🚨 Chinese hackers are hijacking legit websites to poison Google results.

Experts uncovered Operation Rewrite: a BadIIS malware campaign targeting East & Southeast Asia—redirecting search traffic to scam sites and even planting web shells for deeper breaches.

Read → https://thehackernews.com/2025/09/badiis-malware-spreads-via-seo.html

🚨 GitHub is tightening npm security after a worm called Shai-Hulud spread through hundreds of packages and tried to steal secrets.

— Old tokens will be removed
— 2FA will be required
— New “trusted publishing” proves where each package came from

Full story → https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html

🚨 New DDoS-for-hire threat: ShadowV2

Hackers are renting out a botnet that hijacks misconfigured AWS Docker servers—using a Go-based RAT and Python C2 on GitHub Codespaces—to launch massive HTTP/2 “Rapid Reset” attacks and even bypass Cloudflare protections.

Read → https://thehackernews.com/2025/09/shadowv2-botnet-exploits-misconfigured.html

Wells Fargo cut 23% of staff, BofA dropped 88k, Verizon says headcount keeps falling—while 86% of breaches use stolen creds and take 292 days to contain.

Lean teams = $11M+ per secret leak.

Here’s what CISOs need to know ↓ https://thehackernews.com/2025/09/lean-teams-higher-stakes-why-cisos-must.html

🚨 Critical flaw in SolarWinds Web Help Desk (CVE-2025-26399, CVSS 9.8) lets attackers run code without logging in.

This is the third patch attempt—after two previous “fixes” were bypassed.

Admins: update to 12.8.7 HF1 now.

Full story → https://thehackernews.com/2025/09/solarwinds-releases-hotfix-for-critical.html

⚠️ AI agents are taking over core business tasks—opening dangerous new attack paths.

Data leaks. Adversarial hacks. Trust at risk.

Your defenses aren’t ready.

Join the live webinar to learn how to protect your AI systems → https://thehacker.news/ai-agents-security

🚨 U.S. Secret Service dismantles a covert SIM network threatening officials.

More than 300 SIM servers and 100,000 SIM cards found across the NY tri-state area—near the UN General Assembly—posing an imminent national security threat.

Nation-state actors suspected.

Details → https://thehackernews.com/2025/09/us-secret-service-seizes-300-sim.html

🚨 Europe just took down a massive €100M crypto scam.

Since 2018, 5 suspects tricked investors across 23 countries—then vanished with the cash.

Cops froze accounts and seized assets.

Full story → https://thehackernews.com/2025/09/eurojust-arrests-5-in-100m.html

🚨 Two new flaws let attackers slip past Supermicro’s BMC Root of Trust!

Hackers can sneak in a fake signed firmware image (CVE-2025-7937 & CVE-2025-6198) and take over the BMC—then the whole server—permanently.

Full story → https://thehackernews.com/2025/09/two-new-supermicro-bmc-bugs-allow.html

⚠️ State-backed hackers just broke into Libraesva’s email security gateway.

A flaw (CVE-2025-59689) lets a single malicious email run commands on your server—and it’s already been exploited.

Update now before you’re next → https://thehackernews.com/2025/09/state-sponsored-hackers-exploiting.html

🚨 Researchers spotted real-world attacks exploiting a Linux flaw (CVE-2025-51591) in Pandoc to target AWS EC2 IMDS and steal IAM creds.

If you’re still on IMDSv1, you’re a sitting duck. Enforce IMDSv2 & sandbox Pandoc.

Details → https://thehackernews.com/2025/09/hackers-exploit-pandoc-cve-2025-51591.html

Cybersecurity is shifting—from chasing attacks to predicting them.

🔍 Threat-Informed Defense (MITRE-backed) helps teams find security gaps before hackers strike.

How to make your defenses bulletproof ↓ https://thehackernews.com/expert-insights/2025/09/turning-intelligence-into-action-with.html

🚨 49 merchants hit by a stealthy Stripe skimmer.

Hackers used pixel-perfect fake checkout iframes to steal credit card data—bypassing decades-old “secure by design” policies.

Old defenses like CSP & X-Frame-Options? Useless.

Active monitoring is now the only shield.

Learn more → https://thehackernews.com/2025/09/iframe-security-exposed-blind-spot.html

🚨 New cyber threat spotted: YiBackdoor

• Shares core code with IcedID & Latrodectus—same notorious developers.
• Executes commands, steals screenshots, loads stealthy plugins.
• Likely a test run for future ransomware attacks.

Details → https://thehackernews.com/2025/09/new-yibackdoor-malware-shares-major.html

💀 158 years in business—gone in days.

Hackers guessed ONE weak password, unleashed ransomware, wiped backups & bankrupted KNP Logistics.

700 jobs lost in days. Your password is all it takes.

Full story → https://thehackernews.com/2025/09/how-one-bad-password-ended-158-year-old.html

🚨 Researchers found critical authentication bypass flaws in Wondershare RepairIt (CVE-2025-10643/10644).

Hardcoded cloud tokens + no encryption exposed user data and let attackers swap AI models—turning updates into a supply chain backdoor.

Details → https://thehackernews.com/2025/09/two-critical-flaws-uncovered-in.html

🛑 China-backed hackers have silently breached top U.S. legal, SaaS & tech firms—hiding for 393 days with a custom backdoor called BRICKSTORM.

They’re stealing emails, cloning servers & staying invisible to security tools.

Read → https://thehackernews.com/2025/09/unc5221-uses-brickstorm-backdoor-to.html

⚠️ Chinese state hackers just breached defense contractors in the U.S.—plus gov agencies from Asia to Europe.

The RedNovember group hijacked VPNs & firewalls from Cisco, Palo Alto, Ivanti and more—using open-source backdoors to stay hidden.

Full story → https://thehackernews.com/2025/09/chinese-hackers-rednovember-target.html

🚨 Cisco flaw already under attack: CVE-2025-20352 lets remote hackers crash systems or run code as root via SNMP.

Cisco IOS & IOS XE devices with SNMP enabled are at risk—Meraki MS390 & Catalyst 9300 included. Patch to IOS XE 17.15.4a now.

Details → https://thehackernews.com/2025/09/cisco-warns-of-actively-exploited-snmp.html

🚨 Two fake Rust crates stole Solana & Ethereum wallet keys

faster_log & async_println racked up 8,424 downloads before crates[.]io killed them.

They cloned real code & sent private keys to a fake Solana endpoint.

Details → https://thehackernews.com/2025/09/malicious-rust-crates-steal-solana-and.html

🚨 DDoS attacks are exploding: up 41% YoY with a record-shattering 2.2 Tbps strike in early 2025.

Tech firms are now the #1 target, finance is climbing fast, and app/API attacks hit 38% of all incidents.

Read full report here → https://thehackernews.com/2025/09/tech-overtakes-gaming-as-top-ddos.html