🚨 UK just busted two Scattered Spider hackers—19 & 18—behind the massive TfL cyberattack.

💥 One of them, Thalha Jubair, is also charged in the US for 120+ hacks & $115M in ransoms. He could face 95 years.

Full story → https://thehackernews.com/2025/09/uk-arrest-two-teen-scattered-spider.html

🚨 Two FSB-linked hacking crews—Gamaredon + Turla—are now working together to hit Ukraine’s defense networks.

Gamaredon’s custom tools (PteroGraphin, PteroOdd, PteroPaste) secretly planted Turla’s Kazuar v2/v3 backdoor on Ukrainian systems.

Here’s what to know → https://thehackernews.com/2025/09/russian-hackers-gamaredon-and-turla.html

🚨 AI agents are reshaping business—but also exposing fresh security risks.

🔒 Auth0’s free webinar shows how to spot the hidden threats & lock them down before attackers strike.

Don’t wait. Watch now → https://thehacker.news/ai-agents-security

⚡ Security teams, say goodbye to slow alert triage.

Tines’ new free AI workflow auto-grabs SOPs from Confluence and fixes threats on its own—while keeping your team updated on Slack.

⚠️ Faster response, less burnout, zero missed steps.

Full guide → https://thehackernews.com/2025/09/how-to-automate-alert-triage-with-ai.html

🚨 17,500+ phishing sites. 316 brands. 74 countries.

A Chinese-speaking gang’s PhaaS kits “Lucid” & “Lighthouse” let criminals launch full-scale attacks for as little as $88 a week.

Email phishing jumped 25% in a month.

Details here → https://thehackernews.com/2025/09/17500-phishing-domains-target-316.html

🚨 Fortra GoAnywhere MFT: CVSS 10 (CVE-2025-10035) lets attackers run commands via forged license response.

Thousands exposed; same admin path as the 2023 LockBit-hit bug—weaponization likely.

Details → https://thehackernews.com/2025/09/fortra-releases-critical-patch-for-cvss.html

Patch 7.8.4/7.6.3; restrict Admin Console.

🚨 1,500 hacked servers/day are being rented out via REM Proxy—powered by SystemBC.

~80% are cloud servers (VPS); infections often last 31+ days.

The network markets 20k MikroTik routers and is used to brute-force WordPress creds.

Details here → https://thehackernews.com/2025/09/systembc-powers-rem-proxy-with-1500.html

🇮🇷 Iran’s IRGC hackers just breached 34 devices across 11 telecom giants—using fake LinkedIn job offers.

👥 They posed as HR, ran “interviews,” then secretly dropped a stealth backdoor called MINIBIKE hidden in Azure traffic.

Read → https://thehackernews.com/2025/09/unc1549-hacks-34-devices-in-11-telecom.html

⚠️ Warning — One hidden email could trick ChatGPT’s Deep Research into stealing your Gmail inbox.

Dubbed “ShadowLeak,” this stealth attack hides commands in invisible HTML, making the AI grab and exfiltrate your data—without a single click.

Details → https://thehackernews.com/2025/09/shadowleak-zero-click-flaw-leaks-gmail.html

⚠️ First-ever GPT-4 powered malware uncovered.

Researchers found “MalTerminal,” a prototype that can write its own ransomware or reverse shell—code dated before Nov 2023.

Hackers are also slipping hidden prompts into phishing emails to trick AI scanners and unleash Follina exploits.

Full story → https://thehackernews.com/2025/09/researchers-uncover-gpt-4-powered.html

🚨 North Korea’s Lazarus-linked hackers strike again!

Fake crypto job interviews → bogus “mic fix” → BeaverTail + InvisibleFerret malware hits Windows, Mac & Linux.

😱 One click and your data’s gone.

🔗 Full report → https://thehackernews.com/2025/09/dprk-hackers-use-clickfix-to-deliver.html

⚠️ macOS users beware! Hackers are pushing fake GitHub repos mimicking apps like LastPass, Dropbox & Notion—spreading the Atomic Stealer malware via Google & Bing searches.

