159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
Apr 24, 2025Ravie LakshmananVulnerability / Threat Intelligence As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter…
Category: TheHackerNews
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
Apr 24, 2025Ravie LakshmananPhishing / Cybercrime The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative…
Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
Apr 24, 2025Ravie LakshmananData Breach / Vulnerability A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution…
From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign
The Evolving Healthcare Cybersecurity Landscape Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT…
WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads
Apr 24, 2025Ravie LakshmananData Protection / Artificial Intelligence WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block…
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Apr 23, 2025Ravie LakshmananMalware / Cryptocurrency Multiple threat activity clusters with ties to North Korea (aka Democratic People’s Republic of Korea or DPRK) have been…
Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign
The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed…
Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices
Apr 23, 2025Ravie LakshmananSpyware / Mobile Security Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes…
Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp
Multiple suspected Russia-linked threat actors are “aggressively” targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access…
Three Reasons Why the Browser is Best for Stopping Phishing Attacks
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a…
Ripple’s xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
Apr 23, 2025Ravie LakshmananBlockchain / Cryptocurrency The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a…
Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito
Apr 23, 2025Ravie LakshmananPrivacy / Artificial Intelligence Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its…