News

The Hacker News11h
How Breaches Start: Breaking Down 5 Real Vulns
Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses ...
The Hacker News1h
Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools
Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken ...
The Hacker News3h
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Threat actors exploited Craft CMS zero-days CVE-2025-32432 and CVE-2024-58136, compromising 300 of 13,000 vulnerable servers.
The Hacker News6h
It's Time To Rethink Your Security for the AI Era
I'd buttoned things up pretty nicely from a security standpoint, but even so, it would only have taken a vulnerability in an ...
The Hacker News2h
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
Cybercriminals are targeting WooCommerce users with fake patch emails that use IDN homograph spoofing to deliver backdoor malware.
The Hacker News1d
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud ...
The Hacker News2d
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
ToyMaker deploys LAGTOY malware to steal credentials and sell access to CACTUS ransomware groups for double extortion.
The Hacker News2d
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
"In 2023, UNC3782 conducted phishing operations against TRON users and transferred more than $137 million USD worth of assets ...
The Hacker News3d
Why NHIs Are Security's Most Dangerous Blind Spot
Non-Human Identities, for the most part, authenticate using secrets: API keys, tokens, certificates, and other credentials ...
The Hacker News3d
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully ...
The Hacker News3d
Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign
The solution provides 99% discovery and visibility of all users, workloads, and devices across IT, IoT, OT, and IoMT ...
The Hacker News4d
Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware
Lotus Panda breached 6 Southeast Asian organizations using custom tools, browser stealers, and sideloaded malware.