News
Entertainment
Science & Technology
Sport
Business & Money
Life
Culture & Art
Hobbies
4 | Follower
The Hacker News
12.08.2025
Cyber threats are moving fast—one unpatched vulnerability could turn secure systems into costly breaches.
Erlang/OTP SSH flaw CVE-2025-32433 exploited since May 2025, targeting key industries via OT networks.
Refined exposure management cuts remediation by 96%, aligning security with business priorities for stronger, efficient protection.
New 2TETRA:2BURST flaws expose TETRA networks to injection, replay, and brute-force risks. Critical for public safety.
11.08.2025
WinRAR 7.13 fixes CVE-2025-8088 zero-day exploited in attacks on Russian firms, linked to Paper Werewolf.
Researchers found ReVault flaws in Dell ControlVault3 affecting 100+ laptop models, risking login bypass and key theft.
Microsoft patches CVE-2025-49760 Windows RPC flaw enabling spoofing, hash theft, and privilege escalation.
SafeBreach found four Windows DoS flaws via RPC and LDAP, enabling stealth DDoS botnets. Microsoft patched in 2025.
10.08.2025
Researchers bypass GPT-5 guardrails using narrative jailbreaks, exposing AI agents to zero-click data theft risks.
Lenovo webcam flaws let attackers deploy remote BadUSB exploits, risking keystroke injection and persistent malware.
09.08.2025
Leaked credentials caused 22% of 2024 breaches, with a 160% rise in 2025, highlighting urgent detection needs.
Vault Fault and ReVault flaws in CyberArk, HashiCorp, and Dell expose systems to takeover risks.
AI-powered phishing mimics Brazilian agencies, stealing data and PIX payments; Efimer Trojan targets crypto wallets.
RubyGems and PyPI hit by credential-stealing packages targeting automation and crypto users, prompting new security rules.
08.08.2025
Cursor patched a critical RCE flaw in its AI code editor that exposed devs to silent attacks.
Trend Micro flaws let attackers run code remotely on Apex One systems; on-premise users must apply fixes now.
TikTok Shop users are targeted in a phishing and malware campaign using 15,000 fake sites. Data and crypto thefts surge.
SocGholish malware spreads via fake updates, impacting major threat actors through TDS systems and JavaScript loaders.
ECS agent on EC2 exposes IAM credentials to containers, risking cross-task access without proper isolation.
Google fixed 6 Android flaws, including 3 exploited Qualcomm bugs, raising spyware concerns. Users urged to update.
Microsoft warns of CVE-2025-53786 in Exchange Server risking cloud identity abuse; admins urged to patch.
CISA lists 3 D-Link flaws in KEV catalog; active exploits affect video devices. Agencies must act by Aug 26.
Everyone's an IT decision-maker now. Here's how to keep your organization safe in the world of Shadow IT.
SOC teams using ANY.RUN report 3x faster response and 50% less workload by automating triage and enabling live threat analysis.
ClickFix malware replaced ClearFake in 2024, infecting users via fake CAPTCHAs and trusted platforms.
Akira ransomware exploits SonicWall SSL VPNs in July 2025, prompting zero-day probe and urgent mitigations.
Fake apps from VexTrio on Apple and Google stores mislead users, steal data, and charge hidden fees.
This week’s threats don’t shout — they blend in, borrow trust, and drain wallets.
Attackers used 11 Go and 2 npm packages to spread malware across platforms, putting open-source developers at risk.
Axis camera flaws allow remote code execution and access to 6,500 systems, risking surveillance takeovers.
Microsoft unveils AI system Project Ire to automate malware detection, reducing analyst workload and boosting accuracy.
NVIDIA Triton bugs let remote attackers hijack AI servers—AI models and data at risk. Patch now.
Malicious PyPI packages, repo hijacks, and CVEs in Python containers put devs at risk. Learn how to stay secure.
GreedyBear used 150+ fake browser extensions to steal $1M in crypto, showing evolving cybercrime tactics.
New Android malware PlayPraetor infects 11,000+ devices, targeting banking users via fake Play Store links.
vCISO adoption surged 319% in one year as SMB demand and AI integration transform cybersecurity delivery.
Ukraine’s CERT-UA warns of UAC-0099 and Gamaredon phishing attacks using custom malware and social lures.
MITM attacks silently steal data from users via spoofed networks and weak encryption. Learn how to stop them.
PXA Stealer infects 4,000+ IPs, stealing 200K passwords via Telegram, affecting users and firms globally.
AI transforms Pentera’s testing platform, enabling real-time, intent-driven validation for 1,200+ enterprises.