News

Breaking News

Entertainment

Movies & Series

Music

Science & Technology

Sport

Business & Money

Education & Personal Development

Life

Culture & Art

Hobbies

News

Entertainment

Science & Technology

Sport

Business & Money

Education & Personal Development

Life

Culture & Art

Hobbies

home
›
The Hacker News
›
Software

The Hacker News - Software

4 | Follower

The Hacker News

19.04.2025

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

Smishing kits by Wang Duo Yu enabled toll fraud in 8 U.S. states since Oct 2024, stealing user data via fake E-ZPass pages.

The Hacker News

19.04.2025

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

Multi-stage phishing attack in Dec 2024 used .JSE, PowerShell, and AutoIt to deliver Agent Tesla.

The Hacker News

19.04.2025

[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach

AI use in SaaS tools bypasses security controls, creating shadow integrations and real breach risks.

The Hacker News

18.04.2025

Blockchain Offers Security Benefits – But Don't Neglect Your Passwords

Blockchain reduces breach risks by removing central databases, but energy use and legal gaps remain.

The Hacker News

18.04.2025

Artificial Intelligence – What's all the fuss?

AI-powered threats escalate: 25M fraud via voice cloning + state use of ChatGPT in cyberattacks.

The Hacker News

18.04.2025

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Malicious crypto installers using Node.js since Oct 2024 evade Microsoft Defender via PowerShell and DLLs, enabling stealthy data theft.

The Hacker News

18.04.2025

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

CVE-2025-32433 in Erlang SSH scores 10.0 CVSS, enables unauthenticated code execution on telecom and IoT systems.

The Hacker News

18.04.2025

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

XorDDoS malware targeted 71.3% of U.S. systems in latest wave; Docker, IoT, and Linux bots fuel rise.

The Hacker News

18.04.2025

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

Mustang Panda uses StarProxy, SplatCloak, and updated TONESHELL to breach Myanmar target undetected.

The Hacker News

18.04.2025

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

ClickFix malware tactic used by Iran, Russia, and North Korea from Nov 2024–Feb 2025 replaces payload delivery in major phishing campaigns.

The Hacker News

18.04.2025

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

Windows flaw CVE-2025-24054 actively exploited since March 19 to leak NTLM hashes via phishing attacks.

The Hacker News

17.04.2025

Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

Google blocked 5.1B bad ads and suspended 39.2M advertiser accounts in 2024 using AI to fight scams.

The Hacker News

17.04.2025

New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks

BPFDoor malware’s new controller enables firewall-bypassing shell access + lateral movement in 2024 attacks.

The Hacker News

17.04.2025

From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains

Change Healthcare breach exposed 6TB of patient data via weak MFA, disrupting critical operations.

The Hacker News

17.04.2025

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

Apple fixed 2 exploited flaws in iOS 18.4.1, one flagged by Google TAG, urging urgent updates.

The Hacker News

17.04.2025

New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs

Four Windows Task Scheduler flaws allow attackers to bypass UAC, gain SYSTEM access, and erase logs.

The Hacker News

17.04.2025

CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

CVE-2021-20035 added to CISA KEV list due to active exploitation; agencies must patch by May 7.

The Hacker News

17.04.2025

Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins

AI-based Gamma used in phishing to mimic Microsoft logins, bypass detection, and steal credentials.

The Hacker News

17.04.2025

Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense

80% of SaaS breaches stem from identity misconfigurations—Wing maps threats to stop attacks early.

The Hacker News

16.04.2025

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

Malware-laced SHOWJI phones shipped with fake WhatsApp, stealing $1.6M in crypto via address swaps.

The Hacker News

16.04.2025

U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert

CVE funding ends April 16, risking delays in vulnerability tracking, advisories, and cyber response tools.

The Hacker News

16.04.2025

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

UNC5174 uses SNOWLIGHT and VShell to target Linux and macOS systems, exploiting Ivanti flaws for remote control.

The Hacker News

16.04.2025

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

North Korea’s Slow Pisces used LinkedIn lures in 2025 to drop RN Stealer malware on crypto developers.

The Hacker News

16.04.2025

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

99% of employees use browser extensions + 53% access sensitive data + exposing entire organizations to risk.

The Hacker News

16.04.2025

Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

Malicious PyPI package rerouted MEXC crypto orders and exposed API keys, downloaded 1,065 times.

The Hacker News

16.04.2025

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

Apache Roller flaw CVE-2025-24859 keeps sessions active after password changes, risking persistent access.

The Hacker News

15.04.2025

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Precision-validating phishing filters verified emails via real-time checks, boosting credential theft success and evading security analysis.

The Hacker News

15.04.2025

ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

ResolverRAT targets healthcare and pharma via localized phishing; uses advanced stealth tactics to ensure persistence and evade detection.

The Hacker News

15.04.2025

Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

Meta resumes EU AI training using adult public data after regulatory approval, with opt-out option

The Hacker News

15.04.2025

⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

This week's critical cybersecurity recap: breaches before patches, AI weaponization, silent persistence.

The Hacker News

15.04.2025

Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

Hardcoded key flaw in Triofox and CentreStack exploited as zero-day in March, affecting 7 firms.

The Hacker News

15.04.2025

Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind

Attackers use AI to outpace defenders, but SANS' SEC595 course at SANSFIRE 2025 helps teams adapt fast.

The Hacker News

14.04.2025

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

SideCopy hackers adopt MSI staging and launch CurlBack RAT attacks on Indian ministries, oil, and rail sectors.

The Hacker News

12.04.2025

SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps

SpyNote malware disguised as Chrome installs hidden APKs via fake Play Store pages, stealing sensitive Android data.

The Hacker News

12.04.2025

Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways

Palo Alto detects 23,958-IP brute-force surge on GlobalProtect after March 17, urges MFA to mitigate risks.

The Hacker News

12.04.2025

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit

Fortinet warns attackers used symlink exploits to retain access post-patch, prompting urgent FortiOS updates and SSL-VPN mitigations.

The Hacker News

12.04.2025

Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

Paper Werewolf deploys PowerModul in phishing attacks between July and December 2024, expanding espionage with password changes and media file theft.

The Hacker News

12.04.2025

Initial Access Brokers Shift Tactics, Selling More for Less

Initial Access Brokers shift to low-cost, high-volume access sales in 2024, fueling broader, faster cyberattacks.

The Hacker News

11.04.2025

The Identities Behind AI Agents: A Deep Dive Into AI & NHI

AI agents magnify NHI risks by scaling privileged access, Astrix secures identities to prevent breaches.

The Hacker News

11.04.2025

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine

Gamaredon breached a Western military mission on Feb 26, 2025, using upgraded GammaSteel malware and new obfuscation tactics.

home›The Hacker News›Software

The Hacker News - Software

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach

Blockchain Offers Security Benefits – But Don't Neglect Your Passwords

Artificial Intelligence – What's all the fuss?

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks

From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs

CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins

Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps

Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit

Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

Initial Access Brokers Shift Tactics, Selling More for Less

The Identities Behind AI Agents: A Deep Dive Into AI & NHI

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine

home
›
The Hacker News
›
Software