⚠️ Salesloft pulled the plug on Drift after a massive supply-chain hack.
Hackers stole its OAuth tokens—then used them to breach Salesforce at Cloudflare, Google Workspace, Palo Alto, Zscaler & 700+ orgs.
Full story → https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.html
Hackers stole its OAuth tokens—then used them to breach Salesforce at Cloudflare, Google Workspace, Palo Alto, Zscaler & 700+ orgs.
Full story → https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.html
🤯11😁2
Hackers are busy.
⚠️ CISA says TP-Link Wi-Fi extenders can be reset + hijacked — and since they’re end-of-life, no fixes are coming.
⚠️ WhatsApp + Apple flaws are being chained in a spyware campaign, quietly targeting fewer than 200 people.
Details you don’t want to miss ↓ https://thehackernews.com/2025/09/cisa-adds-tp-link-and-whatsapp-flaws-to.html
⚠️ CISA says TP-Link Wi-Fi extenders can be reset + hijacked — and since they’re end-of-life, no fixes are coming.
⚠️ WhatsApp + Apple flaws are being chained in a spyware campaign, quietly targeting fewer than 200 people.
Details you don’t want to miss ↓ https://thehackernews.com/2025/09/cisa-adds-tp-link-and-whatsapp-flaws-to.html
😁17👍7👏1
👨💻 Security teams fight on two fronts.
➡️ In dashboards: everything’s tidy—tickets, owners, workflows.
➡️ In reality: attackers chain “low” and “medium” issues into paths that reach the crown jewels.
Order alone isn’t enough. We need the attacker’s view.
That’s what ServiceNow + XM Cyber delivers: attack-graph intelligence that shows which fixes actually block real attack paths.
Full article by XM Cyber’s Elad Niddam on The Hacker News → https://thehackernews.com/expert-insights/2025/09/servicenow-and-xm-cyber-new-model-for.html
➡️ In dashboards: everything’s tidy—tickets, owners, workflows.
➡️ In reality: attackers chain “low” and “medium” issues into paths that reach the crown jewels.
Order alone isn’t enough. We need the attacker’s view.
That’s what ServiceNow + XM Cyber delivers: attack-graph intelligence that shows which fixes actually block real attack paths.
Full article by XM Cyber’s Elad Niddam on The Hacker News → https://thehackernews.com/expert-insights/2025/09/servicenow-and-xm-cyber-new-model-for.html
👏4🤔2👍1
🚨 Cloudflare just stopped the largest DDoS attack ever recorded — peaking at 11.5 Tbps.
It lasted only 35 seconds… but experts warn these “tsunami” attacks can be smoke screens for data theft and deeper breaches.
Here’s what happened ↓ https://thehackernews.com/2025/09/cloudflare-blocks-record-breaking-115.html
It lasted only 35 seconds… but experts warn these “tsunami” attacks can be smoke screens for data theft and deeper breaches.
Here’s what happened ↓ https://thehackernews.com/2025/09/cloudflare-blocks-record-breaking-115.html
🤯16👏10🔥2😁1
👨💻 Hackers don’t care if your risks start in code or show up in the cloud.
But if you can’t see both, you’ll never fix the weak link.
Code-to-cloud visibility isn’t optional anymore.
⚡ Join our webinar with Ziad Ghalleb, Technical PMM Wiz to learn why it’s the new AppSec foundation → https://thehacker.news/code-to-cloud-appsec
But if you can’t see both, you’ll never fix the weak link.
Code-to-cloud visibility isn’t optional anymore.
⚡ Join our webinar with Ziad Ghalleb, Technical PMM Wiz to learn why it’s the new AppSec foundation → https://thehacker.news/code-to-cloud-appsec
👍2👏2
🚨 Iranian-linked hackers just launched a global spear-phishing blitz—targeting embassies, consulates & ministries across Europe, Africa, Asia & the Americas.
The bait? Fake “urgent” diplomatic emails—some sent from a hacked Oman MFA mailbox.
Full details → https://thehackernews.com/2025/09/iranian-hackers-exploit-100-embassy.html
The bait? Fake “urgent” diplomatic emails—some sent from a hacked Oman MFA mailbox.
Full details → https://thehackernews.com/2025/09/iranian-hackers-exploit-100-embassy.html
🤯8🤔4👍1😱1
🚨 Google patched 120 Android security flaws — including 2 already exploited in real-world attacks.
