Google Patches 120 Flaws, Including Two Zero-Days Under Attack
Sep 03, 2025Ravie LakshmananMobile Security / Vulnerability Google has shipped security updates to address 120 security flaws in its Android operating system as part of…
Category: TheHackerNews
Detecting Data Leaks Before Disaster
In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive…
Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure
Sep 03, 2025Ravie LakshmananArtificial Intelligence / Vulnerability Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI…
Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats
Sep 03, 2025Ravie LakshmananData Breach / Cyber Espionage An Iran-nexus group has been linked to a “coordinated” and “multi-wave” spear-phishing campaign targeting the embassies and…
Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack
Sep 03, 2025Ravie LakshmananThreat Intelligence / Network Security Cloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at…
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation
Sep 03, 2025Ravie LakshmananVulnerability / Mobile Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE…
Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations
Sep 03, 2025Ravie LakshmananData Breach / Threat Intelligence, Salesloft on Tuesday announced that it’s taking Drift temporarily offline “in the very near future,” as multiple…
Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE
Sep 02, 2025Ravie LakshmananMalware / Threat Intelligence The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign…
Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control
Sep 02, 2025Ravie LakshmananCyber Espionage / Network Security Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features…
A Critical Part of Enterprise AI Governance
Sep 02, 2025The Hacker NewsData Privacy / SaaS Security The Harsh Truths of AI Adoption MITs State of AI in Business report revealed that while…
Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices
Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN and RDP devices between June…
Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of…