🚨 Shadow AI is exploding inside your org—whether you see it or not.

Zscaler tracked 36x more AI traffic in 2024, with 800+ apps in use. Blocking isn’t working—employees are going around it.

The real risk? Your IP is training public models.

Here’s what to do instead ↓ https://thehackernews.com/expert-insights/2025/07/empower-users-and-protect-against-genai.html

If you're in cybersecurity, you've probably heard of CISSP All-in-One, The IDA Pro Book, or Gray Hat Hacking.

Now imagine learning directly from someone who co-authored the 4th and 5th edition of Gray Hat Hacking and has worked in global threat teams like Symantec, Mandiant, and Palo Alto Networks.

Hack Defender Academy is built for defenders who want to go deep — reverse real malware, follow shellcode injected in another process, dissect infostealers, intercept ransomware encryption key in memory, analyze .NET threats with WinDBG SOS plug-in, automate the deobfuscation with our unique tool NeZa and sharpen your skills by solving live Capture the Flag challenges.

💻1200+ min streaming
🏁CTF-based labs
🛠️Your own IDA Classroom License

Led by DanuX (Dan Regalado), a veteran reverse engineer and speaker at REcon, DEFCON, and RSA.

This is not a passive course. This is real-world training — for real defenders.

Start learning what truly matters at https://thn.news/hackdef-academy

🚨 Attackers are impersonating you—with AI.

From deepfakes to fake LinkedIn accounts, social engineering is now real-time and relentless.

Join cybersecurity leader Michael Coates and Doppel CEO Kevin Tian to learn how AI can fight back → https://thehacker.news/defeating-digital-deception?source=social

🚨 Cisco ISE flaws are being exploited in the wild — no login needed, root access gained.

Hackers can remotely hijack enterprise networks through unauthenticated API and file upload bugs (CVSS 10.0).

Details & fixes → https://thehackernews.com/2025/07/cisco-confirms-active-exploits.html

🚨 Want to become a CISO? Your SOC skills aren’t enough.

Automation is replacing ops. If you’re not building business, risk, and leadership skills now—you’ll be left behind.

Here’s how to make the leap from SOC to the boardroom ↓ https://thehackernews.com/2025/07/how-to-advance-from-soc-manager-to-ciso.html

🚨 A hacked MSI installer is stealing banking logins across Mexico.

Greedy Sponge hackers are pushing a weaponized Chrome proxy zip that drops AllaKore RAT—now upgraded to exfiltrate credentials and act as a SOCKS5 proxy.

💰 Financial fraud is the goal. And it’s working.

Full report → https://thehackernews.com/2025/07/credential-theft-and-remote-access.html

⚡ {NEW} Chinese hackers are exploiting new SharePoint flaws—Microsoft links attacks to APT27, APT31 & Storm-2603.

They’re bypassing patches to steal MachineKeys via remote code execution.

The exploit chain is already in the wild.

Patch now ↓ https://thehackernews.com/2025/07/microsoft-links-ongoing-sharepoint.html

🚨 Chinese hackers are actively exploiting new SharePoint flaws to bypass auth & run code remotely.

Even Microsoft’s AMSI fix isn’t stopping them.

The worst part? Many orgs aren’t patching.

Details you can’t afford to miss → https://thehackernews.com/2025/07/cisa-orders-urgent-patching-after.html

🚨 SysAid flaw lets hackers hijack admin accounts — CISA confirms active attacks.

Attackers are exploiting two critical bugs (CVSS 9.3) to steal data & possibly execute code.

Patches are out. Deadline: Aug 12.

Full details → https://thehackernews.com/2025/07/cisa-warns-sysaid-flaws-under-active.html

🚨 Google just launched OSS Rebuild—a powerful weapon against open-source supply chain attacks.

It rebuilds & verifies packages independently, catching tampered code others miss.

No extra work for maintainers.

Full details ↓ https://thehackernews.com/2025/07/google-launches-oss-rebuild-to-expose.html

🚨 Most “critical” CVEs aren’t even exploitable in your app.

Security teams are drowning in false positives—because most scanners ignore whether the vulnerable function actually runs.

Function-level runtime reachability changes everything.

Here’s what it gets right ↓ https://thehackernews.com/expert-insights/2025/07/everything-to-know-about-runtime.html

Overexposed to risk with public images?

Get ActiveState's free secure containers—rebuilt, scanned, and now on Docker Hub.

🛡️ Cut out CVEs and patching hassle. Just pull, trust, and deploy: https://thn.news/activestate-dockerhuby

Vegas, neon & next-level security insights. Don’t miss @BeyondTrust at #BHUSA.

Find their award-winning Outfitters booth at #5024, navigate the cybersecurity wilderness and take a free identity security risk assessment to mitigate dangers.

Register here ➡️ https://thn.news/bh-americas-2025

🚨 This Windows trojan just became the first to weaponize Microsoft’s accessibility tools.

The Coyote malware is stealing banking and crypto logins from 75+ institutions—by reading what’s on your screen.

Here’s how it works → https://thehackernews.com/2025/07/new-coyote-malware-variant-exploits.html

🚨 Most Kerberoasting attacks still bypass detection—despite being a 10+ year-old threat.

Why? Legacy tools miss subtle, low-and-slow attacks.

@BeyondTrust just built a statistical model that spots what rules-based tools can’t—with fewer false positives.

How it works ↓ https://thehackernews.com/2025/07/kerberoasting-detections-new-approach.html

A hacker group just pivoted from Craft CMS to Magento & Docker—using real pentest tools to hide malware in-memory.

Even if you stop their crypto miner, they still profit off your bandwidth.

Here’s how it works ↓ https://thehackernews.com/2025/07/threat-actor-mimo-targets-magento-and.html

🚨 Hackers are hijacking WordPress sites with a backdoor hidden in plain sight—inside mu-plugins.

It gives them full admin access, evades detection, and locks out real users.

It looks like a legit plugin—and it auto-activates.

Here’s how it works + how to stop it ↓ https://thehackernews.com/2025/07/hackers-deploy-stealth-backdoor-in.html

🚨 Europol just took down XSS — a top Russian-speaking cybercrime forum with 50,000+ users.

Its admin made €7M running it like a darknet eBay for stolen data and hacking tools.

He’s now in custody after a raid in Kyiv.

Full story → https://thehackernews.com/2025/07/europol-arrests-xss-forum-admin-in-kyiv.html

🚨 ALERT: China-linked hackers are exploiting unpatched SharePoint servers to drop Warlock ransomware.

They’re using legit tools like PsExec, Mimikatz & IIS hijacking to stay hidden.

Even patching may not kick them out.

Full story → https://thehackernews.com/2025/07/storm-2603-exploits-sharepoint-flaws-to.html

🚨 Chinese hackers hijacked a Dalai Lama birthday tribute site to spy on Tibetans.

Victims downloaded a fake encrypted chat app—actually a backdoored version of Element laced with Gh0st RAT.

It stole IPs, keystrokes, and even webcam feeds.

Details → https://thehackernews.com/2025/07/china-based-apts-deploy-fake-dalai-lama.html

🚨 81% faster gap mitigation. 50% fewer critical vulns.

Annual pentests can’t keep up—your defenses change daily, and so do attackers.

It’s time to stop playing defense once a year. Build an Offensive SOC that hunts 24/7.

Learn How →

https://thehackernews.com/2025/07/pentests-once-year-nope-its-time-to.html