🛑 China-backed hackers have silently breached top U.S. legal, SaaS & tech firms—hiding for 393 days with a custom backdoor called BRICKSTORM.
They’re stealing emails, cloning servers & staying invisible to security tools.
Read → https://thehackernews.com/2025/09/unc5221-uses-brickstorm-backdoor-to.html
They’re stealing emails, cloning servers & staying invisible to security tools.
Read → https://thehackernews.com/2025/09/unc5221-uses-brickstorm-backdoor-to.html
🔥15👏7🤔6😁4
⚠️ Chinese state hackers just breached defense contractors in the U.S.—plus gov agencies from Asia to Europe.
The RedNovember group hijacked VPNs & firewalls from Cisco, Palo Alto, Ivanti and more—using open-source backdoors to stay hidden.
Full story → https://thehackernews.com/2025/09/chinese-hackers-rednovember-target.html
The RedNovember group hijacked VPNs & firewalls from Cisco, Palo Alto, Ivanti and more—using open-source backdoors to stay hidden.
Full story → https://thehackernews.com/2025/09/chinese-hackers-rednovember-target.html
😁8🔥6🤯6👏5👍1
🚨 Cisco flaw already under attack: CVE-2025-20352 lets remote hackers crash systems or run code as root via SNMP.
Cisco IOS & IOS XE devices with SNMP enabled are at risk—Meraki MS390 & Catalyst 9300 included. Patch to IOS XE 17.15.4a now.
Details → https://thehackernews.com/2025/09/cisco-warns-of-actively-exploited-snmp.html
Cisco IOS & IOS XE devices with SNMP enabled are at risk—Meraki MS390 & Catalyst 9300 included. Patch to IOS XE 17.15.4a now.
Details → https://thehackernews.com/2025/09/cisco-warns-of-actively-exploited-snmp.html
👍7👏2😁2
🚨 Two fake Rust crates stole Solana & Ethereum wallet keys
faster_log & async_println racked up 8,424 downloads before crates[.]io killed them.
They cloned real code & sent private keys to a fake Solana endpoint.
Details → https://thehackernews.com/2025/09/malicious-rust-crates-steal-solana-and.html
faster_log & async_println racked up 8,424 downloads before crates[.]io killed them.
They cloned real code & sent private keys to a fake Solana endpoint.
Details → https://thehackernews.com/2025/09/malicious-rust-crates-steal-solana-and.html
😁10🔥2
🚨 DDoS attacks are exploding: up 41% YoY with a record-shattering 2.2 Tbps strike in early 2025.
Tech firms are now the #1 target, finance is climbing fast, and app/API attacks hit 38% of all incidents.
Read full report here → https://thehackernews.com/2025/09/tech-overtakes-gaming-as-top-ddos.html
Tech firms are now the #1 target, finance is climbing fast, and app/API attacks hit 38% of all incidents.
Read full report here → https://thehackernews.com/2025/09/tech-overtakes-gaming-as-top-ddos.html
👏10
🛡 [New] Threatsday Bulletin is live!
⚡ SonicWall rootkit patch
⚡ GeoServer federal breach
⚡ Scattered Spider confession
⚡ Shai-Hulud npm worm
⚡ …and more critical updates
Stay ahead of this week’s biggest cyber threats → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html
⚡ SonicWall rootkit patch
⚡ GeoServer federal breach
⚡ Scattered Spider confession
⚡ Shai-Hulud npm worm
⚡ …and more critical updates
Stay ahead of this week’s biggest cyber threats → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html
🔥8
🚨 61% of new software flaws get stamped “critical” every year—yet only about 10% are truly dangerous.
Security teams are drowning in fake urgency while real threats slip through.
Gartner’s new Continuous Threat Exposure Management flips the script: prove which risks actually matter.
Read → https://thehackernews.com/2025/09/ctems-core-prioritization-and-validation.html
Security teams are drowning in fake urgency while real threats slip through.
Gartner’s new Continuous Threat Exposure Management flips the script: prove which risks actually matter.
Read → https://thehackernews.com/2025/09/ctems-core-prioritization-and-validation.html
👍8
⚠️ North Korea’s hackers just unleashed a new backdoor—AkdoorTea.
