🚨 60% of breaches in 2024 came from one source: people.

Not because employees are careless—because security is confusing, complex, and built for auditors, not humans. Until culture is fixed, tech alone won’t save you.

Here’s how to change that ↓ https://thehackernews.com/2025/08/why-your-security-culture-is-critical.html

🚨 New RAT alert: Hackers are hitting trading firms with GodRAT—a backdoor hidden inside fake financial docs sent over Skype.

It steals files, passwords, and even drops more malware.

Built on 20-year-old Gh0st RAT code, but deadlier.

Full details → https://thehackernews.com/2025/08/new-godrat-trojan-targets-trading-firms.html

Hackers are breaking into Linux cloud servers using a 2-year-old bug in Apache ActiveMQ.

The twist? After sneaking in, they patch the flaw themselves—locking out rivals and hiding from defenders.

Full story here → https://thehackernews.com/2025/08/apache-activemq-flaw-exploited-to.html

🚨 A 22-year-old from Oregon built a DDoS-for-hire botnet so massive it launched 370,000+ attacks across 80 countries.

Powered by 95,000 hacked devices, “RapperBot” could blast traffic at 6 Tbps—enough to cripple major platforms.

The FBI just shut it down.

Full story → https://thehackernews.com/2025/08/doj-charges-22-year-old-for-running.html

🚨 Nearly half of AI-generated code snippets contain exploitable bugs.

Worse? Developers trust them blindly—introducing SQL injections, hardcoded secrets, and overly permissive cloud configs at scale.

AI isn’t just coding faster—it’s coding insecurely.

Full story ↓ https://thehackernews.com/expert-insights/2025/08/ais-hidden-security-debt.html

North Korean hackers ran a months-long cyber-espionage op against diplomats—hiding malware traffic in GitHub & Dropbox.

Their activity froze during Chinese national holidays.

Details → https://thehackernews.com/2025/08/north-korea-uses-github-in-diplomat.html

Ransomware. Outages. Human error.

The threats are multiplying—and downtime is no longer an option.

The survival playbook? A rock-solid BIA: the map that makes your BCDR strategy actually work.

Here’s why IT leaders can’t afford to skip it ↓ https://thehackernews.com/2025/08/turning-bia-insights-into-resilient-recovery.html

451 Research Reveals: Why AI & SaaS Security Can’t Be Managed Separately.

Security leaders: AI is reshaping your SaaS environment faster than old tools can keep up. Hear from Justin Lam, Principal Analyst at 451 Research, in a live session breaking down the new realities:

🔸 Hidden risks from shadow AI and third-party SaaS
🔸 Real-world attack scenarios and trends, including ShinyHunters
🔸 How unified SaaS & AI security platforms close the gaps

Save your seat for actionable insights, practical frameworks, and a live Q&A with one of the industry’s top minds—so your team is ready for what’s next.

Save My Spot → https://thn.news/ai-saas-attack-surface

🔥 WEBINAR ALERT!

Shadow AI agents are already running inside your business—often unseen, unlogged, and unmanaged.

Once hacked, they don’t think. They just execute—24/7.

Most security programs aren’t built for this.

Join our next webinar to learn how to stop them before attackers strike ↓ https://thehackernews.com/2025/08/webinar-discover-and-control-shadow-ai.html

🛑 PromptFix ALERT! Researchers show AI browsers like Comet can be tricked by hidden prompts inside fake CAPTCHAs.

Moreover, AI browsers may unknowingly:
• Auto-click phishing links
• Autofill credit cards and addresses
• Trigger malware downloads

🔗 Full details here → https://thehackernews.com/2025/08/experts-find-ai-browsers-can-be-tricked.html

🇷🇺 Russia’s Static Tundra hackers (linked to the FSB) are exploiting a 7-year-old critical Cisco flaw to breach telecom, education & manufacturing networks worldwide.

They’re stealing configs, planting implants like SYNful Knock, and hijacking traffic for espionage.

