄 💀
✅ Full Website Database Access / Cloning 🌐
✅ Custom Tools
✅ Credit Card Dumps & Bank Logins 💳💸
✅ Social Media Hacking – FB, IG, Twitter, Snapchat & More 🔥
✅ Android & iPhone Remote Access – Control Any Device 📲
✅ Wi-Fi Disabling & Router Exploits 📡
✅ IP Tracking & Precise Location Finder 🛰️
✅ CCTV & Security Camera Live Access 🎥
✅ Ransomware & Malware Deployment 💀
✅ Bitcoin / Ethereum Wallet Recovery (Or Draining 😉) 💰
✅ Government & Private Database Access 🏛️
✅ Custom Malware & Exploits – Zero-Day Attacks 💻
⚠️ Serious Clients Only – No Free Services ⚠️
💰 Fast, Secure & Anonymous 💰
msg to> @claysecure22
✅ Full Website Database Access / Cloning 🌐
✅ Custom Tools
✅ Credit Card Dumps & Bank Logins 💳💸
✅ Social Media Hacking – FB, IG, Twitter, Snapchat & More 🔥
✅ Android & iPhone Remote Access – Control Any Device 📲
✅ Wi-Fi Disabling & Router Exploits 📡
✅ IP Tracking & Precise Location Finder 🛰️
✅ CCTV & Security Camera Live Access 🎥
✅ Ransomware & Malware Deployment 💀
✅ Bitcoin / Ethereum Wallet Recovery (Or Draining 😉) 💰
✅ Government & Private Database Access 🏛️
✅ Custom Malware & Exploits – Zero-Day Attacks 💻
⚠️ Serious Clients Only – No Free Services ⚠️
💰 Fast, Secure & Anonymous 💰
msg to> @claysecure22
The Hacker News
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure.
The vulnerability, tracked as CVE-2025-24813, affects the below versions -
Apache Tomcat 11.0.0-M1 to 11.0.2
Apache Tomcat 10.1.0-M1 to 10.1.34
Apache Tomcat 9.0.0-M1 to 9.0.98
It concerns a
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure.
The vulnerability, tracked as CVE-2025-24813, affects the below versions -
Apache Tomcat 11.0.0-M1 to 11.0.2
Apache Tomcat 10.1.0-M1 to 10.1.34
Apache Tomcat 9.0.0-M1 to 9.0.98
It concerns a
💀 𝐔𝐍𝐃𝐄𝐑𝐆𝐑𝐎𝐔𝐍𝐃 𝐇𝐀𝐂𝐊𝐄𝐑 𝐒𝐄𝐑𝐕𝐈𝐂𝐄 💀
✅ Full Website Database Access / Cloning 🌐
✅ Custom Tools
✅ Credit Card Dumps & Bank Logins 💳💸
✅ Social Media Hacking – FB, IG, Twitter, Snapchat & More 🔥
✅ Android & iPhone Remote Access – Control Any Device 📲
✅ Wi-Fi Disabling & Router Exploits 📡
✅ IP Tracking & Precise Location Finder 🛰️
✅ CCTV & Security Camera Live Access 🎥
✅ Ransomware & Malware Deployment 💀
✅ Bitcoin / Ethereum Wallet Recovery (Or Draining 😉) 💰
✅ Government & Private Database Access 🏛️
✅ Custom Malware & Exploits – Zero-Day Attacks 💻
⚠️ Serious Clients Only – No Free Services ⚠️
💰 Fast, Secure & Anonymous 💰
msg to> @claysecure22
✅ Full Website Database Access / Cloning 🌐
✅ Custom Tools
✅ Credit Card Dumps & Bank Logins 💳💸
✅ Social Media Hacking – FB, IG, Twitter, Snapchat & More 🔥
✅ Android & iPhone Remote Access – Control Any Device 📲
✅ Wi-Fi Disabling & Router Exploits 📡
✅ IP Tracking & Precise Location Finder 🛰️
✅ CCTV & Security Camera Live Access 🎥
✅ Ransomware & Malware Deployment 💀
✅ Bitcoin / Ethereum Wallet Recovery (Or Draining 😉) 💰
✅ Government & Private Database Access 🏛️
✅ Custom Malware & Exploits – Zero-Day Attacks 💻
⚠️ Serious Clients Only – No Free Services ⚠️
💰 Fast, Secure & Anonymous 💰
msg to> @claysecure22
The Hacker News
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data.
The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data.
The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored
💀 𝐔𝐍𝐃𝐄𝐑𝐆𝐑𝐎𝐔𝐍𝐃 𝐇𝐀𝐂𝐊𝐄𝐑 𝐒𝐄𝐑𝐕𝐈𝐂𝐄 💀
✅ Full Website Database Access / Cloning 🌐
✅ Custom Tools
✅ Credit Card Dumps & Bank Logins 💳💸
✅ Social Media Hacking – FB, IG, Twitter, Snapchat & More 🔥
✅ Android & iPhone Remote Access – Control Any Device 📲
✅ Wi-Fi Disabling & Router Exploits 📡
✅ IP Tracking & Precise Location Finder 🛰️
✅ CCTV & Security Camera Live Access 🎥
✅ Ransomware & Malware Deployment 💀
✅ Bitcoin / Ethereum Wallet Recovery (Or Draining 😉) 💰
✅ Government & Private Database Access 🏛️
✅ Custom Malware & Exploits – Zero-Day Attacks 💻
⚠️ Serious Clients Only – No Free Services ⚠️
💰 Fast, Secure & Anonymous 💰
msg to> @claysecure22
✅ Full Website Database Access / Cloning 🌐
✅ Custom Tools
✅ Credit Card Dumps & Bank Logins 💳💸
✅ Social Media Hacking – FB, IG, Twitter, Snapchat & More 🔥
✅ Android & iPhone Remote Access – Control Any Device 📲
✅ Wi-Fi Disabling & Router Exploits 📡
✅ IP Tracking & Precise Location Finder 🛰️
✅ CCTV & Security Camera Live Access 🎥
✅ Ransomware & Malware Deployment 💀
✅ Bitcoin / Ethereum Wallet Recovery (Or Draining 😉) 💰
✅ Government & Private Database Access 🏛️
✅ Custom Malware & Exploits – Zero-Day Attacks 💻
⚠️ Serious Clients Only – No Free Services ⚠️
💰 Fast, Secure & Anonymous 💰
msg to> @claysecure22
The Hacker News
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem.
This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem.
This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in
The Hacker News
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL.
The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL.
The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in
The Hacker News
How to Improve Okta Security in Four Steps
While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts.
Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this
How to Improve Okta Security in Four Steps
While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts.
Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this
The Hacker News
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks.
"The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks.
"The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with
The Hacker News
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions.
The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity.
"A local or remote attacker can exploit the vulnerability by accessing the
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions.
The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity.
"A local or remote attacker can exploit the vulnerability by accessing the
The Hacker News
Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security
Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion.
"This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today.
It added the acquisition, which is
Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security
Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion.
"This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today.
It added the acquisition, which is
The Hacker News
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.
The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.
The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden