🛡️ Cyberattacks are hitting endpoints harder than ever.
Gartner’s 2025 report just confirmed: SentinelOne remains a Leader in endpoint protection — for the 5th year straight.
What that says about AI-driven defense ↓ https://thehackernews.com/2025/07/ai-driven-trends-in-endpoint-security.html
Gartner’s 2025 report just confirmed: SentinelOne remains a Leader in endpoint protection — for the 5th year straight.
What that says about AI-driven defense ↓ https://thehackernews.com/2025/07/ai-driven-trends-in-endpoint-security.html
🤔8👍2
🚨 CISA just flagged 2 new TP-Link router flaws as actively exploited—one allows remote code execution, the other leaks passwords.
Many of the affected models are end-of-life. No more patches coming.
Here’s what you need to know ↓ https://thehackernews.com/2025/09/cisa-flags-tp-link-router-flaws-cve.html
Many of the affected models are end-of-life. No more patches coming.
Here’s what you need to know ↓ https://thehackernews.com/2025/09/cisa-flags-tp-link-router-flaws-cve.html
😱10👍1
🇫🇷 France just fined Google €325M and Shein €150M for breaking cookie consent laws.
Both pushed ads on users without clear permission. Google now has 6 months to comply—or pay €100k per day.
Full story → https://thehackernews.com/2025/09/google-fined-379-million-by-french.html
Both pushed ads on users without clear permission. Google now has 6 months to comply—or pay €100k per day.
Full story → https://thehackernews.com/2025/09/google-fined-379-million-by-french.html
👏19👍6🔥6⚡1🤯1
Cybercriminals are exploiting a loophole with X’s AI assistant Grok.
They trick it into sharing malicious links in promoted posts—links that normally should be blocked—reaching millions of users.
Researchers call it “Grokking.”
Here’s how it works ↓ https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html
They trick it into sharing malicious links in promoted posts—links that normally should be blocked—reaching millions of users.
Researchers call it “Grokking.”
Here’s how it works ↓ https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html
😁29🤯3🤔2😱2🔥1👏1
Most cyberattacks don’t slip past defenses—
they walk right through weak defaults.
Block entire categories of risk with simple day-one moves:
🔒 MFA on everything
🚫 Deny-by-default apps
📂 Kill Office macros
Attackers only need one shot. Defaults decide if they get it.
Here’s how → https://thehackernews.com/2025/08/simple-steps-for-attack-surface.html
they walk right through weak defaults.
Block entire categories of risk with simple day-one moves:
🔒 MFA on everything
🚫 Deny-by-default apps
📂 Kill Office macros
Attackers only need one shot. Defaults decide if they get it.
Here’s how → https://thehackernews.com/2025/08/simple-steps-for-attack-surface.html
👍10👏5
🚨 New threat: GhostRedirector hacked 65+ Windows servers worldwide.
It installs backdoors & an IIS malware that tricks Google into boosting shady gambling sites—damaging the reputation of legit businesses.
Details here → https://thehackernews.com/2025/09/ghostredirector-hacks-65-windows.html
It installs backdoors & an IIS malware that tricks Google into boosting shady gambling sites—damaging the reputation of legit businesses.
Details here → https://thehackernews.com/2025/09/ghostredirector-hacks-65-windows.html
🔥10😁8👏2⚡1
Russian hackers turned Microsoft Outlook into a cyber weapon.
APT28’s new NotDoor malware lurks in Outlook, triggered by emails to steal files, run commands, and spy on companies across NATO countries.
It hides by abusing Microsoft’s own trusted tools.
Full story → https://thehackernews.com/2025/09/russian-apt28-deploys-notdoor-outlook.html
APT28’s new NotDoor malware lurks in Outlook, triggered by emails to steal files, run commands, and spy on companies across NATO countries.
It hides by abusing Microsoft’s own trusted tools.
Full story → https://thehackernews.com/2025/09/russian-apt28-deploys-notdoor-outlook.html
🔥24😁17🤔7👍3⚡1👏1
🚨 523 malicious SVG files are slipping past antivirus scans.
