News

Breaking News

Entertainment

Movies & Series

Music

Science & Technology

Sport

Business & Money

Education & Personal Development

Life

Culture & Art

Hobbies

News

Entertainment

Science & Technology

Sport

Business & Money

Education & Personal Development

Life

Culture & Art

Hobbies

home
›
The Hacker News
›
Software

The Hacker News - Software

4 | Follower

The Hacker News

02.08.2025

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown

AI-generated npm package steals Solana wallet funds from 1,500+ users via cross-platform postinstall script.

The Hacker News

02.08.2025

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

Akira ransomware exploits SonicWall SSL VPNs, hitting patched devices. Organizations face risks from possible zero-day flaw.

The Hacker News

02.08.2025

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

Hackers used fake Microsoft OAuth apps to target 3,000+ accounts across 900 environments in 2025.

The Hacker News

02.08.2025

Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection

Critical flaw in Cursor AI editor let attackers execute remote code via Slack and GitHub—fixed in v1.3 update.

The Hacker News

02.08.2025

You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them

Legacy data is limiting SOC AI effectiveness, leaving defenders vulnerable as attackers optimize with AI.

The Hacker News

02.08.2025

Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks

Storm-2603 exploits Microsoft SharePoint flaws to deploy dual ransomware in APAC and Latin America.

The Hacker News

01.08.2025

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

UNC4899 used job lures and cloud exploits to breach two firms, steal crypto, and embed malware in open source.

The Hacker News

01.08.2025

Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies

Russian APT Secret Blizzard uses ISP-level AitM attacks to deploy ApolloShadow malware on embassy devices in Moscow.

The Hacker News

01.08.2025

Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs

SOCs face alert overload and rising costs as SIEMs struggle with cloud complexity and false positives.

The Hacker News

01.08.2025

Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero

Google unveils DBSC in Chrome and new Project Zero disclosure rules to boost account and patch security.

The Hacker News

01.08.2025

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

China-linked firms behind Silk Typhoon filed patents for cyber tools, revealing links to MSS and offensive hacking ops.

The Hacker News

01.08.2025

AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals

SentinelOne boosts enterprise cyber defense with AI-powered endpoint security, cutting response time and risk across industries.

The Hacker News

01.08.2025

Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials

Threat actors abuse Proofpoint and Intermedia link wrapping to deliver phishing emails and steal Microsoft 365 credentials.

The Hacker News

01.08.2025

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

Decryptor for FunkSec ransomware released as group goes dormant; 172 victims affected across 3 sectors.

The Hacker News

01.08.2025

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Critical RCE flaws in Dahua smart cameras affect 9 models; threat enables device hijack over LAN/Internet.

The Hacker News

01.08.2025

UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud

UNC2891 used a 4G Raspberry Pi and Linux rootkits to breach ATM networks, exposing flaws in banking infrastructure.

The Hacker News

01.08.2025

Product Walkthrough: A Look Inside Pillar's AI Security Platform

Pillar Security unveils full-lifecycle AI platform securing assets from design to runtime—critical for safe AI deployment.

The Hacker News

01.08.2025

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple and Google fix CVE-2025-6558, a zero-day bug in Chrome and Safari risking browser security.

The Hacker News

01.08.2025

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Critical WordPress flaw CVE-2025-5394 lets attackers take over sites using the "Alone" theme. 120K+ attempts blocked.

The Hacker News

01.08.2025

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Malware campaign using Facebook ads and fake crypto apps delivers JSCEAL, targeting credentials and wallets.

The Hacker News

30.07.2025

Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims

Chaos ransomware rises after BlackSuit takedown, hitting U.S. targets with $300K demands and stealthy evasion tactics.

The Hacker News

30.07.2025

How the Browser Became the Main Cyber Battleground

Browser-based identity attacks surge in 2025, targeting SaaS apps and weak credentials across enterprise accounts.

The Hacker News

30.07.2025

Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

Wiz found a critical Base44 flaw letting attackers access private apps via public app_id. Fixed by Wix.

The Hacker News

30.07.2025

Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia's Mobile Networks

A massive mobile malware campaign targets Android and iOS users in Asia, stealing personal data through fake apps.

The Hacker News

30.07.2025

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

JavaScript injection attacks surged in 2024, hitting major brands via Polyfill.io. Learn why frameworks failed.

The Hacker News

30.07.2025

Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure

Recent arrests slowed Scattered Spider, giving businesses a chance to study tactics and boost defenses.

The Hacker News

30.07.2025

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

Phishing emails mimicking PyPI target developers to steal credentials via fake sites. Users urged to stay alert.

The Hacker News

30.07.2025

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

SAP flaw CVE-2025-31324 exploited to deploy Auto-Color malware at U.S. chemicals firm; Linux systems targeted.

The Hacker News

29.07.2025

UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

South Asian threat actor UNG0002 targets sectors in China, Hong Kong, and Pakistan using RATs and LNKs.

The Hacker News

29.07.2025

How to Advance from SOC Manager to CISO?

Learn what it takes to move from SOC to CISO—skills, challenges, and strategic steps for advancement.

The Hacker News

29.07.2025

Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services

Critical NVIDIA vulnerability CVE-2025-23266 impacts 37% of cloud services, allowing privilege escalation and data tampering.

The Hacker News

29.07.2025

Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

DCHSpy Android spyware, linked to Iran's MOIS, mimics VPN and Starlink apps to spy on dissidents.

The Hacker News

29.07.2025

Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate

Modified AllaKore RAT and Ghost Crypt crypter target Mexican entities and global victims for financial fraud.

The Hacker News

29.07.2025

Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices

Google sues 25 Chinese entities over BADBOX 2.0 botnet infecting 10M Android devices, fueling ad fraud.

The Hacker News

29.07.2025

China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure

APT41 targeted African IT services using SharePoint-based C2, custom malware, and credential stealers.

The Hacker News

29.07.2025

Malware Injected into 7 npm Packages After Maintainer Tokens Stolen in Phishing Attack

npm packages hit by phishing-based supply chain attack, exposing developers to malware and remote access threats.

The Hacker News

29.07.2025

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Active SharePoint exploits since July 7 target governments and tech firms globally, risking key theft and persistent access.

The Hacker News

29.07.2025

Ivanti Flaws Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Ivanti ICS flaws exploited from Dec 2024–July 2025 to deploy MDifyLoader, Cobalt Strike, and Go tools.

The Hacker News

29.07.2025

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

Google’s OSS Rebuild checks package builds to stop supply chain attacks in Python, npm, and Rust.

The Hacker News

29.07.2025

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

APT28 targets Ukrainian government officials with a phishing campaign delivering LAMEHUG malware, utilizing Alibaba Cloud’s LLM for data harvesting.

home›The Hacker News›Software

The Hacker News - Software

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection

You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them

Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies

Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs

Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals

Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud

Product Walkthrough: A Look Inside Pillar's AI Security Platform

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims

How the Browser Became the Main Cyber Battleground

Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia's Mobile Networks

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

How to Advance from SOC Manager to CISO?

Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services

Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate

Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices

China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure

Malware Injected into 7 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Ivanti Flaws Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign

home
›
The Hacker News
›
Software