A sophisticated npm supply chain attack that surfaced in late August targeted thousands of downstream projects by injecting malicious payloads into popular JavaScript libraries. Initial…
The threat actor delivers three Remote Access Trojans (RATs)—ValleyRAT, FatalRAT, and a newly discovered RAT dubbed kkRAT—via phishing sites hosted on GitHub Pages. These sites…
An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers have…
A Japanese octogenarian from Hokkaido Island lost thousands of dollars after being scammed by someone who described himself as a desperate astronaut in need of help.…
Sep 11, 2025The Hacker NewsContinuous Threat Exposure Management CISOs know their field. They understand the threat landscape. They understand how to build a strong and…
The hyperscaler cloud providers plan to spend $1tn on hardware optimised for artificial intelligence (AI) by 2028, according to market researcher Dell’Oro. Meanwhile, enterprises are…
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an urgent alert regarding active exploitation of a critical security flaw identified as…
NVIDIA has released a security update for its NVDebug tool to address three high-severity vulnerabilities that could allow an attacker to escalate privileges, execute code,…
During a recent threat hunting exercise, the Sysdig Threat Research Team (TRT) identified a new sample dubbed ZynorRAT. This Go-based Remote Access Trojan (RAT) delivers…
A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden, and install itself permanently to control your…
Sep 11, 2025Ravie LakshmananMalvertising / Browser Security Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake…
Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT Pierluigi Paganini September 11, 2025 Hackers exploit ConnectWise ScreenConnect to drop AsyncRAT via scripted loaders, stealing data and…
