Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that...
Read more →Category: TheHackerNews
Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally
A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News...
Read more →
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and...
Read more →
5 Ways Identity-based Attacks Are Breaching Retail
From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s...
Read more →
Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
Jul 08, 2025Ravie LakshmananCyber Espionage / Threat Intelligence Russian organizations have been targeted as part of an ongoing campaign that...
Read more →
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
Jul 08, 2025Ravie LakshmananCyber Attacks / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security...
Read more →
SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools
Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization (SEO) poisoning techniques to deliver a known malware...
Read more →
Why Default Passwords Must Go
Jul 07, 2025The Hacker NewsIoT Security / Cyber Resilience If you didn’t hear about Iranian hackers breaching US water facilities,...
Read more →
TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors
A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of...
Read more →
Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS
Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners...
Read more →
Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties
Jul 05, 2025Ravie LakshmananNational Security / Privacy Taiwan’s National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka...
Read more →
NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
Jul 04, 2025Ravie LakshmananZero-Day / Cyber Espionage Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle...
Read more →