⚡ Weekly Recap ⟶ VPN 0‑Day, Mac Stealer Backdoor, AI Malware Disguised as Dev Tools, and an APT Hiding in ISPs.

The scariest part? Most of it looked legit.

Catch up now ↓ https://thehackernews.com/2025/08/weekly-recap-vpn-0-day-encryption.html

🚨 New wave of Python malware hits 4,000+ systems across 62 countries.

PXA Stealer is siphoning passwords, credit cards, and cookies—then selling them via Telegram-powered black markets.

Details here → https://thehackernews.com/2025/08/vietnamese-hackers-use-pxa-stealer-hit.html

🔥 Hackers can fully hijack NVIDIA's Triton AI servers — no login needed.

A new exploit chain gives attackers remote code execution and access to sensitive AI models.

It all starts with a single malformed request.

Full details → https://thehackernews.com/2025/08/nvidia-triton-bugs-let-unauthenticated.html

🚨 A suspected zero-day in SonicWall Gen 7 firewalls is under active attack.

Akira ransomware is exploiting SSL VPNs to breach networks—even with MFA.

20+ confirmed attacks. Domain controllers hit within hours.

Urgent steps + full report → https://thehackernews.com/2025/08/sonicwall-investigating-potential-ssl.html

🚨 DDoS attacks surged 358% in Q1 2025. But it’s not just volume—it’s AI-powered, precision-targeted, and actively evading defenses.

The old playbook is obsolete. Most orgs only test 1% of their attack surface.

The rest? Fully exposed.

Details here → https://thehackernews.com/expert-insights/2025/08/the-new-face-of-ddos-is-impacted-by-ai.html

🚨 15,000+ fake TikTok Shop sites are stealing logins & crypto.

A massive scam uses AI-generated videos, Meta ads & trojan apps to hijack your device.

It mimics influencers—and it's global.

Here’s what you need to know ↓ https://thehackernews.com/2025/08/15000-fake-tiktok-shop-domains-deliver.html

🚨 A phishing attack hidden behind a QR code + CAPTCHA was fully exposed in under 60 seconds—no analyst touch needed.

How? A live, automated sandbox detonated the payload, bypassed defenses, and surfaced IOCs instantly.

Your SOC is missing this.

Details here → https://thehackernews.com/2025/08/how-top-cisos-save-their-socs-from.html

🚨 A high-severity flaw in Cursor AI (CVE-2025-54136) let attackers hijack trusted MCP configs—triggering remote code execution every time you opened the project.

No re-prompt. No warning. Just silent compromise by modifying a config file you already trusted.

Learn more → https://thehackernews.com/2025/08/cursor-ai-code-editor-vulnerability.html

🔑 53% of orgs trust their SaaS vendors. But 70% of SaaS incidents come from misconfigs & bad permissions—your responsibility.

Worse? They leave no logs. No alerts. Just exposure.

Here’s why posture > detection: https://thehackernews.com/2025/08/misconfigurations-are-not.html

🚨 Google just fixed 3 Android bugs hackers were already using.

One lets them hijack your phone through the graphics chip — no clicks needed.

Spyware vendors may be behind it.

PATCH your phones now → https://thehackernews.com/2025/08/google-fixes-3-android-vulnerabilities.html

🚨 CAPTCHAgeddon is here. A fake CAPTCHA scam called ClickFix hijacks devices with a single paste—no download, no file, just clipboard commands.

It's smarter than ClearFake—and spreading fast.

Here’s how it works ↓ https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html

👀 Still pip installing and praying?

Supply chain attacks are everywhere in Python:
→ YOLO package hacked
→ Critical vulns in base images
→ Malicious packages live on PyPI

🔥 Join the free webinar to secure your Python stack → https://thehacker.news/safeguarding-python-supply-chain

🔒 UPDATE: Akira ransomware now uses legit Windows drivers (rwdrv.sys, hlpdrv.sys) in a BYOVD attack to disable Defender and gain kernel access—even in hardened environments.

Tied to SonicWall SSL VPN zero-day—still under active investigation.

Read → https://thehackernews.com/2025/08/sonicwall-investigating-potential-ssl.html

🔥 AI just changed the rules of pen testing.

Now you can say: "Check if leaked creds can access prod-finance."

And in seconds, it attacks, adapts, and reports—no scripts, no guesswork.

Vibe Red Teaming is here. Testing becomes a conversation.

→ Full vision from Pentera's CTO: https://thehackernews.com/2025/08/ai-is-transforming-cybersecurity.html

🚨 CISA just confirmed active exploits targeting 3 old D-Link camera and recorder flaws — one remains unpatched.

These vulnerabilities expose admin passwords and enable command execution.

One affected model reached end-of-life. Still using it? You're exposed.

Mitigations required by Aug 26 → https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.html

🚨 Ukraine hit by wave of cyberattacks — again.

Phishing emails posing as court summons are dropping malware that steals docs, grabs screenshots, and executes remote commands.

Here’s what’s happening ↓ https://thehackernews.com/2025/08/cert-ua-warns-of-hta-delivered-c.html

🚨 Trend Micro flaw (CVE-2025-54948 and CVE-2025-54987) lets attackers run code before login.

Two critical bugs (CVSS 9.4) are being exploited right now in Apex One on-prem.

Admins, patch fast — remote code execution is on the table.

Here’s what you need to know ↓ https://thehackernews.com/2025/08/trend-micro-confirms-active.html

Microsoft just built an AI that reverse-engineers malware by itself.

No hints. No human help — and 90%+ accuracy.

It could change how threats are found—before they even spread.

Here’s what Project Ire can do ↓ https://thehackernews.com/2025/08/microsoft-launches-project-ire-to.html

📈 vCISO adoption just exploded 319% in one year.

MSPs & MSSPs are scrambling to meet SMB demand—and AI is powering the shift.

It’s not just about security. It’s driving higher margins, better upsell, and recurring revenue.

Check full report → https://thehackernews.com/2025/08/ai-slashes-workloads-for-vcisos-by-68.html

🚨 UPDATE: Google confirms it was hit in the Salesforce vishing attacks.

Hackers accessed contact data for small biz clients in June—then vanished.

Now? They're back, threatening victims with 72-hour bitcoin extortion demands, posing as ShinyHunters.

Read ↓ https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html

🚨 Millions duped by fake apps on Apple & Google stores.

VexTrio, a global crime ring, used bogus VPNs & cleaners to steal data, push ads, and charge hidden fees.

It’s still active.

Details here → https://thehackernews.com/2025/08/fake-vpn-and-spam-blocker-apps-tied-to.html