Can your SOC Save You?
Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet…
Category: TheHackerNews
Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps
Nov 26, 2025Ravie LakshmananBrowser Security / Cryptocurrency Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that’s capable of injecting a…
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware
Nov 26, 2025Ravie LakshmananMalware / Cyber Espionage The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a…
FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams
The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to…
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
Nov 25, 2025Ravie LakshmananData Exposure / Cloud Security New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are…
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running…
ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
Nov 25, 2025Ravie LakshmananMalware / Vulnerability The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data…
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Nov 25, 2025Ravie LakshmananMalware / Browser Security Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an…
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
Nov 25, 2025Ravie LakshmananSpyware / Mobile Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively…
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
Nov 24, 2025Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be…
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Nov 24, 2025Ravie LakshmananCloud Security / Vulnerability Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in…
Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs
New research from CrowdStrike has revealed that DeepSeek’s artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics…