How to Automate CVE and Vulnerability Advisory Response with Tines
May 02, 2025The Hacker NewsVulnerability Management / Security Operations Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built…
Category: TheHackerNews
MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks
May 02, 2025Ravie LakshmananMalware / Threat Intelligence The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver.…
Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support
May 02, 2025Ravie LakshmananPassword Security / Windows A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change…
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
May 01, 2025Ravie LakshmananMalware / Web Skimming Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a…
Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign
May 01, 2025Ravie LakshmananArtificial Intelligence / Disinformation Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an “influence-as-a-service”…
Why top SOC teams are shifting to Network Detection and Response
Security Operations Center (SOC) teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts…
DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics
Russian companies have been targeted as part of a large-scale phishing campaign that’s designed to deliver a known malware called DarkWatchman. Targets of the attacks…
95% of AppSec Fixes Don’t Reduce Risk
For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved…
Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
May 01, 2025Ravie LakshmananZero-Day / Threat Intelligence Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment…
SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models
May 01, 2025Ravie LakshmananVulnerability / VPN Security SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been…
Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks
Apr 30, 2025Ravie LakshmananThreat Intelligence / Malware Cybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a…
Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense
Apr 30, 2025Ravie LakshmananArtificial Intelligence / Email Security As the field of artificial intelligence (AI) continues to evolve at a rapid pace, new research has…