Scattered Spider is now hijacking VMware ESXi hypervisors—not with malware, but fake help desk calls.

They impersonate admins, reset passwords, and deploy ransomware directly from the hypervisor.

Google says it's fast, stealthy, and crippling.

Full story → https://thehackernews.com/2025/07/scattered-spider-hijacks-vmware-esxi-to.html

⚡ Zero-days exploited. State-backed schemes exposed. Ransomware shifts.

From insider arrests to AI-powered fraud, here’s what mattered in cyber this week—no fluff, just the signal.

🧵 Read now ↓ https://thehackernews.com/2025/07/weekly-recap-sharepoint-breach-spyware.html

Phishing filters aren’t enough anymore.

Attackers don’t need malware—just one stolen login to pivot across email, OAuth, chats & files undetected.

It’s time email security caught up to EDR.

Here’s what that looks like ↓ https://thehackernews.com/2025/07/email-security-is-stuck-in-antivirus.html

🚨 Update: CISA just added CVE-2025-20281 and CVE-2025-20337 to its Known Exploited Vulnerabilities list.

These Cisco ISE flaws allow remote, unauthenticated attackers to gain root access — and they're already being exploited.

Feds must patch by Aug 18.
Everyone else: don’t wait.

Read → https://thehackernews.com/2025/07/cisco-confirms-active-exploits.html

🔥 ALERT: Toptal's GitHub was HACKED — attackers pushed 10 malicious npm packages.

They stole GitHub tokens, wiped systems silently, and racked up 5,000+ downloads before detection.

Here’s what devs need to know ↓ https://thehackernews.com/2025/07/hackers-breach-toptal-github-publish-10.html

🚨 CISA just confirmed active exploitation of a critical PaperCut bug (CVE-2023-2533) — attackers can hijack admin sessions to run code remotely.

It’s being used by ransomware gangs right now.

Patch before August 18 or risk breach.

Full details → https://thehackernews.com/2025/07/cisa-adds-papercut-ngmf-csrf.html

🚨 100,000+ sites hacked in 2024’s biggest JavaScript injection attack.

Even React wasn’t safe — a trusted library was turned into a malware delivery system.

Here’s how modern JS threats are breaking your app → https://thehackernews.com/2025/07/why-react-didnt-kill-xss-new-javascript.html

🚨 A wave of mobile malware is sweeping Asia—targeting Android & iOS with fake apps, phishing, and spyware.

🔸 250+ fake dating & social apps (SarangTrap) stealing photos, contacts, SMS
🔸 Banking trojans like RedHook hijack devices in Vietnam
🔸 Fake Telegram & finance apps hit users in India, Korea, Bangladesh
🔸 Criminals now rent malware kits or buy access to infected phones

Cybercrime is now a business. Stay alert → https://thehackernews.com/2025/07/cybercriminals-use-fake-apps-to-steal.html

Chaos is back—and it's wearing a new mask.

A rebrand of BlackSuit (linked to Royal & Conti), the new Chaos #ransomware gang is hitting U.S. victims hard with $300K ransoms, voice phishing, RMM abuse & stealthy multi-threaded encryption.

Details here → https://thehackernews.com/2025/07/chaos-raas-emerges-after-blacksuit.html

HACKasan 2025 is ON — and this year, it’s better than ever!

For the 4th year running, Pentera is hosting THE most epic Black Hat & DEF CON after-party, exclusively for cybersecurity pros on Thursday, August 7th!

🎧 Live DJ + drummer combo
🍸 Open bar
🌈 Legendary Hakkasan light show
💥 Cyber crowd only

👉 Register Today! Free of charge: https://thn.news/pentera-blackhat-party-2025

🚨 PyPI users are being phished — and the fake login pages look real.

Hackers spoofed PyPI emails & built replica sites that steal credentials, then forward victims to the legit site to cover their tracks.

Full details ↓ https://thehackernews.com/2025/07/pypi-warns-of-ongoing-phishing-campaign.html

🚨 AI-powered vibe coding platform Base44 had a critical flaw: anyone with a public app_id could bypass SSO and access private apps—no auth required.

Wix patched it fast, but it exposes serious risks in AI dev platforms.

Full story → https://thehackernews.com/2025/07/wiz-uncovers-critical-access-bypass.html

🚨 The browser is now the front line of cyber attacks.

Phishing, infostealers & token hijacking are bypassing MFA, targeting SaaS logins, and owning orgs — all in the browser.

Identity is the prize. And most teams aren’t watching.

Here’s why it matters ↓ https://thehackernews.com/2025/07/how-browser-became-main-cyber.html

⚡ Scattered Spider hacker group just went quiet—but don’t exhale yet.

After UK arrests, Mandiant says the group’s intrusions have stopped.

But copycats are already using their same ruthless tactics.

Now’s the moment to harden your defenses.

Read - https://thehackernews.com/2025/07/scattered-spider-hacker-arrests-halt.html

A critical SAP flaw just gave hackers remote access to a U.S. chemicals company.

They deployed Auto-Color—stealthy Linux malware that hides itself when it can’t reach its C2 server.

Details you need to know ↓ https://thehackernews.com/2025/07/hackers-exploit-sap-vulnerability-to.html

🚨 Most ransomware attacks don’t hack in—they log in.

EDR alone can’t stop attackers using legit credentials.

The fix? Pair it with Endpoint Privilege Management (EPM) to shut down stealthy privilege abuse before it starts.

Here’s why both are critical ↓ https://thehackernews.com/expert-insights/2025/07/edr-detects-epm-prevents-why-using-both.html

🚨 Google just fired a double shot at cyber threats:

➟ DBSC is now in open beta — it locks session cookies to your device, stopping attackers from hijacking logins.

➟ Project Zero goes public with unpatched bug reports to pressure faster fixes.

Big moves to end cookie theft & shrink patch gaps.

Details here ↓ https://thehackernews.com/2025/07/google-launches-dbsc-open-beta-in.html

🚨 Apple just patched a zero-day used in the wild — tied to a Chrome exploit.

The bug let attackers break out of the browser sandbox using a malicious web page.

iPhones, Macs, iPads, and more were at risk. Update now.

Details here → https://thehackernews.com/2025/07/apple-patches-safari-vulnerability-also.html

🚨 Critical flaws in Dahua smart cameras let attackers take full remote control—no login needed.

Used in homes, stores, and casinos, these bugs allow root access, persistent malware, and no easy fix.

Exposed devices are still at risk.

Full details → https://thehackernews.com/2025/07/critical-dahua-camera-flaws-enable.html

🚨 Your AI agent might already be vulnerable.

Pillar Security just launched a full-lifecycle AI defense platform—built by ex-offensive and defensive cyber ops—to catch threats before code is even written.

From threat modeling to runtime guardrails, this flips AI security on its head.

Full story → https://thehackernews.com/2025/07/product-walkthrough-look-inside-pillars.html

Custom containers, zero headaches.

ActiveState builds and scans your stack from OS to app—SBOM, low-to-no CVEs, ready for your CI/CD. Own your security. Stop inheriting risk.

Customize Your Container → https://thn.news/activestate-container-security

#DevSecOps #OpenSourceSecurity