From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part…
Category: TheHackerNews
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
Nov 07, 2025Ravie LakshmananSupply Chain Attack / Malware A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to…
Enterprise Credentials at Risk – Same Old, Same Old?
Nov 07, 2025The Hacker NewsData Protection / Cloud Security Imagine this: Sarah from accounting gets what looks like a routine password reset email from your…
Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts
Nov 07, 2025Ravie LakshmananData Protection / Malware Google on Thursday said it’s rolling out a dedicated form to allow businesses listed on Google Maps to…
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of…
Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine
Nov 06, 2025Ravie LakshmananMalware / Vulnerability A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks…
Building Cyber Resilience in Financial Services
Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement.…
Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response
Nov 06, 2025The Hacker NewsUnited States Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and…
Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection
Nov 06, 2025Ravie LakshmananMalware / Network Security The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass…
SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
Nov 06, 2025Ravie LakshmananIncident Response / Cloud Security SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the…
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly
Nov 05, 2025Ravie LakshmananArtificial Intelligence / Threat Intelligence Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB…
Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data
Nov 05, 2025Ravie LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI’s ChatGPT artificial intelligence (AI) chatbot that could…