Fake job interviews trick devs into running “camera fix” scripts that hijack Windows, macOS & Linux to steal crypto and drop miners.
Here’s what you need to know ↓ https://thehackernews.com/2025/09/north-korean-hackers-use-new-akdoortea.html
Fake job interviews trick devs into running “camera fix” scripts that hijack Windows, macOS & Linux to steal crypto and drop miners.
Here’s what you need to know ↓ https://thehackernews.com/2025/09/north-korean-hackers-use-new-akdoortea.html
👍8🤯1
🔒 Learn to Secure Containers — Free Certification!
Master practical container security: choosing base images, scanning for vulnerabilities, and securing production.
🎓 Free, self-paced, certification included.
Start Free Course ↓ https://thn.news/docker-security-guide
Master practical container security: choosing base images, scanning for vulnerabilities, and securing production.
🎓 Free, self-paced, certification included.
Start Free Course ↓ https://thn.news/docker-security-guide
🤔10
🚨 Researchers found a 9.4-severity flaw called “ForcedLeak” that let hackers steal CRM data from Agentforce—by buying a $5 expired domain and slipping in a hidden prompt.
Salesforce patched it, but check your leads now.
Full story → https://thehackernews.com/2025/09/salesforce-patches-critical-forcedleak.html
Salesforce patched it, but check your leads now.
Full story → https://thehackernews.com/2025/09/salesforce-patches-critical-forcedleak.html
🔥5😁3
🚨 1 TRILLION DNS queries.
Cybercriminal network Vane Viper exposed as an adtech-powered malware empire—60,000+ shady domains, push-notif abuse, and deep ties to PropellerAds & AdTech Holding.
It’s not an ad network—it’s a threat network.
Read → https://thehackernews.com/2025/09/vane-viper-generates-1-trillion-dns.html
Cybercriminal network Vane Viper exposed as an adtech-powered malware empire—60,000+ shady domains, push-notif abuse, and deep ties to PropellerAds & AdTech Holding.
It’s not an ad network—it’s a threat network.
Read → https://thehackernews.com/2025/09/vane-viper-generates-1-trillion-dns.html
🔥7
🚨 WARNING: Cisco VPN gear under active attack!
Two zero-days (CVE-2025-20333, CVSS 9.9 & CVE-2025-20362) let hackers gain root access and bypass auth.
CISA issued an emergency directive—federal agencies have 24 hrs to patch.
Details → https://thehackernews.com/2025/09/urgent-cisco-asa-zero-day-duo-under.html
Two zero-days (CVE-2025-20333, CVSS 9.9 & CVE-2025-20362) let hackers gain root access and bypass auth.
CISA issued an emergency directive—federal agencies have 24 hrs to patch.
Details → https://thehackernews.com/2025/09/urgent-cisco-asa-zero-day-duo-under.html
🔥9🤔5🤯1
🚨 OnePlus Alert: A CVE-2025-10184 flaw (CVSS 8.2) in OxygenOS lets any malicious app read your SMS—including MFA codes—without permission or warning.
Unpatched since OxygenOS 12 (2021). OnePlus says it’s investigating.
Protect your accounts now → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#texts-laid-bare
Unpatched since OxygenOS 12 (2021). OnePlus says it’s investigating.
Protect your accounts now → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#texts-laid-bare
🤯20😱8🔥5😁5🤔1
🚨🚨 New variant of XCSSET macOS malware spotted.
It can hijack crypto transactions by swapping wallet addresses, targets Firefox, and hides in shared Xcode projects with stronger persistence tricks.
Full details → https://thehackernews.com/2025/09/new-macos-xcsset-variant-targets.html
It can hijack crypto transactions by swapping wallet addresses, targets Firefox, and hides in shared Xcode projects with stronger persistence tricks.
Full details → https://thehackernews.com/2025/09/new-macos-xcsset-variant-targets.html
👏13🔥3
🚨 Important: Hackers quietly exploited Fortra GoAnywhere MFT a full week before anyone knew.
CVE-2025-10035 (CVSS 10.0) gave them pre-auth RCE to slip in an “admin-go” backdoor and drop payloads.
