☠️ WARNING: A critical auth bypass flaw in Mitel MiVoice MX-ONE (CVSS 9.4) lets attackers hijack user and admin accounts—no login needed.

It affects versions still widely in use.

Details + fixes → https://thehackernews.com/2025/07/critical-mitel-flaw-lets-hackers-bypass.html

Patch now or risk full compromise.

🔐 AI logins are breaking trust—73% of users say one bad experience, and they’re gone.

Want to keep them?

Learn how top brands are using smart, secure CIAM to win loyalty in the AI era.

Webinar spots are limited → https://thehacker.news/ai-customer-identity

🔄 Update on LAMEHUG malware →

Russian hackers used ~270 Hugging Face tokens to run AI-powered attacks — sending prompts to a coding LLM to generate system-hacking commands.

The kicker? It’s likely a live test run, not the final form.

Cato says this is R&D in real time → https://thehackernews.com/2025/07/cert-ua-discovers-lamehug-malware.html

🔄 Update: SharePoint Attacks Escalate

ToolShell exploitation is now global—4,600+ compromise attempts across 300+ orgs, including government and critical infrastructure.

🛑 U.S. leads in targets (13.3%), followed by the UK, France, and Germany.

📌 Attackers are stealing ASP .NET machine keys to persist even after patching.

⚠️ Ivanti EPMM flaws also in use—this is expanding fast.

Here’s what’s unfolding → https://thehackernews.com/2025/07/storm-2603-exploits-sharepoint-flaws-to.html

🚨 Two new malware campaigns—Soco404 & Koske—are targeting cloud servers across Linux & Windows to deploy crypto miners.

→ Soco404 hides in fake 404 pages
→ Koske uses malicious panda JPEGs
→ Both run fileless, in-memory attacks

What makes them so dangerous? ↓ https://thehackernews.com/2025/07/soco404-and-koske-malware-target-cloud.html

🚨 1 in 12 employees is quietly using Chinese GenAI tools at work—often to upload sensitive data.

M&A docs, source code, customer records… all sent to platforms with opaque data policies.

It’s already happening.

Details + what to do about it ↓ https://thehackernews.com/2025/07/overcoming-risks-from-chinese-genai.html

🚨 Russian defense firms hit by stealth cyberattack!

Hackers deployed a new backdoor—EAGLET—to spy on aerospace targets via fake logistics docs tied to sanctioned rail firms.

Read → https://thehackernews.com/2025/07/cyber-espionage-campaign-hits-russian.html

🚨 Patchwork hacking group is targeting Turkish missile contractors.

DisguiPatchworkous LNK files to launch a stealthy 5-stage spyware chain—right as Türkiye deepens defense ties with Pakistan.

Full story → https://thehackernews.com/2025/07/patchwork-targets-turkish-defense-firms.html

⚡ U.S. sanctions hit a North Korean front company and 3 individuals running a fake IT worker scheme—used to infiltrate 300+ U.S. firms and fund Kim’s weapons program.

One U.S. woman helped run it all from a 90-laptop farm in Arizona.

Full story ↓ https://thehackernews.com/2025/07/us-sanctions-firm-behind-n-korean-it.html

🛑 In case you missed it — Over 4,600 attacks. 300+ orgs hit.

A China-linked threat group is exploiting SharePoint flaws to drop Warlock ransomware on unpatched systems.

Patch now. Details here → https://thehackernews.com/2025/07/storm-2603-exploits-sharepoint-flaws-to.html

🚨 Six flaws rated CVSS 9.8 in Honeywell’s Niagara Framework could let attackers hijack smart buildings—HVAC, lighting, even security.

One misconfig? They steal admin tokens, plant backdoors, and run root code.

Used worldwide. Patch now.

Details here ↓ https://thehackernews.com/2025/07/critical-flaws-in-niagara-framework.html

Scattered Spider is now hijacking VMware ESXi hypervisors—not with malware, but fake help desk calls.

They impersonate admins, reset passwords, and deploy ransomware directly from the hypervisor.

Google says it's fast, stealthy, and crippling.

Full story → https://thehackernews.com/2025/07/scattered-spider-hijacks-vmware-esxi-to.html

⚡ Zero-days exploited. State-backed schemes exposed. Ransomware shifts.

From insider arrests to AI-powered fraud, here’s what mattered in cyber this week—no fluff, just the signal.

🧵 Read now ↓ https://thehackernews.com/2025/07/weekly-recap-sharepoint-breach-spyware.html

Phishing filters aren’t enough anymore.

Attackers don’t need malware—just one stolen login to pivot across email, OAuth, chats & files undetected.

It’s time email security caught up to EDR.

Here’s what that looks like ↓ https://thehackernews.com/2025/07/email-security-is-stuck-in-antivirus.html

🚨 Update: CISA just added CVE-2025-20281 and CVE-2025-20337 to its Known Exploited Vulnerabilities list.

These Cisco ISE flaws allow remote, unauthenticated attackers to gain root access — and they're already being exploited.

Feds must patch by Aug 18.
Everyone else: don’t wait.

Read → https://thehackernews.com/2025/07/cisco-confirms-active-exploits.html

🔥 ALERT: Toptal's GitHub was HACKED — attackers pushed 10 malicious npm packages.

They stole GitHub tokens, wiped systems silently, and racked up 5,000+ downloads before detection.

Here’s what devs need to know ↓ https://thehackernews.com/2025/07/hackers-breach-toptal-github-publish-10.html

🚨 CISA just confirmed active exploitation of a critical PaperCut bug (CVE-2023-2533) — attackers can hijack admin sessions to run code remotely.

It’s being used by ransomware gangs right now.

Patch before August 18 or risk breach.

Full details → https://thehackernews.com/2025/07/cisa-adds-papercut-ngmf-csrf.html

🚨 100,000+ sites hacked in 2024’s biggest JavaScript injection attack.

Even React wasn’t safe — a trusted library was turned into a malware delivery system.

Here’s how modern JS threats are breaking your app → https://thehackernews.com/2025/07/why-react-didnt-kill-xss-new-javascript.html

🚨 A wave of mobile malware is sweeping Asia—targeting Android & iOS with fake apps, phishing, and spyware.

🔸 250+ fake dating & social apps (SarangTrap) stealing photos, contacts, SMS
🔸 Banking trojans like RedHook hijack devices in Vietnam
🔸 Fake Telegram & finance apps hit users in India, Korea, Bangladesh
🔸 Criminals now rent malware kits or buy access to infected phones

Cybercrime is now a business. Stay alert → https://thehackernews.com/2025/07/cybercriminals-use-fake-apps-to-steal.html

Chaos is back—and it's wearing a new mask.

A rebrand of BlackSuit (linked to Royal & Conti), the new Chaos #ransomware gang is hitting U.S. victims hard with $300K ransoms, voice phishing, RMM abuse & stealthy multi-threaded encryption.

Details here → https://thehackernews.com/2025/07/chaos-raas-emerges-after-blacksuit.html

HACKasan 2025 is ON — and this year, it’s better than ever!

For the 4th year running, Pentera is hosting THE most epic Black Hat & DEF CON after-party, exclusively for cybersecurity pros on Thursday, August 7th!

🎧 Live DJ + drummer combo
🍸 Open bar
🌈 Legendary Hakkasan light show
💥 Cyber crowd only

👉 Register Today! Free of charge: https://thn.news/pentera-blackhat-party-2025