Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector...
Read more →Category: TheHackerNews
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
Sep 06, 2025Ravie LakshmananSoftware Security / Cryptocurrency A new set of four malicious packages have been discovered in the npm...
Read more →
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the...
Read more →
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known...
Read more →
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
Sep 05, 2025Ravie LakshmananVulnerability / Enterprise Security A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software,...
Read more →
Automation Is Redefining Pentest Delivery
Sep 05, 2025The Hacker NewsPentesting / Security Operations Pentesting remains one of the most effective ways to identify real-world security...
Read more →
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
Sep 05, 2025Ravie LakshmananMalware / Cryptocurrency Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics...
Read more →
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at...
Read more →
Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries
Sep 04, 2025Ravie LakshmananCybersecurity / Malware The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new...
Read more →
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited
Sep 04, 2025Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security...
Read more →
Google Fined $379 Million by French Regulator for Cookie Consent Violations
Sep 04, 2025Ravie LakshmananGDPR / Data Privacy The French data protection authority has fined Google and Chinese e-commerce giant Shein...
Read more →
Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions
Sep 04, 2025Ravie LakshmananArtificial Intelligence / Malware Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass...
Read more →