Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL
Oct 03, 2025Ravie LakshmananMalware / Online Security Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging…
Category: TheHackerNews
How Passwork 7 Addresses Complexity of Enterprise Security
Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing…
New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT
Oct 03, 2025Ravie LakshmananCybersecurity / Malware A threat actor that’s known to share overlaps with a hacking group called YoroTrooper has been observed targeting the…
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
Oct 03, 2025Ravie LakshmananVulnerability / IoT Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge…
Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware
Oct 02, 2025Ravie LakshmananMalware / Cyber Espionage The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan…
Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Oct 02, 2025Ravie LakshmananPython / Malware Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the…
Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware
Oct 02, 2025Ravie LakshmananRansomware / Threat Intelligence Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of…
7 Key Workflows for Maximum Impact
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of…
How to Close Threat Detection Gaps: Your SOC’s Action Plan
Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is…
Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United…
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer
Oct 01, 2025Ravie LakshmananEncryption / Hardware Security In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that…
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
Oct 01, 2025Ravie LakshmananVulnerability / API Security A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution…