Using Automated Pentesting to Build Resilience
“A boxer derives the greatest advantage from his sparring partner…”— Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers…
Category: TheHackerNews
Malicious npm Package Modifies Local ‘ethers’ Library to Launch Reverse Shell Attacks
Mar 26, 2025Ravie LakshmananSupply Chain Attack / Malware Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another…
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
Mar 26, 2025The Hacker NewsRansomware / Endpoint Security The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time,…
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
Mar 27, 2025Ravie LakshmananEmail Security / Malware Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS)…
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
Mar 26, 2025Ravie LakshmananWindows Security / Vulnerability The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to…
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
Mar 26, 2025Ravie LakshmananMalware / Vulnerability The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in…
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
Mar 27, 2025Ravie LakshmananEndpoint Security / Ransomware A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and…
NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems
Mar 27, 2025Ravie LakshmananVulnerability / Enterprise Security A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation.…
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
Mar 27, 2025Ravie LakshmananVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and…
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
Mar 27, 2025Ravie LakshmananMobile Security / Malware An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a…
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
Mar 27, 2025Ravie LakshmananMalware / Website Security An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned…
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
Mar 27, 2025The Hacker NewsBrowser Security / Data Protection Whether it’s CRMs, project management tools, payment processors, or lead management tools – your workforce is…