Thinking of running DDoS simulations?
Whether you're using open-source tools or commercial software, a few best practices can make all the difference.
Start with the most common attack vectors. Test each protection layer separately. And follow these 7 essential tips to get the most from your efforts.
Check out the full list → https://thn.news/ddos-testing-tips
Whether you're using open-source tools or commercial software, a few best practices can make all the difference.
Start with the most common attack vectors. Test each protection layer separately. And follow these 7 essential tips to get the most from your efforts.
Check out the full list → https://thn.news/ddos-testing-tips
🔥11👍6👏3
Suspected India-linked APT hacked European foreign ministry using fake defense emails and LoptikMod malware.
Phishing via Google Drive led to data exfiltration, persistence, and stealthy surveillance.
Diplomatic espionage is expanding → https://thehackernews.com/2025/07/donot-apt-expands-operations-targets.html
Phishing via Google Drive led to data exfiltration, persistence, and stealthy surveillance.
Diplomatic espionage is expanding → https://thehackernews.com/2025/07/donot-apt-expands-operations-targets.html
😁24⚡2👍2🔥1
🚨 Exposed ASP.NET keys are being weaponized to hijack servers—3,000+ at risk.
An IAB called Gold Melody is selling stealthy access after exploiting ViewState flaws. Code runs in memory, leaving barely a trace.
Here's what’s happening → https://thehackernews.com/2025/07/gold-melody-iab-exploits-exposed-aspnet.html
An IAB called Gold Melody is selling stealthy access after exploiting ViewState flaws. Code runs in memory, leaving barely a trace.
Here's what’s happening → https://thehackernews.com/2025/07/gold-melody-iab-exploits-exposed-aspnet.html
⚡11👏3👍2🤯2
🚨 Major flaws hit ServiceNow, Lenovo, and Windows:
🔸 ServiceNow bug (CVE-2025-3648) leaks PII via ACL misconfigs—no login needed
🔸 Lenovo app lets local users hijack DLLs to run code
🔸 Windows Kerberos bug (CVE-2025-47978) can crash domain controllers remotely
Find details here → https://thehackernews.com/2025/07/servicenow-flaw-cve-2025-3648-could.html
🔸 ServiceNow bug (CVE-2025-3648) leaks PII via ACL misconfigs—no login needed
🔸 Lenovo app lets local users hijack DLLs to run code
🔸 Windows Kerberos bug (CVE-2025-47978) can crash domain controllers remotely
Find details here → https://thehackernews.com/2025/07/servicenow-flaw-cve-2025-3648-could.html
👍8😁5👏2
🚨 New AMD CPU attack technique uncovered! Researchers reveal a new class of side-channel flaws—TSA—impacting Ryzen, EPYC, and Instinct chips.
These let attackers leak sensitive data across virtual machines, apps, even OS kernel boundaries.
Exploits require local code execution—but the risk is real.
Here’s what to know ↓ https://thehackernews.com/2025/07/amd-warns-of-new-transient-scheduler.html
These let attackers leak sensitive data across virtual machines, apps, even OS kernel boundaries.
Exploits require local code execution—but the risk is real.
Here’s what to know ↓ https://thehackernews.com/2025/07/amd-warns-of-new-transient-scheduler.html
🔥12🤔5😱3
🚨 A fake Termius app for macOS is spreading ZuRu malware — with full remote access powers.
It silently hijacks developers hunting legit tools, using hacked code and stealthy C2 beacons.
The worst part? It auto-updates to dodge detection.
Full report → https://thehackernews.com/2025/07/new-macos-malware-zuru-targeting.html
It silently hijacks developers hunting legit tools, using hacked code and stealthy C2 beacons.
The worst part? It auto-updates to dodge detection.
Full report → https://thehackernews.com/2025/07/new-macos-malware-zuru-targeting.html
🤔7🤯3😁2👍1
🚨 95% of U.S. companies now use generative AI—often without IT knowing.
That means sensitive data is flowing into AI tools with no oversight, no logging, and no guardrails.
Shadow AI is today’s biggest blind spot.
Details + what to do about it → https://thehackernews.com/2025/07/what-security-leaders-need-to-know.html
That means sensitive data is flowing into AI tools with no oversight, no logging, and no guardrails.
Shadow AI is today’s biggest blind spot.
Details + what to do about it → https://thehackernews.com/2025/07/what-security-leaders-need-to-know.html
🔥12👍6
🚨 UK teens linked to $590M cyberattacks on M&S, Co-op, Harrods arrested.
They’re tied to Scattered Spider—a group so slick, it tricks IT desks with fake calls.