Hackers don’t need your clicks. They don’t need your permission. They’re already in.
Update immediately. Full story → https://thehackernews.com/2025/09/android-security-alert-google-patches.html
Hackers don’t need your clicks. They don’t need your permission. They’re already in.
Update immediately. Full story → https://thehackernews.com/2025/09/android-security-alert-google-patches.html
👍10🔥3😱1
⚠️ Hackers are already weaponizing HexStrike AI—a tool built for ethical hacking—to exploit fresh Citrix flaws.
What was meant to protect networks is now fueling real-world cyberattacks at scale.
Patch fast. Details here → https://thehackernews.com/2025/09/threat-actors-weaponize-hexstrike-ai-to.html
What was meant to protect networks is now fueling real-world cyberattacks at scale.
Patch fast. Details here → https://thehackernews.com/2025/09/threat-actors-weaponize-hexstrike-ai-to.html
🔥13😁3🤯1
Media is too big
VIEW IN TELEGRAM
Still in the dark about your identity risks? BeyondTrust flips the switch 💡
Their complimentary Identity Security Risk Assessment gives you rapid clarity on hidden privilege risks & best remediation steps.
Try it out today ⤵️ https://thn.news/secure-identity-check
Their complimentary Identity Security Risk Assessment gives you rapid clarity on hidden privilege risks & best remediation steps.
Try it out today ⤵️ https://thn.news/secure-identity-check
🔥6😁3
🚨 Your employees could be pasting secrets into ChatGPT right now.
📧 Emails, 📂 files, 🔑 IP—all flowing out.
Most DLP tools? Blind to it.
Here’s how GenAI traffic actually gets monitored ↓ https://thehackernews.com/2025/08/can-your-security-stack-see-chatgpt-why.html
📧 Emails, 📂 files, 🔑 IP—all flowing out.
Most DLP tools? Blind to it.
Here’s how GenAI traffic actually gets monitored ↓ https://thehackernews.com/2025/08/can-your-security-stack-see-chatgpt-why.html
👍6
Most data leaks aren’t hacks.
They’re mistakes. Misconfigurations. Emails sent to the wrong inbox.
DeepSeek’s 1M leaked logs are just the latest reminder: one slip can expose secrets, crush trust, and cost millions.
Here’s how it happens → https://thehackernews.com/2025/09/detecting-data-leaks-before-disaster.html
They’re mistakes. Misconfigurations. Emails sent to the wrong inbox.
DeepSeek’s 1M leaked logs are just the latest reminder: one slip can expose secrets, crush trust, and cost millions.
Here’s how it happens → https://thehackernews.com/2025/09/detecting-data-leaks-before-disaster.html
👏6🔥3👍2
🚨 Hackers were caught hiding malware inside Ethereum smart contracts.
Two npm packages used blockchain tricks to drop payloads on dev systems—part of a wider fake crypto-trading-bot campaign on GitHub.
The new frontier of supply chain attacks → https://thehackernews.com/2025/09/malicious-npm-packages-exploit-ethereum.html
Two npm packages used blockchain tricks to drop payloads on dev systems—part of a wider fake crypto-trading-bot campaign on GitHub.
The new frontier of supply chain attacks → https://thehackernews.com/2025/09/malicious-npm-packages-exploit-ethereum.html
😁9🔥7😱6
🛡️ Cyberattacks are hitting endpoints harder than ever.
Gartner’s 2025 report just confirmed: SentinelOne remains a Leader in endpoint protection — for the 5th year straight.
What that says about AI-driven defense ↓ https://thehackernews.com/2025/07/ai-driven-trends-in-endpoint-security.html
Gartner’s 2025 report just confirmed: SentinelOne remains a Leader in endpoint protection — for the 5th year straight.
What that says about AI-driven defense ↓ https://thehackernews.com/2025/07/ai-driven-trends-in-endpoint-security.html
🤔8👍2
🚨 CISA just flagged 2 new TP-Link router flaws as actively exploited—one allows remote code execution, the other leaks passwords.
Many of the affected models are end-of-life. No more patches coming.
Here’s what you need to know ↓ https://thehackernews.com/2025/09/cisa-flags-tp-link-router-flaws-cve.html
Many of the affected models are end-of-life. No more patches coming.
