News

Breaking News

Entertainment

Movies & Series

Music

Science & Technology

Sport

Business & Money

Education & Personal Development

Life

Culture & Art

Hobbies

News

Entertainment

Science & Technology

Sport

Business & Money

Education & Personal Development

Life

Culture & Art

Hobbies

home
›
The Hacker News
›
Software

The Hacker News - Software

4 | Follower

The Hacker News

10.05.2025

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

OtterCookie v4 adds VM evasion and MetaMask theft in April 2025, signaling rapid malware evolution.

The Hacker News

10.05.2025

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Malicious npm packages targeting Cursor macOS users stole credentials and disabled updates, impacting 3,200+ downloads.

The Hacker News

10.05.2025

BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation

Dutch and U.S. law enforcement have dismantled a long-running criminal proxy botnet powered by over 7,000 infected IoT and end-of-life (EoL) devices

The Hacker News

10.05.2025

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

German police seized eXch on April 30, confiscating €34M in crypto over $1.9B laundering links.

The Hacker News

10.05.2025

Beyond Vulnerability Management – Can You CVE What I CVE?

Over 1.3M security issues across 68K assets expose CVE overload + inefficiency in patching response.

The Hacker News

10.05.2025

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection

Google fined $1.375B by Texas for secretly tracking location and biometric data without user consent.

The Hacker News

10.05.2025

Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

AI agents pose real threats like data leaks and misuse—Auth0's webinar shares how to secure them fast.

The Hacker News

10.05.2025

Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

Brazil-targeted phishing abuses RMM trialware via NF-e lures + Dropbox links, enabling stealth access

The Hacker News

09.05.2025

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

Google’s AI scam defenses now block 20x more malicious pages, cutting airline and visa scams by 80%+ in 2024.

The Hacker News

09.05.2025

Security Tools Alone Don't Protect You — Control Effectiveness Does

61% of orgs suffered breaches despite 43 tools; misconfigured controls + lack of validation fuel failure.

The Hacker News

09.05.2025

38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

FreeDrain exploited SEO and free hosting to run 38,000+ phishing pages stealing crypto wallets since 2022.

The Hacker News

09.05.2025

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

SonicWall fixes 3 critical SMA 100 flaws enabling root-level remote code execution via SSL-VPN access.

The Hacker News

09.05.2025

MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware

MirrorFace deployed ROAMINGMOUSE and updated ANEL malware in March 2025 to target Japan and Taiwan's government systems

The Hacker News

09.05.2025

Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures

Qilin ransomware led April 2025 with 45 data leaks, driven by NETXLOADER’s stealthy malware delivery method.

The Hacker News

09.05.2025

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.

The Hacker News

08.05.2025

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

SysAid fixed 4 critical pre-auth flaws in March 2025; chained bugs allow full admin access and RCE.

The Hacker News

08.05.2025

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

Play ransomware exploited CVE-2025-29824 zero-day in a U.S. breach before Microsoft patched it

The Hacker News

08.05.2025

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Cisco fixes CVE-2025-20188, a 10.0 CVSS flaw tied to hardcoded JWT in wireless controllers, preventing root-level remote exploits.

The Hacker News

08.05.2025

Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection

SSEs lack visibility into browser activity—missing GenAI data leaks, identity misuse, and extension risks.

The Hacker News

08.05.2025

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

CVE-2025-27007 exploited in OttoKit WordPress plugin before v1.0.83 enables admin creation without authentication.

The Hacker News

08.05.2025

Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

Europol dismantled six DDoS-for-hire services, arrested four, seized nine domains—disrupting attacks since 2022.

The Hacker News

08.05.2025

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

Russia-linked COLDRIVER uses LOSTKEYS malware via ClickFix lures, targeting advisors, NGOs, and journalists.

The Hacker News

07.05.2025

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

NSO must pay $168M after targeting 1,400+ users via WhatsApp zero-day flaw, court finds illegal spyware use.

The Hacker News

07.05.2025

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

PyPI package 'discordpydebug' hides a RAT, downloaded 11,574 times, using stealthy HTTP polling to bypass defenses.

The Hacker News

07.05.2025

Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

Microsoft warns default Helm charts expose Kubernetes apps by prioritizing ease over security, risking data leaks.

The Hacker News

07.05.2025

Entra ID Data Protection: Essential or Overkill?

Microsoft Entra ID faces 600M daily attacks; native protections fall short, making backup vital for recovery.

The Hacker News

07.05.2025

Third Parties and Machine Credentials: The Silent Drivers Behind 2025's Worst Breaches

Third-party breaches doubled to 30% in 2025 + ungoverned machine accounts fueled major attacks + unified identity strategy is critical.

The Hacker News

07.05.2025

Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet

Two critical CVEs exploited in GeoVision IoT and Samsung MagicINFO allow Mirai botnet deployment via RCE.

The Hacker News

07.05.2025

New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims

Reckless and Ruthless Rabbit scams use fake celebrity ads, RDGAs, and cloaking tools to target victims across Eastern Europe since 2022.

The Hacker News

06.05.2025

Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence

Langflow flaw CVE-2025-3248 allows unauthenticated code execution + Patch due May 26 + 466 servers exposed.

The Hacker News

06.05.2025

⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors

Nation-state intrusions. Deepfake-ready malware. AI-powered influence ops. New CVEs, old threats reborn, and spyware with global reach.

The Hacker News

06.05.2025

Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

Google’s May 2025 Android update patches 46 flaws; one critical bug exploited since March via FreeType.

The Hacker News

06.05.2025

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed

CISA adds CVE-2025-34028 to KEV list after real-world exploits, forcing federal patching by May 23.

The Hacker News

06.05.2025

Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi

Zero-click AirPlay vulnerabilities exposed in March 2025 could let malware spread across networks undetected.

The Hacker News

06.05.2025

Perfection is a Myth. Leverage Isn't: How Small Teams Can Secure Their Google Workspace

Stolen credentials remain the top attack vector + Google’s MFA and access controls reduce breach risk + Identity is now the true security perimeter.

The Hacker News

05.05.2025

Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data

Golden Chickens launch TerraStealerV2 and TerraLogger; both still developing but actively steal data via OCX payloads.

The Hacker News

04.05.2025

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

Iranian threat actor Lemon Sandstorm accessed Middle East CNI from 2023–2025 using VPN flaws, web shells, and 8 custom tools.

The Hacker News

04.05.2025

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Malicious Go and PyPI packages use Gmail and wget to exfiltrate data, wipe Linux disks, and hijack crypto credentials.

The Hacker News

03.05.2025

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

Stealth malware MintsLoader delivers GhostWeaver RAT + Evades sandboxes using DGA + Powers data theft via encrypted C2

The Hacker News

03.05.2025

How to Automate CVE and Vulnerability Advisory Response with Tines

Workflow slashes CVE ticketing time by 60% using Tines, CrowdStrike, and ServiceNow for faster action.

home›The Hacker News›Software

The Hacker News - Software

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

Beyond Vulnerability Management – Can You CVE What I CVE?

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection

Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

Security Tools Alone Don't Protect You — Control Effectiveness Does

38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware

Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

Entra ID Data Protection: Essential or Overkill?

Third Parties and Machine Credentials: The Silent Drivers Behind 2025's Worst Breaches

Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet

New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims

Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence

⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors

Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed

Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi

Perfection is a Myth. Leverage Isn't: How Small Teams Can Secure Their Google Workspace

Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

How to Automate CVE and Vulnerability Advisory Response with Tines

home
›
The Hacker News
›
Software