Hackers are posing as Colombia’s Attorney General, using fake “document downloads” to secretly drop malware.
The kicker? Every sample evaded detection.
Here’s what’s going on ↓ https://thehackernews.com/2025/09/virustotal-finds-44-undetected-svg.html
Hackers are posing as Colombia’s Attorney General, using fake “document downloads” to secretly drop malware.
The kicker? Every sample evaded detection.
Here’s what’s going on ↓ https://thehackernews.com/2025/09/virustotal-finds-44-undetected-svg.html
🤯26🔥3
Pentest reports are broken.
Teams are still stuck with static PDFs while attackers move in real time.
Now, platforms like PlexTrac deliver findings instantly—no waiting, no manual ticketing, no weeks-long delays. Faster fixes, lower risk.
Here’s how it changes the game ↓ https://thehackernews.com/2025/09/automation-is-redefining-pentest.html
Teams are still stuck with static PDFs while attackers move in real time.
Now, platforms like PlexTrac deliver findings instantly—no waiting, no manual ticketing, no weeks-long delays. Faster fixes, lower risk.
Here’s how it changes the game ↓ https://thehackernews.com/2025/09/automation-is-redefining-pentest.html
😁10🔥4
🚨 The Salesloft Drift breach has ignited a flurry of incident disclosures from SaaS providers, making it hard for security teams to keep up.
Nudge Security has put together a tracker for notifications related to this breach which will be updated as more providers issue communications.
Stay up to date here: https://thn.news/breach-tracker
Nudge Security has put together a tracker for notifications related to this breach which will be updated as more providers issue communications.
Stay up to date here: https://thn.news/breach-tracker
🤯8
🚨 Cyber gang TAG-150 just built CastleRAT in Python & C — a new trojan that steals passwords, hijacks crypto wallets, logs keystrokes & takes over PCs.
It’s the latest weapon in their CastleLoader malware ops.
Full story → https://thehackernews.com/2025/09/tag-150-develops-castlerat-in-python.html
It’s the latest weapon in their CastleLoader malware ops.
Full story → https://thehackernews.com/2025/09/tag-150-develops-castlerat-in-python.html
⚡16🔥4🤯1
🚨 Critical: A 9.0 severity bug in Sitecore is being actively exploited.
Hackers are using machine keys copied straight from old docs to hijack servers with full remote code execution.
Here’s what defenders need to know → https://thehackernews.com/2025/09/cisa-orders-immediate-patch-of-critical.html
Hackers are using machine keys copied straight from old docs to hijack servers with full remote code execution.
Here’s what defenders need to know → https://thehackernews.com/2025/09/cisa-orders-immediate-patch-of-critical.html
🔥10👍1🤔1😱1
🚨 Russia-linked hackers just hit Kazakhstan’s energy giant KazMunaiGas.
The op—codenamed BarrelFire—used fake IT emails and booby-trapped ZIP files to drop malware, hijack systems, and open a backdoor.
The worst part? It came from a real employee’s stolen account.
Read more ↓ https://thehackernews.com/2025/09/noisy-bear-targets-kazakhstan-energy.html
The op—codenamed BarrelFire—used fake IT emails and booby-trapped ZIP files to drop malware, hijack systems, and open a backdoor.
The worst part? It came from a real employee’s stolen account.
Read more ↓ https://thehackernews.com/2025/09/noisy-bear-targets-kazakhstan-energy.html
😁23🔥7👍3🤯2🤔1
⚡ Miss this week’s cyber news? You skipped:
– Drift breach chaos
– Active zero-days
– Dark web buzz
– Critical CVEs
Don’t fall behind — catch the full recap 👇 https://thehackernews.com/2025/09/weekly-recap-drift-breach-chaos-zero.html
– Drift breach chaos
– Active zero-days
– Dark web buzz
– Critical CVEs
Don’t fall behind — catch the full recap 👇 https://thehackernews.com/2025/09/weekly-recap-drift-breach-chaos-zero.html
⚡13👍1🤔1
⚠️ Hackers aren’t sending phishing emails anymore. They’re joining your team.