Here’s what you need to know ↓ https://thehackernews.com/2025/09/cisa-flags-tp-link-router-flaws-cve.html
😱10👍1
🇫🇷 France just fined Google €325M and Shein €150M for breaking cookie consent laws.
Both pushed ads on users without clear permission. Google now has 6 months to comply—or pay €100k per day.
Full story → https://thehackernews.com/2025/09/google-fined-379-million-by-french.html
Both pushed ads on users without clear permission. Google now has 6 months to comply—or pay €100k per day.
Full story → https://thehackernews.com/2025/09/google-fined-379-million-by-french.html
👏19👍6🔥6⚡1🤯1
Cybercriminals are exploiting a loophole with X’s AI assistant Grok.
They trick it into sharing malicious links in promoted posts—links that normally should be blocked—reaching millions of users.
Researchers call it “Grokking.”
Here’s how it works ↓ https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html
They trick it into sharing malicious links in promoted posts—links that normally should be blocked—reaching millions of users.
Researchers call it “Grokking.”
Here’s how it works ↓ https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html
😁29🤯3🤔2😱2🔥1👏1
Most cyberattacks don’t slip past defenses—
they walk right through weak defaults.
Block entire categories of risk with simple day-one moves:
🔒 MFA on everything
🚫 Deny-by-default apps
📂 Kill Office macros
Attackers only need one shot. Defaults decide if they get it.
Here’s how → https://thehackernews.com/2025/08/simple-steps-for-attack-surface.html
they walk right through weak defaults.
Block entire categories of risk with simple day-one moves:
🔒 MFA on everything
🚫 Deny-by-default apps
📂 Kill Office macros
Attackers only need one shot. Defaults decide if they get it.
Here’s how → https://thehackernews.com/2025/08/simple-steps-for-attack-surface.html
👍10👏5
🚨 New threat: GhostRedirector hacked 65+ Windows servers worldwide.
It installs backdoors & an IIS malware that tricks Google into boosting shady gambling sites—damaging the reputation of legit businesses.
Details here → https://thehackernews.com/2025/09/ghostredirector-hacks-65-windows.html
It installs backdoors & an IIS malware that tricks Google into boosting shady gambling sites—damaging the reputation of legit businesses.
Details here → https://thehackernews.com/2025/09/ghostredirector-hacks-65-windows.html
🔥10😁8👏2⚡1
Russian hackers turned Microsoft Outlook into a cyber weapon.
APT28’s new NotDoor malware lurks in Outlook, triggered by emails to steal files, run commands, and spy on companies across NATO countries.
It hides by abusing Microsoft’s own trusted tools.
Full story → https://thehackernews.com/2025/09/russian-apt28-deploys-notdoor-outlook.html
APT28’s new NotDoor malware lurks in Outlook, triggered by emails to steal files, run commands, and spy on companies across NATO countries.
It hides by abusing Microsoft’s own trusted tools.
Full story → https://thehackernews.com/2025/09/russian-apt28-deploys-notdoor-outlook.html
🔥24😁17🤔7👍3⚡1👏1
🚨 523 malicious SVG files are slipping past antivirus scans.
Hackers are posing as Colombia’s Attorney General, using fake “document downloads” to secretly drop malware.
The kicker? Every sample evaded detection.
Here’s what’s going on ↓ https://thehackernews.com/2025/09/virustotal-finds-44-undetected-svg.html
Hackers are posing as Colombia’s Attorney General, using fake “document downloads” to secretly drop malware.
The kicker? Every sample evaded detection.
Here’s what’s going on ↓ https://thehackernews.com/2025/09/virustotal-finds-44-undetected-svg.html
🤯26🔥3
Pentest reports are broken.
Teams are still stuck with static PDFs while attackers move in real time.
Now, platforms like PlexTrac deliver findings instantly—no waiting, no manual ticketing, no weeks-long delays. Faster fixes, lower risk.
Here’s how it changes the game ↓ https://thehackernews.com/2025/09/automation-is-redefining-pentest.html
Teams are still stuck with static PDFs while attackers move in real time.
Now, platforms like PlexTrac deliver findings instantly—no waiting, no manual ticketing, no weeks-long delays. Faster fixes, lower risk.
Here’s how it changes the game ↓ https://thehackernews.com/2025/09/automation-is-redefining-pentest.html
😁10🔥4