Instant Protection at the API Edge — API Security
APIs are now the beating heart of digital infrastructure. But as they have risen in importance, they’ve also become prime targets for attackers. Complex, often…
Month: September 2025
Hackers Booked Very Little Profit with Widespread npm Supply Chain Attack
A sophisticated npm supply chain attack that surfaced in late August targeted thousands of downstream projects by injecting malicious payloads into popular JavaScript libraries. Initial…
kkRAT Exploits Network Protocols to Exfiltrate Clipboard Data
The threat actor delivers three Remote Access Trojans (RATs)—ValleyRAT, FatalRAT, and a newly discovered RAT dubbed kkRAT—via phishing sites hosted on GitHub Pages. These sites…
Default Cursor setting can be exploited to run malicious code on developers’ machines
An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers have…
‘Astronaut-in-distress’ romance scammer steals money from elderly woman
A Japanese octogenarian from Hokkaido Island lost thousands of dollars after being scammed by someone who described himself as a desperate astronaut in need of help.…
Helping CISOs Speak the Language of Business
Sep 11, 2025The Hacker NewsContinuous Threat Exposure Management CISOs know their field. They understand the threat landscape. They understand how to build a strong and…
Storage is key to AI projects that succeed
The hyperscaler cloud providers plan to spend $1tn on hardware optimised for artificial intelligence (AI) by 2028, according to market researcher Dell’Oro. Meanwhile, enterprises are…
SonicWall SSL VPN Flaw CVE-2024-40766 Actively Exploited
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an urgent alert regarding active exploitation of a critical security flaw identified as…
NVIDIA NVDebug Tool Vulnerability Let Attackers Escalate Privileges
NVIDIA has released a security update for its NVDebug tool to address three high-severity vulnerabilities that could allow an attacker to escalate privileges, execute code,…
ZynorRAT Exploits Windows and Linux Systems to Gain Remote Access
During a recent threat hunting exercise, the Sysdig Threat Research Team (TRT) identified a new sample dubbed ZynorRAT. This Go-based Remote Access Trojan (RAT) delivers…
ChillyHell macOS Malware Resurfaces, Using Google.com as a Decoy
A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden, and install itself permanently to control your…
Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts
Sep 11, 2025Ravie LakshmananMalvertising / Browser Security Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake…