🚨RedCurl, the Russian-speaking group—long known for espionage—has deployed ransomware for the first time.
👀 Their new strain: QWCrypt
🧠 Tactic: Fake CVs + legit Adobe tools = full system compromise
No leak site. No clear motive. Just chaos.
Details: https://thehackernews.com/2025/03/redcurl-shifts-from-espionage-to.html
👀 Their new strain: QWCrypt
🧠 Tactic: Fake CVs + legit Adobe tools = full system compromise
No leak site. No clear motive. Just chaos.
Details: https://thehackernews.com/2025/03/redcurl-shifts-from-espionage-to.html
🔥14👏3😁3🤔3
👀 Running an unpatched Windows system? You’re a target.
Hackers are exploiting CVE-2025-26633: EncryptHub hijacks Windows MMC with a stealthy .msc file swap via MUIPath, loading malware like Rhadamanthys and StealC through a fake “en-US” folder.
🧪 Trend Micro calls it "MSC EvilTwin."
Read: https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html
Patch now. Share widely.
Hackers are exploiting CVE-2025-26633: EncryptHub hijacks Windows MMC with a stealthy .msc file swap via MUIPath, loading malware like Rhadamanthys and StealC through a fake “en-US” folder.
🧪 Trend Micro calls it "MSC EvilTwin."
Read: https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html
Patch now. Share widely.
🔥9👍3⚡2🤔1
Catch Cloud Threats Before They Catch You!
Contain emerging threats in real time - before they impact your business. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide.
Download now → https://thn.news/cloud-detection-dummies-2
Contain emerging threats in real time - before they impact your business. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide.
Download now → https://thn.news/cloud-detection-dummies-2
👍9👏2
🚨 New Chinese cyber attack spotted.
FamousSparrow breached a U.S. trade group + Mexican institute using new, modular malware: SparrowDoor + ShadowPad (first use).
▶️ Targets ran outdated Exchange + Windows Server. ▶️ Backdoor includes spying, keylogging, screenshots, file theft.
📰 Full story → https://thehackernews.com/2025/03/new-sparrowdoor-backdoor-variants-found.html
FamousSparrow breached a U.S. trade group + Mexican institute using new, modular malware: SparrowDoor + ShadowPad (first use).
▶️ Targets ran outdated Exchange + Windows Server. ▶️ Backdoor includes spying, keylogging, screenshots, file theft.
📰 Full story → https://thehackernews.com/2025/03/new-sparrowdoor-backdoor-variants-found.html
🔥20😱5👍3👏3🤔3😁1
🚨 One click from insider to admin?
A critical flaw in NetApp SnapCenter (CVE-2025-26512, CVSS 9.9) lets authenticated users escalate privileges to full admin—on remote systems.
SnapCenter powers enterprise backups—this isn’t niche, it’s everywhere.
🔗Read: https://thehackernews.com/2025/03/netapp-snapcenter-flaw-could-let-users.html
A critical flaw in NetApp SnapCenter (CVE-2025-26512, CVSS 9.9) lets authenticated users escalate privileges to full admin—on remote systems.
SnapCenter powers enterprise backups—this isn’t niche, it’s everywhere.
🔗Read: https://thehackernews.com/2025/03/netapp-snapcenter-flaw-could-let-users.html
🤔8👍3😁1
👀 6-year-old bugs are back—and being weaponized.
CISA just flagged two 2019 Sitecore RCE flaws (CVE-2019-9874 & 9875) as actively exploited.
But it doesn’t stop there:
➡️ Next.js auth bypass (CVE-2025-29927) is under live attack
➡️ DrayTek routers face fresh waves targeting old RCE/LFI bugs.
🔗 Details: https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html
Old CVEs. New exploits. Patch now.
CISA just flagged two 2019 Sitecore RCE flaws (CVE-2019-9874 & 9875) as actively exploited.
But it doesn’t stop there:
➡️ Next.js auth bypass (CVE-2025-29927) is under live attack
➡️ DrayTek routers face fresh waves targeting old RCE/LFI bugs.
🔗 Details: https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html
Old CVEs. New exploits. Patch now.
🔥13👍4🤯3
🚨 150,000+ websites hijacked. Millions redirected.
Hackers are injecting malicious JavaScript into legit sites to push Chinese-language gambling ads—using fake Bet365 branding, fullscreen overlays, and iframe tricks.
🔗 Full story: https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html
Hackers are injecting malicious JavaScript into legit sites to push Chinese-language gambling ads—using fake Bet365 branding, fullscreen overlays, and iframe tricks.
🔗 Full story: https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html
😁11👍3🔥3👏2
🔥 Still opening Office docs without checking? In 2025, that’s a major risk.
Hackers still use Word and Excel to deliver malware—no macros, no clicks.
Top threats: Phishing docs, fake logins, QR traps.
🛡️ Scan before you open. Learn more: https://thehackernews.com/2025/03/top-3-ms-office-exploits-hackers-use-in.html
Hackers still use Word and Excel to deliver malware—no macros, no clicks.
Top threats: Phishing docs, fake logins, QR traps.
🛡️ Scan before you open. Learn more: https://thehackernews.com/2025/03/top-3-ms-office-exploits-hackers-use-in.html
👍17⚡3🤯2😁1
🚨 Fake India Post site used to hack Windows & Android users!
APT36 (aka Transparent Tribe), linked to Pakistan, is behind a phishing site—postindia[.]site—targeting Indian citizens 🇮🇳
👉 Details that matter → https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html
💡 Stay sharp, don’t click blind.
APT36 (aka Transparent Tribe), linked to Pakistan, is behind a phishing site—postindia[.]site—targeting Indian citizens 🇮🇳
👉 Details that matter → https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html
💡 Stay sharp, don’t click blind.
👍9😁8🤔2⚡1
🛑 Shadow SaaS is your biggest blind spot—and CASB can’t save you.
New report reveals why traditional CASB tools fail to detect or stop unsanctioned apps, identity leaks, and data exfiltration.
🔍 80% of SaaS use is shadow IT
⚠️ API scanners can’t block live attacks
🧠 The fix? Security at the browser level
📄 Read the report: https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html
New report reveals why traditional CASB tools fail to detect or stop unsanctioned apps, identity leaks, and data exfiltration.
🔍 80% of SaaS use is shadow IT
⚠️ API scanners can’t block live attacks
🧠 The fix? Security at the browser level
📄 Read the report: https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html
🤔8👍4⚡1👏1🤯1
🔥 Ransomware cartels are sharing weapons.
A custom EDR killer tool—EDRKillShifter—built by RansomHub is now turning up in attacks by Medusa, BianLian, and Play, per ESET.
Used to silently shut down security defenses via a BYOVD attack—before encrypting your systems.
Even “closed” RaaS gangs like BianLian are repurposing tools from rivals.
🔗 Read full report: https://thehackernews.com/2025/03/hackers-repurpose-ransomhubs.html
A custom EDR killer tool—EDRKillShifter—built by RansomHub is now turning up in attacks by Medusa, BianLian, and Play, per ESET.
Used to silently shut down security defenses via a BYOVD attack—before encrypting your systems.
Even “closed” RaaS gangs like BianLian are repurposing tools from rivals.
🔗 Read full report: https://thehackernews.com/2025/03/hackers-repurpose-ransomhubs.html
👍16🤯8🤔3⚡2👏1
🚨 Phishing just got personal.
A PhaaS kit called Morphing Meerkat fakes login pages for 114+ brands—using your DNS MX records to mimic your email provider (Gmail, Outlook, Yahoo).
It’s global, stealthy, and drops stolen creds via Telegram.
👀 Uses WordPress hacks, ad redirects (even DoubleClick), and blocks right-clicks + hotkeys.
🔗 Read: https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html
A PhaaS kit called Morphing Meerkat fakes login pages for 114+ brands—using your DNS MX records to mimic your email provider (Gmail, Outlook, Yahoo).
It’s global, stealthy, and drops stolen creds via Telegram.
👀 Uses WordPress hacks, ad redirects (even DoubleClick), and blocks right-clicks + hotkeys.
🔗 Read: https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html
🤯24👍10⚡3👏1
🚨 Firefox users, update now!
A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild.
📖 Full story: https://thehackernews.com/2025/03/mozilla-patches-critical-firefox-bug.html
🔒 Patch now | Spread the word | Stay safe
A critical bug (CVE-2025-2857) just got patched—same sandbox escape class as the Chrome zero-day (CVE-2025-2783) actively exploited in the wild.
📖 Full story: https://thehackernews.com/2025/03/mozilla-patches-critical-firefox-bug.html
🔒 Patch now | Spread the word | Stay safe
👍9⚡6😁6😱5🔥2
🚨 Crypto devs, beware!
Hackers hijacked 12+ popular npm packages—some live for 9+ years—to steal secrets like API keys & SSH tokens.
Root cause? Likely old maintainer accounts compromised via leaked credentials.
📎 Details: https://thehackernews.com/2025/03/nine-year-old-npm-packages-hijacked-to.html
🔒 Rotate keys. Audit deps. Enforce 2FA.
Hackers hijacked 12+ popular npm packages—some live for 9+ years—to steal secrets like API keys & SSH tokens.
Root cause? Likely old maintainer accounts compromised via leaked credentials.
📎 Details: https://thehackernews.com/2025/03/nine-year-old-npm-packages-hijacked-to.html
🔒 Rotate keys. Audit deps. Enforce 2FA.
⚡11👍6
👀 “Let’s chat…” said the spy app.
A fake chat app named SangaalLite secretly ran a nearly 2-year Android spyware campaign, targeting Taiwanese users with a military-grade malware called PJobRAT.
📱 Disguised as chat apps like SangaalLite
🕵️♀️ Steals texts, photos, contacts, and more
🧠 Originally used romantic lures, now upgraded to run shell commands & hijack Firebase for stealthy control.
🔗 Dig deeper: https://thehackernews.com/2025/03/pjobrat-malware-campaign-targeted.html
A fake chat app named SangaalLite secretly ran a nearly 2-year Android spyware campaign, targeting Taiwanese users with a military-grade malware called PJobRAT.
📱 Disguised as chat apps like SangaalLite
🕵️♀️ Steals texts, photos, contacts, and more
🧠 Originally used romantic lures, now upgraded to run shell commands & hijack Firebase for stealthy control.
🔗 Dig deeper: https://thehackernews.com/2025/03/pjobrat-malware-campaign-targeted.html
👍11⚡2🔥2🤯2😱1
🔥 Backups are NOT business continuity.
When disaster strikes, your data must be recoverable—fast. That’s why 50%+ of orgs plan to ditch basic backup in 2025.
Datto BCDR offers a smarter path: tested backups, instant recovery, and a cloud built just for disasters.
🔗 Read how it works: https://thehackernews.com/2025/03/how-to-ensure-business-continuity-with-datto-b.html
When disaster strikes, your data must be recoverable—fast. That’s why 50%+ of orgs plan to ditch basic backup in 2025.
Datto BCDR offers a smarter path: tested backups, instant recovery, and a cloud built just for disasters.
🔗 Read how it works: https://thehackernews.com/2025/03/how-to-ensure-business-continuity-with-datto-b.html
🔥5⚡2👍2
🚨 New Malware Alert: CoffeeLoader is brewing trouble.
This stealthy loader evades AV/EDR using GPU execution, sleep obfuscation, and call stack spoofing.
It masquerades as ASUS Armoury Crate to slip in undetected, runs every 10 minutes, and delivers second-stage payloads via HTTPS—like Rhadamanthys.
