Mobile-focused phishing using SEO poisoning and fake portals hit payroll systems in May 2025, rerouting salaries and evading detection via home router

The Hacker News

28.05.2025

AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale

23.7M secrets were exposed on GitHub in 2024—driven by AI agent sprawl and poor NHI governance.

The Hacker News

28.05.2025

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

Void Blizzard targeted over 20 NGOs using credential phishing via fake Entra logins, exfiltrating sensitive cloud data.

The Hacker News

28.05.2025

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Malware campaign exploits exposed Docker APIs to mine Dero, spread worm-like, and persist in containers.

The Hacker News

27.05.2025

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

60 npm packages and VS Code extensions deployed sandbox-evasive malware to steal system data, developer credentials, and crypto wallets.

The Hacker News

27.05.2025

⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs

From TikTok malware drops to zero-day exploits, this week’s roundup is packed with critical intel.

The Hacker News

27.05.2025

Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign

Luna Moth uses spoofed IT domains and callback phishing to access law firm data, bypassing detection with legitimate tools.

The Hacker News

27.05.2025

CISO's Guide To Web Privacy Validation And Why It's Important

70% of US sites drop ad cookies despite opt-outs, risking fines and distrust; real-time validation prevents this

The Hacker News

27.05.2025

Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents

TAG-110 abandoned HTA-based payloads in January 2025, using macro-enabled Word templates to target Tajik institutions.

The Hacker News

25.05.2025

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Winos 4.0 malware campaign active since Feb 2025 uses fake installers, Catena loader, and AV evasion tactics.

The Hacker News

24.05.2025

300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide

Operation Endgame dismantled 300 servers and seized €3.5M crypto, disrupting ransomware access networks globally.

The Hacker News

24.05.2025

SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection

SafeLine WAF delivers 99.45% threat detection via semantic analysis + full self-hosted control + zero subscription fees.

The Hacker News

24.05.2025

Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique

Latrodectus malware evades detection with ClickFix technique; TikTok and fake Ledger apps expand threat reach.

The Hacker News

24.05.2025

ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices

ViciousTrap exploited CVE-2023-20118 to hijack 5,300 routers, building a honeypot-style spy network.

The Hacker News

23.05.2025

Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts

Three critical Versa Concerto flaws disclosed after 90 days allow remote code execution via reverse proxy misconfigurations.

The Hacker News

23.05.2025

Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program

New laws demand provable cybersecurity programs. Learn how CIS Controls and tools help meet legal, scalable standards.

home›The Hacker News›Software

The Hacker News - Software

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care

U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch

From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore

How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds

Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File

Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack

Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs

Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign

CISO's Guide To Web Privacy Validation And Why It's Important

Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide

SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection

Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique

ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices

Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts

Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program

home
›
The Hacker News
›
Software

AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale