🔥 New hardware hack ALERT:
ETH Zürich + Google just broke SK Hynix DDR5 memory wide open.
➡️ “Phoenix” (CVE-2025-6202) gets ROOT in 109s on SK Hynix chips
➡️ ECC & TRR defenses? ❌ Bypassed
➡️ RSA keys + sudo at risk
Full story → https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html
💡 Only fix: crank DRAM refresh rate 3×.
ETH Zürich + Google just broke SK Hynix DDR5 memory wide open.
➡️ “Phoenix” (CVE-2025-6202) gets ROOT in 109s on SK Hynix chips
➡️ ECC & TRR defenses? ❌ Bypassed
➡️ RSA keys + sudo at risk
Full story → https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html
💡 Only fix: crank DRAM refresh rate 3×.
🤯16🔥5😁2🤔2
Apple backports a critical fix for CVE-2025-43300—already used in a sophisticated spyware attack.
🕵️♂️ Hackers chained it with a WhatsApp flaw to target fewer than 200 people.
📱 Older iPhones & Macs are now patched—don’t skip this update.
Details → https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html
🕵️♂️ Hackers chained it with a WhatsApp flaw to target fewer than 200 people.
📱 Older iPhones & Macs are now patched—don’t skip this update.
Details → https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html
🔥9👏3🤯1
Fake Facebook “Security” pages use FileFix to drop StealC.
⚠️ Click a fake “Appeal” button → it secretly copies a PowerShell command.
💥 Paste the “path” in File Explorer & BOOM—StealC malware installs, hidden in images on Bitbucket.
One careless paste = instant breach.
Details → https://thehackernews.com/2025/09/new-filefix-variant-delivers-stealc.html
⚠️ Click a fake “Appeal” button → it secretly copies a PowerShell command.
💥 Paste the “path” in File Explorer & BOOM—StealC malware installs, hidden in images on Bitbucket.
One careless paste = instant breach.
Details → https://thehackernews.com/2025/09/new-filefix-variant-delivers-stealc.html
😁10😱4👏3👍1
🚨 38 MILLION downloads. 224 Android apps. A single ad-fraud scheme.
SlopAds secretly hijacked clicks with hidden WebViews—pumping out 2.3 BILLION ad bids a day before Google finally pulled the plug.
Think you can spot a scam? These apps looked totally normal.
Full story → https://thehackernews.com/2025/09/slopads-fraud-ring-exploits-224-android.html
SlopAds secretly hijacked clicks with hidden WebViews—pumping out 2.3 BILLION ad bids a day before Google finally pulled the plug.
Think you can spot a scam? These apps looked totally normal.
Full story → https://thehackernews.com/2025/09/slopads-fraud-ring-exploits-224-android.html
😁7⚡2👍2
🚨 80% of companies have already suffered AI agent mishaps—unauthorized access, data leaks, and invisible risks.
The blind spot? Non-human identities outnumber employees 100:1.
Astrix just launched the first AI Agent Control Plane to lock it all down.
Here’s how it works ↓ https://thehackernews.com/2025/09/securing-agentic-era-introducing.html
The blind spot? Non-human identities outnumber employees 100:1.
Astrix just launched the first AI Agent Control Plane to lock it all down.
Here’s how it works ↓ https://thehackernews.com/2025/09/securing-agentic-era-introducing.html
😁13
⚠️ Chaos Mesh bugs enable Kubernetes cluster takeover.
Four CVEs (three 9.8) + an unauthenticated GraphQL debug server let attackers inject commands & kill processes cluster-wide—even with default settings.
Details → https://thehackernews.com/2025/09/chaos-mesh-critical-graphql-flaws.html
Update to Chaos Mesh v2.7.3 now.
Four CVEs (three 9.8) + an unauthenticated GraphQL debug server let attackers inject commands & kill processes cluster-wide—even with default settings.
Details → https://thehackernews.com/2025/09/chaos-mesh-critical-graphql-flaws.html
Update to Chaos Mesh v2.7.3 now.
👏11🔥2
Microsoft and Cloudflare just nuked a global phishing empire.
🔒 338 fake domains tied to “RaccoonO365” — a $355/month phishing-as-a-service — used to steal 5,000+ Microsoft 365 passwords across 94 countries were seized in a coordinated takedown.