Details → https://thehackernews.com/2025/08/fbi-warns-russian-fsb-linked-hackers.html

⚠️ A single click on a fake site can hijack your password manager.

Researchers found 11 popular extensions (1Password, LastPass, iCloud & more) vulnerable—putting logins, 2FA codes, and credit cards at risk.

6 vendors still haven’t patched.

Protect your PASSWORDS ↓ https://thehackernews.com/2025/08/dom-based-extension-clickjacking.html

🚨 Apple just patched a zero-day already under attack.

Hackers were exploiting a malicious image bug (CVE-2025-43300) in iPhones, iPads & Macs.

Apple says it was used in extremely sophisticated targeted attacks.

Update now. Details ↓ https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html

🚫 That “CEO” on your Zoom call? Might be an AI fake.

Deepfake scams have already stolen $25M+ in single hits—voices, faces, even biometrics can be forged.
The line between real and fake is gone.

How to spot it before it’s too late ↓ https://thehackernews.com/expert-insights/2025/08/defending-against-adversarial-ai-and.html

A 20-year-old hacker just got 10 YEARS in prison.

Noah Urban, part of the Scattered Spider crew, stole millions through SIM swaps & crypto heists—and now owes $13M in restitution.

But the gang isn’t gone. They’ve merged with other groups to get even stronger.

Full story → https://thehackernews.com/2025/08/scattered-spider-hacker-gets-10-years.html

🚨 Shadow AI Agents = The New Insider Threat

They’re already inside your enterprise—untracked, unowned, and attackers are exploiting them.

In our next webinar, SailPoint's Steve Toole reveals:
🔸 How shadow agents emerge
🔸 Real-world attack paths
🔸 What CISOs must do now

Don’t let invisible AI identities be your weakest link.

🔗 Register → https://thehacker.news/shadow-ai-agents-threats

👾 Hackers are using a new malware loader—QuirkyLoader—to spread Agent Tesla, AsyncRAT, Snake Keylogger & more.

One campaign even targeted a Taiwan cybersecurity company with spyware built to steal passwords & keystrokes.

Learn more about this threat ↓ https://thehackernews.com/2025/08/hackers-using-new-quirkyloader-malware.html

🚨 Webinar: Automating Google Workspace Security Policies 🚨

Manual enforcement is impossible — scripts break, alerts pile up, and approvals drag on. Join Google Cloud Security and Zenphi experts to see how human-in-the-loop automation keeps IT in control while enforcing policies consistently.

🕒 When: August 27, 10 AM PT
👉 Register Here to Join Live or Get the Replay: https://thn.news/google-workspace-policies

What You’ll Learn:
📤 Block Gmail Forwarding to Personal Accounts – detect & disable instantly, log for audit.
👀 Shadow IT Monitoring – track OAuth apps & Chrome extensions without endless checks.
👋 Automated Offboarding – revoke access, clear permissions, and document the process.
💡 Bonus: Get exclusive access to the latest Google Cloud Security Trends Report.

🔥 Nearly half of orgs failed password-cracking tests in 2025 (up from last year).

Once inside? Attackers succeed in 98% of cases using valid accounts—slipping past defenses unnoticed.

The weakest link isn’t malware. It’s your passwords.

Read the report → https://thehackernews.com/2025/08/weak-passwords-and-compromised-accounts.html

Hackers are luring people with fake CAPTCHA pages—then tricking them into copy-pasting malware.

The result: a new backdoor, CORNFLAKE.V3, that steals credentials, hides behind Cloudflare, and won’t go away once it’s in.

Here’s how the attack works → https://thehackernews.com/2025/08/cybercriminals-deploy-cornflakev3.html

🚨 Four new Commvault flaws just dropped — and they can be chained for pre-auth remote code execution.

Attackers could seize control before you even log in.

Worst part? One chain works if the default admin password was never changed.

Patch now. Details here → https://thehackernews.com/2025/08/pre-auth-exploit-chains-found-in.html