A New Approach to a Decade-Old Challenge
Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections…
Category: TheHackerNews
SysAid Flaws Under Active Attack Enable Remote File Access and SSRF
Jul 23, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to…
Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages
Jul 23, 2025Ravie LakshmananSoftware Integrity / DevSecOps Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the…
CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks
Jul 23, 2025Ravie LakshmananVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704…
Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups
Jul 22, 2025Ravie LakshmananVulnerability / Threat Intelligence Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking…
Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate
Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign.…
Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access
Jul 22, 2025Ravie LakshmananNetwork Security / Vulnerability Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine…
How to Advance from SOC Manager to CISO?
Making the move from managing a security operations center (SOC) to being a chief information security officer (CISO) is a significant career leap. Not only…
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access
The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The…
China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure
Jul 21, 2025Ravie LakshmananBrowser Security / Malware The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT…
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
Jul 21, 2025Ravie LakshmananSpyware / Mobile Security Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence…
Assessing the Role of AI in Zero Trust
By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it’s now a requirement…