Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Apr 19, 2025Ravie LakshmananLinux / Malware Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as...
Read more →Category: TheHackerNews
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Apr 19, 2025Ravie LakshmananNetwork Security / Vulnerability ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that...
Read more →
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a “widespread and ongoing” SMS phishing campaign that’s been targeting toll road users in the...
Read more →
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. “Attackers increasingly...
Read more →
[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach
Apr 18, 2025The Hacker NewsSaaS Security / Shadow IT Your employees didn’t mean to expose sensitive data. They just wanted...
Read more →
Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
Apr 18, 2025Ravie LakshmananIoT Security / Malware Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS)...
Read more →
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
Apr 18, 2025Ravie LakshmananWindows Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity...
Read more →
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in...
Read more →
State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering...
Read more →
Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
Apr 17, 2025Ravie LakshmananCybersecurity / Malware Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js...
Read more →
Blockchain Offers Security Benefits – But Don’t Neglect Your Passwords
Apr 17, 2025The Hacker NewsPassword Security / Blockchain Blockchain is best known for its use in cryptocurrencies like Bitcoin, but...
Read more →
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
Apr 17, 2025Ravie LakshmananVulnerability / Network Security A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP)...
Read more →