Patch now: 7.8.4 / 7.6.3.
Full story → https://thehackernews.com/2025/09/fortra-goanywhere-cvss-10-flaw.html
CVE-2025-10035 (CVSS 10.0) gave them pre-auth RCE to slip in an “admin-go” backdoor and drop payloads.
Patch now: 7.8.4 / 7.6.3.
Full story → https://thehackernews.com/2025/09/fortra-goanywhere-cvss-10-flaw.html
👏7🔥3
🚨 West Sussex man arrested over ransomware attack that crippled baggage & check-in systems at major European airports, including Heathrow.
Collins Aerospace confirms “HardBit” ransomware caused hundreds of flight delays.
NCA probe ongoing → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#basic-ransomware-big-chaos
Collins Aerospace confirms “HardBit” ransomware caused hundreds of flight delays.
NCA probe ongoing → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#basic-ransomware-big-chaos
🔥18😁6
⚡ Blue Report 2025:
• Data exfiltration stopped just 3% of the time
• 54% of attacker moves left no logs
• Only 14% triggered alerts
Dashboards don’t prove safety—BAS is the crash test that shows if your defenses really hold.
Read → https://thehackernews.com/2025/09/crash-tests-for-security-why-bas-is.html
• Data exfiltration stopped just 3% of the time
• 54% of attacker moves left no logs
• Only 14% triggered alerts
Dashboards don’t prove safety—BAS is the crash test that shows if your defenses really hold.
Read → https://thehackernews.com/2025/09/crash-tests-for-security-why-bas-is.html
👏8😁4👍2
⚠️ Two big cyber hits making waves:
🇷🇺 COLDRIVER hackers are tricking people with fake CAPTCHAs to drop a stealthy PowerShell backdoor that steals files and hides its tracks.
💥 At the same time, Bearlyfy ransomware is tearing through Russian companies—30+ victims so far, ransoms reaching €80K.
Full story → https://thehackernews.com/2025/09/new-coldriver-malware-campaign-joins-bo.html
🇷🇺 COLDRIVER hackers are tricking people with fake CAPTCHAs to drop a stealthy PowerShell backdoor that steals files and hides its tracks.
💥 At the same time, Bearlyfy ransomware is tearing through Russian companies—30+ victims so far, ransoms reaching €80K.
Full story → https://thehackernews.com/2025/09/new-coldriver-malware-campaign-joins-bo.html
👍14😁6👏3🤯2😱1
🚨 Two fresh phishing campaigns, one big warning:
🇺🇦 Hackers posing as Ukraine’s National Police use SVG attachments to launch a chain that steals passwords & mines crypto.
🇻🇳 Another crew lures victims with fake copyright notices, ending in PureRAT backdoors for full remote control.
Full story → https://thehackernews.com/2025/09/researchers-expose-svg-and-purerat.html
🇺🇦 Hackers posing as Ukraine’s National Police use SVG attachments to launch a chain that steals passwords & mines crypto.
🇻🇳 Another crew lures victims with fake copyright notices, ending in PureRAT backdoors for full remote control.
Full story → https://thehackernews.com/2025/09/researchers-expose-svg-and-purerat.html
⚡8👏5😁2
🚨 CISA: Hackers exploited GeoServer CVE-2024-36401 RCE to breach a U.S. federal agency on July 11, 2024—moving laterally across servers and deploying China Chopper web shells & LotL tools.
Full advisory → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#geoserver-hole-exploited
Full advisory → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#geoserver-hole-exploited
👏14🤔4🔥2👍1
🚨 China-linked cyber groups are upgrading their weapons:
• PlugX: hides in the Mobile Popup app, decrypts payloads in memory with XOR-RC4-RtlDecompressBuffer, packs a keylogger.
• Bookworm: slips shellcode in UUID strings to dodge detection.
Full story → https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html
• PlugX: hides in the Mobile Popup app, decrypts payloads in memory with XOR-RC4-RtlDecompressBuffer, packs a keylogger.
• Bookworm: slips shellcode in UUID strings to dodge detection.
Full story → https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html
🔥23🤯6🤔2😱2👍1