🚨 UPDATE: Google confirms it was hit in the Salesforce vishing attacks.

Hackers accessed contact data for small biz clients in June—then vanished.

Now? They're back, threatening victims with 72-hour bitcoin extortion demands, posing as ShinyHunters.

Read ↓ https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html

🚨 Millions duped by fake apps on Apple & Google stores.

VexTrio, a global crime ring, used bogus VPNs & cleaners to steal data, push ads, and charge hidden fees.

It’s still active.

Details here → https://thehackernews.com/2025/08/fake-vpn-and-spam-blocker-apps-tied-to.html

🚨 One container in Amazon ECS can now hijack all others’ AWS creds on the same EC2 host.

Researchers exposed a stealthy privilege escalation chain called ECScape — no exploit, just abusing AWS internals.

Amazon: "Working as designed."

Details → https://thehackernews.com/2025/08/researchers-uncover-ecscape-flaw-in.html

Your pip install isn’t as safe as you think.

From typo-squatting to CVE-packed base images, Python supply chain attacks are everywhere—and evolving fast.

🎥 Learn how to lock down your stack in 2025. Tools, tactics, and real-world examples:

Watch the webinar → https://thehackernews.com/2025/08/webinar-how-to-stop-python-supply-chain.html

🚨 Attackers are hitting SonicWall firewalls again—but it’s not a new zero-day.

Turns out, they’re exploiting a known bug (CVE-2024-40766) and weak password hygiene.

Migrating from Gen 6 to Gen 7 without resets? That’s leaving doors wide open.

Full details + what to fix → https://thehackernews.com/2025/08/sonicwall-confirms-patched.html

🚨 Microsoft just warned: CVE-2025-53786 lets hackers silently escalate privileges from on-prem Exchange to the cloud.

No logs. No easy traces.
Your hybrid setup could be a silent breach vector.

Full details + fixes → https://thehackernews.com/2025/08/microsoft-discloses-exchange-server.html

🚨 Hackers can hijack Axis camera networks without logging in.

A CVSS 9.0 flaw in Axis Device Manager & Camera Station enables pre-auth remote code execution—impacting 6,500+ servers, mostly in the U.S.

Live feeds could be watched or shut down.

Details → https://thehackernews.com/2025/08/6500-axis-servers-expose-remoting.html

🚨 11 malicious Go packages just found — infecting both Windows and Linux.

They silently download payloads, hijack shells, and can steal browser data.

Worse: they look legit, preying on confused devs importing from GitHub.

Details devs need to see ↓ https://thehackernews.com/2025/08/malicious-go-npm-packages-deliver-cross.html

🚨 Cloud attacks now execute in under 10 minutes.

AI is fueling both sides:
🔒 500% surge in AI workloads
⚠️ CI/CD pipelines under fire
🛡️ Real-time defense is no longer optional

Real-time defense isn’t optional—it’s survival.

Full 2025 report → https://thehackernews.com/2025/08/the-ai-powered-security-shift-what-2025.html

🚨 Hackers are hijacking legit ad tools to push fake browser updates—spreading SocGholish malware linked to LockBit, Evil Corp & others.

It’s a Malware-as-a-Service network selling your device as a doorway in.

How it works → https://thehackernews.com/2025/08/socgholish-malware-spread-via-ad-tools.html

$1M in crypto gone—stolen by 150+ fake Firefox wallet extensions.

The scam: lookalike MetaMask, TronLink, Exodus add-ons that start clean… then turn malicious when no one’s watching.

Now spreading to Chrome. AI is helping them scale.

Full story → https://thehackernews.com/2025/08/greedybear-steals-1m-in-crypto-using.html

🚨 RubyGems & PyPI under attack:

🔸 60 fake RubyGems stole social media logins (275K+ downloads)
🔸 PyPI fakes hijacked crypto staking wallets

Both hide credential-stealing code in legit-looking packages.

Details → https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html

🚨 Stolen logins are now the #1 way hackers break in — beating phishing & software flaws.

Many still work. Attackers don’t need exploits when they can just log in.

Think your passwords are safe? You might want to check.

Full report → https://thehackernews.com/2025/08/leaked-credentials-up-160-what.html

🚨 Brazil hit by two cyber threats:

1️⃣ Hackers using AI-built fake gov sites to steal IDs + cash via PIX.
2️⃣ Efimer Trojan spreading via fake legal emails, torrents & WordPress hacks — swapping crypto wallets + stealing funds.

How both attacks work → https://thehackernews.com/2025/08/ai-tools-fuel-brazilian-phishing-scam.html

🚨 14 new flaws in CyberArk & HashiCorp vaults can let hackers steal corporate secrets without a password — some bugs sat undetected for 9 years.

Researchers warn attackers could chain them for full remote takeover.

Full story → https://thehackernews.com/2025/08/cyberark-and-hashicorp-flaws-enable.html

🔥 GPT-5 jailbroken: “Echo Chamber” + storytelling tricked it into giving banned instructions.

Related zero-click prompt injections can exfiltrate data from Google Drive, Jira, Microsoft Copilot Studio, and even hijack smart homes.

Details → https://thehackernews.com/2025/08/researchers-uncover-gpt-5-jailbreak-and.html

⚡ Lenovo webcams can be hacked into remote BadUSB weapons.

Flawed firmware checks let attackers send or infect a camera to inject keystrokes, survive wipes, and spread to other hosts.

Here’s how the “BadCam” exploit works → https://thehackernews.com/2025/08/linux-based-lenovo-webcams-flaw-can-be.html

Hackers can bypass Windows login, steal cryptographic keys, and hide inside some Dell laptops even after a full OS reinstall — “ReVault” flaws hit 100+ models.

Sometimes, they don’t even need your password.

Details → https://thehackernews.com/2025/08/researchers-reveal-revault-attack.html

🔥 Windows had a hole [CVE-2025-49760] in its core RPC system that let attackers pretend to be trusted services—like hijacking DNS, but inside your OS.

The wild part? Even Windows Defender’s ID could be spoofed.

Here’s how the EPM poisoning attack worked ↓ https://thehackernews.com/2025/08/researchers-detail-windows-epm.html

Hackers can now hijack Microsoft Domain Controllers into a global DDoS botnet—no malware, no creds, no trace.

At DEF CON, researchers revealed “Win-DDoS”: a flaw that can weaponize tens of thousands of public DCs to flood targets, crash systems, or trigger BSODs—remotely.

Here’s how it works → https://thehackernews.com/2025/08/new-win-ddos-flaws-let-attackers-turn.html

🛑 ALERT - Stop what you’re doing & update WinRAR.

A zero-day (CVE-2025-8088) is under active attack—booby-trapped archives can drop malware into Windows startup & hijack your PC.

Linked to Russian group “Paper Werewolf”

Update to v7.13 now. Details → https://thehackernews.com/2025/08/winrar-zero-day-under-active.html