🚨 China-linked cyber groups are upgrading their weapons:

• PlugX: hides in the Mobile Popup app, decrypts payloads in memory with XOR-RC4-RtlDecompressBuffer, packs a keylogger.

• Bookworm: slips shellcode in UUID strings to dodge detection.

Full story → https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html

🚨 First real-world MCP server backdoor spotted!

A fake npm package postmark-mcp silently BCC’d every email to an attacker—over 1,600 downloads before removal.

⚠️ One line of code. Thousands of stolen emails.

Read now → https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html

🚨 Microsoft warns — Hackers used LLM-generated code to hide malware in an SVG file disguised as a business dashboard, bypassing defenses with self-addressed emails + invisible scripts.

Details → https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html

🕵️‍♀️ Missed the action? Hackers didn’t rest—neither should you.

See the key security stories you might have missed.

Check full recap → https://thehackernews.com/2025/09/weekly-recap-cisco-0-day-record-ddos.html

🚨 SOCs are drowning: 40% of security alerts go uninvestigated, and 61% of the ones ignored later turn out to be critical.

Teams face 3,000+ daily alerts and 70-minute investigations—far slower than the 48 minutes attackers need to compromise.

Read → https://thehackernews.com/2025/09/the-state-of-ai-in-soc-2025-insights.html

🚨 EvilAI is live and global: Malware hidden inside “legit” AI & productivity apps is quietly invading manufacturing, healthcare, gov & tech across 🇮🇳 🇺🇸 🇫🇷 🇧🇷 and more.

🕵️‍♂️ Uses real code-signing certs, AES-encrypted C2, even NeutralinoJS tricks to slip past detection.

Read → https://thehackernews.com/2025/09/evilai-malware-masquerades-as-ai-tools.html

🚨 Linux/Unix alert: CISA just flagged a critical Sudo flaw (CVE-2025-32463, CVSS 9.3) now exploited in the wild.

Attackers can hijack sudo’s --chroot option to run arbitrary commands as root—even if not in sudoers.

Details → https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html

🚨 U.K. police just seized £5.5B ($7.4B) in crypto—the largest Bitcoin confiscation in history.

A Chinese fraudster duped 128,000 victims, laundered funds into 61,000 BTC, and tried to hide in London with fake IDs.

The twist? She was caught buying property.

Full story → https://thehackernews.com/2025/09/uk-police-just-seized-55-billion-in.html

🚨 Shadow AI is exploding inside enterprises. Employees are adopting LLM-powered apps without oversight—creating blind spots, supply chain risks, and data leaks.

Wing Security says traditional defenses can’t keep up. The fix? Real-time discovery + AI supply chain governance.

Read → https://thehackernews.com/2025/09/evolving-enterprise-defense-to-secure.html

🚨 A new Android banking trojan is here: Datzbro.

It doesn’t just steal logins—it recreates your screen in real time for full device takeover.

Victims? Seniors lured via fake “active trip” groups on Facebook.

Details → https://thehackernews.com/2025/09/new-android-trojan-datzbro-tricking.html

🔥 [New] VMware zero-day (CVE-2025-41244) exploited in the wild!

UNC5174 popped root by abusing a regex bug in get_version() — drop /tmp/httpd, open a socket, and you’re root.

Already active since Oct ’24.

Details → https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.html

🛠 AI won’t fix your workflows—it might break them.

Learn how top teams actually blend humans + LLMs without over-engineering.

Secure, auditable, scalable.

📅 Join the webinar → https://thehacker.news/ai-automating-cybersecurity

🚨 Microsoft just made Sentinel an agentic SIEM.

Now GA: Sentinel data lake + preview of Graph & MCP server.

AI agents can retro-hunt, trace attack paths & plug into VS Code. From reactive to predictive defense.

Details → https://thehackernews.com/2025/09/microsoft-expands-sentinel-into-agentic.html

🚨 Google’s Gemini AI had a “Trifecta” of flaws that let attackers steal user data + hijack cloud assets.

The wildest part? Hackers could smuggle prompts inside HTTP headers to make Gemini expose IAM misconfigs & query Cloud APIs on their behalf.

Read → https://thehackernews.com/2025/09/researchers-disclose-google-gemini-ai.html

Containers boost speed and scale, but they also introduce risks that can be overlooked.

In this 30-minute session, we’ll challenge the biggest myths surrounding container security.

Save your spot now: https://thn.news/tech-stack-defense

💡 SOC alert chaos isn’t a volume problem—it’s the model.

Conifers’ CognitiveSOC™ turns raw alerts into context-rich stories: false positives drop, MTTR shrinks from hours → minutes.

More context, less chaos → https://thehackernews.com/2025/09/stop-alert-chaos-context-is-key-to.html

🚨 New China-linked hacking group uncovered: Phantom Taurus.

Targets: foreign ministries, embassies, & military ops across Africa, the Middle East, & Asia.

Their weapon? A custom .NET malware suite (NET-STAR) that hijacks IIS servers, timestomps files, & evades AMSI/ETW.

Read → https://thehackernews.com/2025/09/phantom-taurus-new-china-linked-hacker.html

🔥 A $50 hardware hack just broke Intel SGX & AMD SEV-SNP—the backbone of confidential cloud computing.

Researchers built a cheap DDR4 interposer that slips past trust checks, then flips a switch to rewrite encrypted memory on the fly.

The kicker? Fixing it would require redesigning memory encryption itself.

Details → https://thehackernews.com/2025/10/50-battering-ram-attack-breaks-intel.html

CISOs are done buying shiny tools.

The new playbook? Threat-Informed Defense—using intel + adversary emulation to prove if your controls actually stop real attacker TTPs.

From poisoned CI/CD pipelines to identity-based API attacks—here’s how to operationalize it ↓ https://thehackernews.com/expert-insights/2025/09/turning-intelligence-into-action-with.html

⚠️ CERT-UA: Hackers are sneaking a new CABINETRAT backdoor into Ukraine via Excel XLL add-ins shared on Signal.

Shellcode is hidden inside a PNG (“Office.png”), launched by excel.exe /e in stealth mode.

Details here → https://thehackernews.com/2025/10/ukraine-warns-of-cabinetrat-backdoor.html

🚨 New Android banking trojan spotted — Klopatra has hijacked 3,000+ devices in Spain & Italy.

It hides with Virbox-grade protection (never seen before in Android malware), uses hidden VNC to drain bank accounts at night—while victims think their phone is off.

Details here → https://thehackernews.com/2025/10/new-android-banking-trojan-klopatra.html