🚨 1,500+ malicious IPs are scanning for exposed Java debug ports right now.

Hackers are using misconfigured JDWP to hijack CI/CD tools like TeamCity, dropping stealth crypto miners.

Worse? They're hiding wallets, killing rival payloads, and mimicking system processes.

Here’s how it works → https://thehackernews.com/2025/07/alert-exposed-jdwp-interfaces-lead-to.html

🚨 Taiwan warns: RedNote, TikTok, WeChat & others send your data—including face scans & contacts—back to China.

RedNote broke all 15 security rules. TikTok, 13.

Chinese law requires companies to hand over this data.

Full details → https://thehackernews.com/2025/07/taiwan-nsb-alerts-public-on-data-risks.html

🚨 APT36 spoofed India’s Defence Ministry website to deliver DRAT V2 malware.

A fake press release tricks users into pasting a command—giving attackers full remote control.

Targets include defense, oil, railways, and foreign affairs.

Details here → https://thehackernews.com/2025/07/tag-140-deploys-drat-v2-rat-targeting.html

🚨 Employees are feeding company secrets into ChatGPT—and you might never know it.

Blocking AI apps doesn’t stop the risk. It just hides it.

Shadow AI is exploding as workers find workarounds. The real danger? You’ve lost visibility.

Here’s how to take control → https://thehackernews.com/expert-insights/2025/07/shadow-ai-how-to-mitigate-hidden-risks.html

🚨 Hackers took over a US water plant using the default password: 1111.

Yes, that still works—in 2025.

Default passwords are quietly powering ransomware, DDoS, and supply chain attacks worldwide.

Full story + what to do about it → https://thehackernews.com/2025/07/manufacturing-security-why-default.html

The EU has established two major cybersecurity regulations that impact software and infrastructure teams alike.

🔸 NIS2: Applies to operators of essential services (energy, transport, banking, healthcare).
🔸CRA: Applies to any digital product sold in the EU, requiring secure-by-design from dev to patch.

If you build, maintain, or ship software in/into the EU — you’ll likely need to comply. Learn more about timelines, overlap with other global regulations, and more: https://thn.news/nis2-eu-cyber-resilience

🚨 8,500+ SMB users tricked into downloading malware disguised as ChatGPT, Zoom, and Outlook tools.

Hackers are hijacking Google search ads to push trojanized software, steal logins, and drain crypto wallets.

Even real brand help pages are being spoofed.

Full story → https://thehackernews.com/2025/07/seo-poisoning-campaign-targets-8500.html

🚨 CISA just flagged 4 old bugs as actively exploited — including a 2014 buffer overflow.

One flaw tied to Chinese hackers leaking Citrix session tokens & credentials right now.

The worst part? Some attacks need no credentials.

Full details → https://thehackernews.com/2025/07/cisa-adds-four-critical-vulnerabilities.html

🚨 New Batavia spyware targets Russian orgs via fake contract emails—active since July 2024.

It steals internal documents, system logs, screenshots—even scans USBs. Now linked to over 100 phishing hits.

Details + NordDragonScan campaign → https://thehackernews.com/2025/07/researchers-uncover-batavia-windows.html

🚨 Over 17,000 fake news sites are scamming investors in 50+ countries.

They mimic CNN, BBC & others—then funnel victims into fake crypto platforms like Trap10 & Solara.

The worst part? Even real websites are being hijacked to host these traps.

Full story → https://thehackernews.com/2025/07/baittrap-over-17000-fake-news-websites.html

🚨 A stealthy new botnet called RondoDox is hijacking Linux DVRs & routers—then hiding in plain sight.

It kills security tools, rewrites system commands, and mimics traffic from Discord, Minecraft, and Fortnite to stay invisible.

Learn how it spreads → https://thehackernews.com/2025/07/rondodox-botnet-exploits-flaws-in-tbk.html

🚨 Does your org run on Microsoft?

Discover the 2025 Microsoft Vulnerabilities Report by BeyondTrust: 5-yr vuln trends, deep CVE insights & expert commentary. Your roadmap to stronger security.

Grab your free copy ➡️ https://thn.news/microsoft-vulnerability-report

🚨 WARNING: A popular VS Code extension for Ethereum smart contracts was hijacked with 2 hidden lines of code—launching PowerShell to run mystery scripts.

Crypto theft? Contract poisoning? It fooled 6,000+ devs.

Here’s how the attack worked → https://thehackernews.com/2025/07/malicious-pull-request-infects-6000.html

🚨 Adidas, Dior, Victoria’s Secret, M&S, and more were breached—no malware, no exploits.

Hackers just logged in using stolen credentials, stale SaaS tokens, and fake IT help calls.

The real threat? Invisible identities hiding in your SaaS stack.

Details here → https://thehackernews.com/2025/07/5-ways-identity-based-attacks-are.html

🚨 90,000+ Android users infected by banking malware from a fake PDF app on Google Play.

It showed fake “maintenance” screens to steal logins and drain accounts—targeting US and Canada banks.

The app hit #4 in the Tools category before Google removed it.

Full story → https://thehackernews.com/2025/07/anatsa-android-banking-trojan-hits.html

🚨 Hackers are using the legit red-teaming tool Shellter to spread malware like Lumma Stealer.

The worst part? It started with a leaked paid version—now it’s in the wild, dodging EDR.

Gaming lures, YouTube mods, fake sponsors... it’s all part of the trap.

Read → https://thehackernews.com/2025/07/hackers-use-leaked-shellter-tool.html

🚨 Microsoft just patched 130 flaws—but no exploited zero-days for the first time in 11 months.

One bug (CVSS 9.8) may be wormable, echoing WannaCry fears. Another leaks memory from SQL Server.

Patch now. Details here → https://thehackernews.com/2025/07/microsoft-patches-130-vulnerabilities.html

🚨 Chinese national arrested in Italy for role in massive U.S. cyber espionage campaign.

Xu Zewei allegedly hacked vaccine research & 12,700+ victims using Microsoft Exchange zero-days—linked to China's state-backed Silk Typhoon group.

Details here → https://thehackernews.com/2025/07/chinese-hacker-xu-zewei-arrested-for.html

🚨 U.S. sanctions North Korean hacker for using stolen American IDs to place fake IT workers in U.S. jobs—funneling salaries to fund weapons programs.

The scheme hit hundreds of companies. Some workers even planted malware.

Details → https://thehackernews.com/2025/07/us-sanctions-north-korean-andariel.html

🚨 Malware alert triage just got easier.

A free Tines workflow automates response using CrowdStrike, Slack, PagerDuty, and GitHub—built by Intercom’s Lucas Cantor.

Device owners are looped in instantly. No more manual chasing.

Try it here → https://thehackernews.com/2025/07/how-to-automate-ticket-creation-device.html