From Browser Stealer to Intelligence-Gathering Tool
Jun 28, 2025Ravie LakshmananMalware / Cyber Warfare The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a…
Category: TheHackerNews
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
Jun 27, 2025Ravie LakshmananThreat Hunting / Vulnerability Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices…
PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack
Jun 27, 2025Ravie LakshmananVulnerability / Cyber Espionage A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed…
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
Jun 27, 2025Ravie LakshmananMalware / Cyber Attack A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and…
Business Case for Agentic AI SOC Analysts
Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace.…
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
Jun 27, 2025Ravie LakshmananNetwork Security / Vulnerability Threat intelligence firm GreyNoise is warning of a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems…
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the…
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Jun 26, 2025Ravie LakshmananOpen Source / Vulnerability Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could…
New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
Jun 26, 2025Ravie LakshmananCyber Attack / Malware Analysis The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517%…
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
Jun 26, 2025Ravie LakshmananVulnerability, Network Security Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity…
Why Built-In Protections Aren’t Enough for Modern Data Resilience
SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of…
Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks
Jun 26, 2025Ravie LakshmananCyber Espionage / Malware An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a…