Read: https://thehackernews.com/2025/09/lastpass-warns-of-fake-repositories.html

🔗 Double-check every download. Your data could be next.

🔥 Microsoft patched a perfect 10.0 CVE in Entra ID (ex-Azure AD) that let attackers impersonate any user, even Global Admins—across every tenant worldwide.

🔑 MFA? Conditional Access? Logging? All bypassed. Total tenant takeover—SharePoint, Exchange, Azure resources.

Details here → https://thehackernews.com/2025/09/microsoft-patches-critical-entra-id.html

In cybersecurity, Quantum + AI aren’t just buzzwords.

🔒 63% of orgs say quantum will break today’s encryption.

🤖 93% already face daily AI-driven attacks.
The storm’s here. Are you ready?

Full expert guide + webinar ↓ https://thehacker.news/ai-quantum-resilience

⚡ Cybersecurity Weekly Recap!

Hackers move in hours, not weeks—mixing AI-driven attacks, zero-days & supply-chain breaches.

💡 Key Takeaways:
• Old flaws keep resurfacing
• AI gives cybercriminals lightning speed
• Supply chains stay a prime target

👉 Read the latest edition: https://thehackernews.com/2025/09/weekly-recap-chrome-0-day-ai-hacking.html

⚠️ Bots outnumber humans 80:1 in your network.

• AI agents & service accounts vastly outnumber employees
• Many have unlimited access with no oversight
• One stolen token = instant attacker backdoor

👉 Spot them before hackers do: https://thehackernews.com/2025/09/how-to-gain-control-of-ai-agents-and.html

🚨 Just announced: AI in GRC is getting an upgrade with the announcement of Hyperproof's new AI feature release.

Security teams are buried in evidence collection, testing, and reporting. Hyperproof AI takes that manual grind off your plate so you can focus on outcomes that actually reduce risk.

✨ What makes Hyperproof AI different:

• Simplify and scale: Smart recommendations tailored to your business.
• Find answers fast: Natural language search surfaces what you need in seconds.
• Automate the grind: Streamline evidence collection, testing, and reporting
• Trust built-in: Transparency, human oversight, and control at every step.

Hyperproof AI doesn’t just “assist,” it orchestrates AI agents to discover, validate, advise, and act, with humans in the loop.

Hyperproof believes GRC can be a growth driver. That’s why they're excited to introduce Hyperproof AI, an end-to-end AI-powered GRC platform, now in early access.

Learn more: https://thn.news/ai-compliance-boost

🚨 Two major cyberattacks exposed:

• ComicForm is phishing Belarus, Kazakhstan & Russia with fake “PDF” EXEs to drop Formbook & steal creds.

• SectorJ149 is hitting South Korea’s manufacturing sector with Formbook, Lumma Stealer & Remcos RAT.

Full details → https://thehackernews.com/2025/09/comicform-and-sectorj149-hackers-deploy.html

➡️ UPDATE: Iran-linked hackers level up: Nimbus Manticore now mirrors Subtle Snail tactics—using MiniJunk & MiniBrowse malware to hit defense and telecoms in Denmark, Sweden & Portugal.

Full story → https://thehackernews.com/2025/09/unc1549-hacks-34-devices-in-11-telecom.html

🚨 42% of top banks and insurers suffered severe DDoS damage this year—despite bigger budgets.

💸 85% increased spending, yet only 5% trust their defenses.

Spending more ≠ safer.

Here’s the reality check ↓ https://thehackernews.com/expert-insights/2025/09/the-state-of-ddos-defenses-unpacking.html

🚨 Chinese hackers are hijacking legit websites to poison Google results.

Experts uncovered Operation Rewrite: a BadIIS malware campaign targeting East & Southeast Asia—redirecting search traffic to scam sites and even planting web shells for deeper breaches.

Read → https://thehackernews.com/2025/09/badiis-malware-spreads-via-seo.html