AsyncRAT exploits ConnectWise ScreenConnect via fileless loader, stealing credentials and crypto data, maintaining persistence through fake “Skype Upd

The Hacker News

10.09.2025

From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks

MostereRAT phishing campaign targets Japanese users with advanced evasion tactics, disabling defenses and stealing data.

The Hacker News

10.09.2025

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

Akamai found TOR-based Docker API cryptojacking in Aug 2025, hinting at botnet plans and data theft.

The Hacker News

10.09.2025

RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities

RatOn malware, first seen July 5, 2025, evolves into ATS trojan targeting crypto wallets and Czech banking.

The Hacker News

10.09.2025

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

SAP patches critical NetWeaver and S/4HANA flaws (CVSS 8.1–10.0), preventing code execution, file upload, and data loss.

The Hacker News

10.09.2025

Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks

Axios abuse surged 241% June–August 2025, powering phishing campaigns with 70% success via Microsoft Direct Send.

The Hacker News

10.09.2025

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

Adobe Commerce CVE-2025-54236 allows account takeover; hotfix and WAF deployed to block attacks.

The Hacker News

10.09.2025

How Leading CISOs are Getting Budget Approval

88% of boards see cybersecurity as business risk; continuous validation proves ROI and prevents $5M losses.

The Hacker News

10.09.2025

[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them

Shadow AI Agents multiply unchecked across enterprises today, leaking data and impersonating users, outpacing governance.

The Hacker News

10.09.2025

Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises

Salty2FA phishing kit active since June 2025 bypasses 2FA in US and EU campaigns, fueling enterprise breaches.

The Hacker News

09.09.2025

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

20 npm packages with 2B weekly downloads compromised after maintainer phishing led to crypto-stealing malware.

The Hacker News

09.09.2025

⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

From Drift chaos to zero-days on the loose — this week’s cyber recap has it all. ⚡ Stay sharp, stay patched.

The Hacker News

09.09.2025

45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage

45 domains linked to Salt Typhoon date back to May 2020, revealing ongoing China-backed cyber espionage.

The Hacker News

09.09.2025

You Didn't Get Phished — You Onboarded the Attacker

North Korean hiring fraud surged 220% in 2023, using AI deepfakes to infiltrate companies and steal data.

The Hacker News

09.09.2025

GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms

GPUGate malware uses Google Ads and fake GitHub commits to steal data from IT firms since Dec 2024, bypassing sandboxes and GPU-lacking systems.

The Hacker News

09.09.2025

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies

GitHub compromise led to Drift data breach, impacting 22 companies and prompting Salesloft app suspension.

The Hacker News

07.09.2025

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign

Noisy Bear hit KazMunaiGas in May 2025 via phishing emails, using Aeza Group hosting.

The Hacker News

06.09.2025

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

CastleRAT and CastleLoader, active since March 2025, spread malware via phishing and GitHub repos, enabling data theft.

The Hacker News

06.09.2025

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

CVE-2025-42957 in SAP S/4HANA exploited with CVSS 9.9 severity, enabling full system compromise.

The Hacker News

06.09.2025

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

CVE-2025-53690, a critical Sitecore flaw (CVSS 9.0), exploited since Dec 2024, enables RCE and data theft.

The Hacker News

06.09.2025

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Four npm packages uploaded since Sep 2023 impersonate Flashbots, stealing Ethereum keys and seeds via Telegram

The Hacker News

05.09.2025

GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module

GhostRedirector compromised 65 Windows servers since Aug 2024 using Rungan and Gamshen malware, driving SEO fraud.

The Hacker News

05.09.2025

Automation Is Redefining Pentest Delivery

Automated pentest delivery replaces static reports, cutting weeks off remediation and reducing MTTR through real-time workflows.

home›The Hacker News›Software

The Hacker News - Software

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning

Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms

Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit

SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers

Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity

Cracking the Boardroom Code: Helping CISOs Speak the Language of Business

Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts

Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems

Apple iPhone Air and iPhone 17 Feature A19 Chips With Spyware-Resistant Memory Safety

The Time-Saving Guide for Service Providers: Automating vCISO and Compliance Services

China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations

CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems

AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto

From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

How Leading CISOs are Getting Budget Approval

[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them

Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage

You Didn't Get Phished — You Onboarded the Attacker

GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module

Automation Is Redefining Pentest Delivery

home
›
The Hacker News
›
Software