Category: TheHackerNews

Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate
22
Jul
2025

Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate

Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as…

Active Exploits Targeting ISE Flaws
22
Jul
2025

Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

Jul 22, 2025Ravie LakshmananNetwork Security / Vulnerability Cisco on Monday updated its advisory of a set of recently disclosed security…

How to Advance from SOC Manager to CISO?
22
Jul
2025

How to Advance from SOC Manager to CISO?

Making the move from managing a security operations center (SOC) to being a chief information security officer (CISO) is a…

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access
22
Jul
2025

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings…

Espionage Campaign on African IT Infrastructure
21
Jul
2025

China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure

Jul 21, 2025Ravie LakshmananBrowser Security / Malware The China-linked cyber espionage group tracked as APT41 has been attributed to a…

Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
21
Jul
2025

Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

Jul 21, 2025Ravie LakshmananSpyware / Mobile Security Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with…

AI in Zero Trust
21
Jul
2025

Assessing the Role of AI in Zero Trust

By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely…

PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse
21
Jul
2025

PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse

Jul 21, 2025Ravie LakshmananThreat Intelligence / Authentication Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to…

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics
21
Jul
2025

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Jul 21, 2025Ravie LakshmananWeb Security / Cryptocurrency A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript…

Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access
21
Jul
2025

Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access

Jul 21, 2025Ravie LakshmananNetwork Security / Vulnerability Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw…

Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
21
Jul
2025

Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also released details of another…

EncryptHub Targets Web3 Developers
20
Jul
2025

EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware

Jul 20, 2025Ravie LakshmananAI Security / Infostealers The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun)…