Fake hires pass interviews with AI resumes + deepfakes, get onboarded, and walk away with your keys. Identity is the new perimeter.
Here’s what companies must change ↓ https://thehackernews.com/2025/09/you-didnt-get-phished-you-onboarded.html
Fake hires pass interviews with AI resumes + deepfakes, get onboarded, and walk away with your keys. Identity is the new perimeter.
Here’s what companies must change ↓ https://thehackernews.com/2025/09/you-didnt-get-phished-you-onboarded.html
🤯19🔥11😁4👏2👍1
🚨 Attackers didn’t hack your server—they stole a login. $1M ransom later, it was too late.
Modern identity tools can block risky logins in real time, using signals your security stack already collects. Don’t wait until after the breach.
See how → https://thehackernews.com/expert-insights/2025/09/how-to-build-identity-firewall-with.html
Modern identity tools can block risky logins in real time, using signals your security stack already collects. Don’t wait until after the breach.
See how → https://thehackernews.com/expert-insights/2025/09/how-to-build-identity-firewall-with.html
👍10🔥3
🚨 Salesloft confirms GitHub breach from Mar–Jun 2025 triggered Drift supply chain attack affecting 22 companies.
Hackers stole OAuth tokens, risking customer integrations. Drift remains offline as Salesloft secures systems.
Full story → https://thehackernews.com/2025/09/github-account-compromise-led-to.html
Hackers stole OAuth tokens, risking customer integrations. Drift remains offline as Salesloft secures systems.
Full story → https://thehackernews.com/2025/09/github-account-compromise-led-to.html
😁11🤔3👍2
🚨 Hackers are hijacking Google search ads to trick devs into downloading malware disguised as GitHub tools.
The payload? A 128MB file that hides from sandboxes unless your GPU passes its “check.” Info theft & remote access are the endgame.
Details ↓ https://thehackernews.com/2025/09/gpugate-malware-uses-google-ads-and.html
The payload? A 128MB file that hides from sandboxes unless your GPU passes its “check.” Info theft & remote access are the endgame.
Details ↓ https://thehackernews.com/2025/09/gpugate-malware-uses-google-ads-and.html
😱12👏5👍4🔥2😁1🤯1
🚨 Threat hunters just uncovered 45 domains tied to China-backed hackers Salt Typhoon & UNC4841—some active since May 2020.
These groups hit U.S. telecoms & exploited zero-days in Barracuda appliances. Your org could already be exposed.
Details here ↓ https://thehackernews.com/2025/09/45-previously-unreported-domains-expose.html
These groups hit U.S. telecoms & exploited zero-days in Barracuda appliances. Your org could already be exposed.
Details here ↓ https://thehackernews.com/2025/09/45-previously-unreported-domains-expose.html
👏11👍2🔥1🤔1
⚡ Firewalls aren’t enough anymore—AI attacks are evolving faster than traditional defenses.
Zscaler's Zero Trust + AI keeps your data safe, blocks ransomware, and lets you use AI securely without risk.
Here’s what the CEO Jay Chaudhry says about staying ahead ↓ https://thehackernews.com/videos/2025/09/zero-trust-ai-protecting-what-firewalls.html
Zscaler's Zero Trust + AI keeps your data safe, blocks ransomware, and lets you use AI securely without risk.
Here’s what the CEO Jay Chaudhry says about staying ahead ↓ https://thehackernews.com/videos/2025/09/zero-trust-ai-protecting-what-firewalls.html
🤔7👍6😁4
🚨 20 npm packages with 2 BILLION+ weekly downloads (incl. chalk & debug) were hacked.
A maintainer was phished into giving up 2FA — attackers slipped in malware that hijacks wallets & steals crypto.
Here’s what went down ↓ https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html
A maintainer was phished into giving up 2FA — attackers slipped in malware that hijacks wallets & steals crypto.
Here’s what went down ↓ https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html
🤯10🔥7😁5