Full story → https://thehackernews.com/2025/09/raccoono365-phishing-network-shut-down.html
🔒 338 fake domains tied to “RaccoonO365” — a $355/month phishing-as-a-service — used to steal 5,000+ Microsoft 365 passwords across 94 countries were seized in a coordinated takedown.
Full story → https://thehackernews.com/2025/09/raccoono365-phishing-network-shut-down.html
😁14👏9👍5🤯4
⚠️ VPNs are failing modern security.
They give hackers room to move, lack real-time visibility & break the least-privilege rule.
🔑 Zero-trust is the only way forward—see how KeeperPAM shuts every backdoor.
Full story → https://thehackernews.com/expert-insights/2025/09/the-limitations-of-vpn-based-access-for.html
They give hackers room to move, lack real-time visibility & break the least-privilege rule.
🔑 Zero-trust is the only way forward—see how KeeperPAM shuts every backdoor.
Full story → https://thehackernews.com/expert-insights/2025/09/the-limitations-of-vpn-based-access-for.html
👏11⚡4😁2🔥1
🚨 DoJ slams BreachForums’ creator with 3 YEARS in prison
Conor “Pompompurin” Fitzpatrick, 22, finally gets hard time after an appeals court tossed his shockingly light 17-day sentence.
He ran a hacker marketplace with 14 BILLION stolen records—and was caught with child abuse material.
Full story → https://thehackernews.com/2025/09/doj-resentences-breachforums-founder-to.html
Conor “Pompompurin” Fitzpatrick, 22, finally gets hard time after an appeals court tossed his shockingly light 17-day sentence.
He ran a hacker marketplace with 14 BILLION stolen records—and was caught with child abuse material.
Full story → https://thehackernews.com/2025/09/doj-resentences-breachforums-founder-to.html
🤯10🔥4😱1
🚨 Scattered Spider isn’t gone—and now hitting U.S. banks.
Hackers tricked an exec, hijacked Azure accounts, raided VMware servers & tried to steal cloud data.
Their “retirement” was a smokescreen.
Full story → https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html
Hackers tricked an exec, hijacked Azure accounts, raided VMware servers & tried to steal cloud data.
Their “retirement” was a smokescreen.
Full story → https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html
👏9🔥5
Meet Georgetown's cybersecurity faculty on October 2 to learn more about the Cybersecurity Risk Management master's program.
Advance your cybersecurity career with Georgetown.
👉 View event: https://thn.news/scs-cybersec-2025
Advance your cybersecurity career with Georgetown.
👉 View event: https://thn.news/scs-cybersec-2025
👏5
⚠️ Most “AI security” tools can’t see what your team pastes into ChatGPT or uploads to personal AI apps.
Bans? They just drive shadow AI deeper.
🔑 Real fix: last-mile, in-browser controls—redact, warn, allow—no clunky agents or network reroutes.
Full guide → https://thehackernews.com/2025/09/rethinking-ai-data-security-buyers-guide.html
Bans? They just drive shadow AI deeper.
🔑 Real fix: last-mile, in-browser controls—redact, warn, allow—no clunky agents or network reroutes.
Full guide → https://thehackernews.com/2025/09/rethinking-ai-data-security-buyers-guide.html
🔥8👍1
🚨 China-backed hackers just impersonated top U.S. officials to steal intel.
They posed as the House China Committee chair & the U.S.-China Business Council, luring trade experts—then slipped in a Visual Studio Code backdoor.
Here’s the full report→ https://thehackernews.com/2025/09/chinese-ta415-uses-vs-code-remote.html
They posed as the House China Committee chair & the U.S.-China Business Council, luring trade experts—then slipped in a Visual Studio Code backdoor.
Here’s the full report→ https://thehackernews.com/2025/09/chinese-ta415-uses-vs-code-remote.html
😁7😱3🤯1
⚠️ Quantum hackers could shatter today’s encryption overnight.
🤖 AI attacks already trick 60%—breaches cost $10M+.
The cyber storm is here. Join our next expert WEBINAR to learn how to lock down your data before Q-day.