🔗 Learn more: https://thehackernews.com/2025/03/coffeeloader-uses-gpu-based-armoury.html
This stealthy loader evades AV/EDR using GPU execution, sleep obfuscation, and call stack spoofing.
It masquerades as ASUS Armoury Crate to slip in undetected, runs every 10 minutes, and delivers second-stage payloads via HTTPS—like Rhadamanthys.
🔗 Learn more: https://thehackernews.com/2025/03/coffeeloader-uses-gpu-based-armoury.html
👍9⚡3🤯2🔥1
🛑 Hackers can now hijack solar power systems.
46 new bugs found in inverters from Sungrow, Growatt, and SMA. Attackers could shut down power, cause blackouts, or remotely control devices like a botnet.
😬 One trick? Reset accounts to default password: 123456
🔗 Details: https://thehackernews.com/2025/03/researchers-uncover-46-critical-flaws.html
46 new bugs found in inverters from Sungrow, Growatt, and SMA. Attackers could shut down power, cause blackouts, or remotely control devices like a botnet.
😬 One trick? Reset accounts to default password: 123456
🔗 Details: https://thehackernews.com/2025/03/researchers-uncover-46-critical-flaws.html
😁13🤯10👍5👏3⚡1
Organizations are shifting their GRC (Governance, Risk, and Compliance) strategies from reactive to proactive. Hyperproof’s 6th annual IT Risk and Compliance Benchmark Report reveals that 91% of companies now have centralized GRC teams, and 72% plan to grow their compliance teams in 2025.
With rising regulatory demands, companies investing in risk management aren’t just avoiding fines—they’re driving operational excellence and strategic growth.
Want to see where you stand? Use Hyperproof's new GRC Maturity Model (https://thn.news/grc-maturity-evaluation) to assess your compliance readiness and make a business case for improvement.
📥 Get the report here: https://thn.news/it-compliance-benchmarks
With rising regulatory demands, companies investing in risk management aren’t just avoiding fines—they’re driving operational excellence and strategic growth.
Want to see where you stand? Use Hyperproof's new GRC Maturity Model (https://thn.news/grc-maturity-evaluation) to assess your compliance readiness and make a business case for improvement.
📥 Get the report here: https://thn.news/it-compliance-benchmarks
👍16👏3
🔥 Hackers got hacked.
BlackLock, a top ransomware gang in 2025, just got owned—by threat hunters who found a fatal flaw in their infrastructure.
exposing...
➡️ Real IPs behind their hidden servers
➡️ Command history showing OPSEC fails
➡️ Credentials, configs, and MEGA storage accounts used for exfil
👀 Turns out, DragonForce—another ransomware crew—also hacked BlackLock’s site last week, leaking internal chats and configs.
Read: https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html
BlackLock, a top ransomware gang in 2025, just got owned—by threat hunters who found a fatal flaw in their infrastructure.
exposing...
➡️ Real IPs behind their hidden servers
➡️ Command history showing OPSEC fails
➡️ Credentials, configs, and MEGA storage accounts used for exfil
👀 Turns out, DragonForce—another ransomware crew—also hacked BlackLock’s site last week, leaking internal chats and configs.
Read: https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html
😁45👍19👏5⚡4🤔1
🚨 New Android threat spotted: Crocodilus malware is targeting users in Spain and Turkey, posing as Google Chrome to hijack phones.
• Bypasses Android 13+ protections
• Abuses Accessibility to steal credentials
• Records screen & key actions
• Remotely controls the device
• Hides with black screen overlays
📱 Targets banks + crypto wallets
🔗 Learn how it works: https://thehackernews.com/2025/03/new-android-trojan-crocodilus-abuses.html
• Bypasses Android 13+ protections
• Abuses Accessibility to steal credentials
• Records screen & key actions
• Remotely controls the device
• Hides with black screen overlays
📱 Targets banks + crypto wallets
🔗 Learn how it works: https://thehackernews.com/2025/03/new-android-trojan-crocodilus-abuses.html
👍21🤯8🔥5😁3🤔3⚡1