Using Automated Pentesting to Build Resilience
“A boxer derives the greatest advantage from his sparring partner…”— Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The...
Read more →Category: TheHackerNews
Malicious npm Package Modifies Local ‘ethers’ Library to Launch Reverse Shell Attacks
Mar 26, 2025Ravie LakshmananSupply Chain Attack / Malware Cybersecurity researchers have discovered two malicious packages on the npm registry that...
Read more →
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
Mar 26, 2025The Hacker NewsRansomware / Endpoint Security The Russian-speaking hacking group called RedCurl has been linked to a ransomware...
Read more →
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
Mar 27, 2025Ravie LakshmananEmail Security / Malware Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages...
Read more →
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
Mar 26, 2025Ravie LakshmananWindows Security / Vulnerability The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft...
Read more →
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
Mar 26, 2025Ravie LakshmananMalware / Vulnerability The Chinese threat actor known as FamousSparrow has been linked to a cyber attack...
Read more →
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
Mar 27, 2025Ravie LakshmananEndpoint Security / Ransomware A new analysis has uncovered connections between affiliates of RansomHub and other ransomware...
Read more →
NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems
Mar 27, 2025Ravie LakshmananVulnerability / Enterprise Security A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully...
Read more →
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
Mar 27, 2025Ravie LakshmananVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security...
Read more →
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
Mar 27, 2025Ravie LakshmananMobile Security / Malware An advanced persistent threat (APT) group with ties to Pakistan has been attributed...
Read more →
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
Mar 27, 2025Ravie LakshmananMalware / Website Security An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote...
Read more →
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
Mar 27, 2025The Hacker NewsBrowser Security / Data Protection Whether it’s CRMs, project management tools, payment processors, or lead management...
Read more →