👉 Save your seat now ↓ https://thehackernews.com/2025/09/from-quantum-hacks-to-ai-defenses.html
🤖 AI attacks already trick 60%—breaches cost $10M+.
The cyber storm is here. Join our next expert WEBINAR to learn how to lock down your data before Q-day.
👉 Save your seat now ↓ https://thehackernews.com/2025/09/from-quantum-hacks-to-ai-defenses.html
😁7👍3⚡2
🛡️ No more guessing on container security. Securing the Stack breaks down what really works—from busting myths and risks, to building trusted images, to securing your full CI/CD pipeline.
Get the expert blueprint your team needs to lock down vulnerabilities and ship software with confidence.
➡️ Join the 20-min webinar to learn why simply containerizing your applications does not make them safe: https://thn.news/stack-security-webinar
Get the expert blueprint your team needs to lock down vulnerabilities and ship software with confidence.
➡️ Join the 20-min webinar to learn why simply containerizing your applications does not make them safe: https://thn.news/stack-security-webinar
🔥11
🚨 AI-powered hotel hack on the rise:
Cyber gang TA558 (RevengeHotels) is using LLM-generated phishing emails in Portuguese & Spanish to drop Venom RAT—a $650 malware that steals guest credit-card data, kills Microsoft Defender & spreads via USB 🏨💳
Full report → https://thehackernews.com/2025/09/ta558-uses-ai-generated-scripts-to.html
Cyber gang TA558 (RevengeHotels) is using LLM-generated phishing emails in Portuguese & Spanish to drop Venom RAT—a $650 malware that steals guest credit-card data, kills Microsoft Defender & spreads via USB 🏨💳
Full report → https://thehackernews.com/2025/09/ta558-uses-ai-generated-scripts-to.html
⚡11
🚨 UPDATE: New intel on Russia’s APT28 attack...
Sekoia says Operation Phantom Net Voxel used Signal to send booby-trapped Word docs, dropping COVENANT & BEARDSHELL malware.
Full update → https://thehackernews.com/2025/06/apt28-uses-signal-chat-to-deploy.html
Sekoia says Operation Phantom Net Voxel used Signal to send booby-trapped Word docs, dropping COVENANT & BEARDSHELL malware.
Full update → https://thehackernews.com/2025/06/apt28-uses-signal-chat-to-deploy.html
😁8🔥5
🚨 Chrome users: a new zero-day is under active attack.
CVE-2025-10585 targets Chrome’s V8 engine—Chrome’s 6th zero-day of 2025.
Details → https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
⚡ Update now: 140.0.7339.185/.186 (Win/macOS), 140.0.7339.185 (Linux).
If you use Edge/Brave/Opera/Vivaldi, patch too.
CVE-2025-10585 targets Chrome’s V8 engine—Chrome’s 6th zero-day of 2025.
Details → https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
⚡ Update now: 140.0.7339.185/.186 (Win/macOS), 140.0.7339.185 (Linux).
If you use Edge/Brave/Opera/Vivaldi, patch too.
😁19🔥4👍2😱2⚡1
🕵️♀️ Two fake Python packages just dropped a powerful RAT on Windows.
“sisaws” & “secmeasure” secretly install SilentSync — capable of stealing browser passwords, files, and screenshots.
Full story → https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html
“sisaws” & “secmeasure” secretly install SilentSync — capable of stealing browser passwords, files, and screenshots.
Full story → https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html
😱11👍1
🔥 AI is now the biggest career risk for CISOs—bigger than any breach.
⚡Move too fast → data leaks & shadow AI spread.
🐢Move too slow → rivals race ahead.
How to stay secure and competitive ↓ https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html
⚡Move too fast → data leaks & shadow AI spread.
🐢Move too slow → rivals race ahead.
How to stay secure and competitive ↓ https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html
⚡5👍4
🚨Lazarus escalated activities in 2025 with companies already suffering billions in losses.
This APT’s attacks are evolving and getting harder to detect.
Read actionable report on its current campaigns to be ready for the next attack ⬇️ https://thn.news/lazarus-attacks-2025
This APT’s attacks are evolving and getting harder to detect.
Read actionable report on its current campaigns to be ready for the next attack ⬇️ https://thn.news/lazarus-attacks-2025
👍8