The worst part? It’s just one arm of a crime ring tied to swatting and even murder.
Read → https://thehackernews.com/2025/07/four-arrested-in-440m-cyber-attack-on.html
They’re tied to Scattered Spider—a group so slick, it tricks IT desks with fake calls.
The worst part? It’s just one arm of a crime ring tied to swatting and even murder.
Read → https://thehackernews.com/2025/07/four-arrested-in-440m-cyber-attack-on.html
🔥14🤯7😱3🤔2👍1
🚨 Crypto users targeted in ultra-slick social engineering scam.
Hackers built dozens of fake AI/Web3 startups—complete with logos, blogs, and verified X accounts—to push malware disguised as investment tools.
The malware drains wallets on both Windows & macOS.
Details here → https://thehackernews.com/2025/07/fake-gaming-and-ai-firms-push-malware.html
Hackers built dozens of fake AI/Web3 startups—complete with logos, blogs, and verified X accounts—to push malware disguised as investment tools.
The malware drains wallets on both Windows & macOS.
Details here → https://thehackernews.com/2025/07/fake-gaming-and-ai-firms-push-malware.html
😱17🔥8👏3👍1
🚨 Critical flaw in AI tool mcp-remote lets hackers run OS commands just by connecting to a fake server.
Full system takeover possible on Windows. Over 437K downloads already.
Update now or risk remote hijack.
Details here → https://thehackernews.com/2025/07/critical-mcp-remote-vulnerability.html
Full system takeover possible on Windows. Over 437K downloads already.
Update now or risk remote hijack.
Details here → https://thehackernews.com/2025/07/critical-mcp-remote-vulnerability.html
😁16🔥7👍1
🚨 CISA confirms Citrix Bleed 2 is being exploited in the wild.
Attackers are stealing VPN sessions and leaking sensitive memory—some linked to ransomware crews.
The worst part? Citrix still hasn’t updated its advisory.
Read → https://thehackernews.com/2025/07/cisa-adds-citrix-netscaler-cve-2025.html
Attackers are stealing VPN sessions and leaking sensitive memory—some linked to ransomware crews.
The worst part? Citrix still hasn’t updated its advisory.
Read → https://thehackernews.com/2025/07/cisa-adds-citrix-netscaler-cve-2025.html
😁9👏7🤔4
🚨 Iran-backed ransomware is offering 80% profits to hackers targeting the U.S. and Israel.
Pay2Key.I2P is tied to Fox Kitten, built on I2P, and has pulled in $4M+.
A new front in cyberwarfare → https://thehackernews.com/2025/07/iranian-backed-pay2key-ransomware.html
Pay2Key.I2P is tied to Fox Kitten, built on I2P, and has pulled in $4M+.
A new front in cyberwarfare → https://thehackernews.com/2025/07/iranian-backed-pay2key-ransomware.html
🔥21🤔6😱4👏3
🚨 A critical bug in Wing FTP Server (CVE-2025-47812) is under active attack—RCE via null byte injection.
Hackers are exploiting it using anonymous FTP access to drop malware & run commands as root.
Over 5,000 servers still exposed. Patch now.
Details here → https://thehackernews.com/2025/07/critical-wing-ftp-server-vulnerability.html
Hackers are exploiting it using anonymous FTP access to drop malware & run commands as root.
Over 5,000 servers still exposed. Patch now.
Details here → https://thehackernews.com/2025/07/critical-wing-ftp-server-vulnerability.html
👍9🤯6
Master the Full Scope of Endpoint Investigations
Today’s threats span beyond the logs, it’s time your training did too.
TryHackMe’s new Advanced Endpoint Investigations path gives you hands-on experience across Windows, Linux, macOS, mobile, memory, disk, and file systems — all in one place.
🔍 Built for SOC & Incident Response teams to:
✔️ Investigate volatile and persistent evidence
✔️ Detect cross-platform attacker activity
✔️ Conduct deep investigations, not just triage
If you’re ready to go beyond alerts and lead every stage of the investigation — this is for you.
👉 Start your first investigation now! https://thn.news/advanced-endpoint-path
Today’s threats span beyond the logs, it’s time your training did too.
TryHackMe’s new Advanced Endpoint Investigations path gives you hands-on experience across Windows, Linux, macOS, mobile, memory, disk, and file systems — all in one place.
🔍 Built for SOC & Incident Response teams to:
✔️ Investigate volatile and persistent evidence
✔️ Detect cross-platform attacker activity
✔️ Conduct deep investigations, not just triage
If you’re ready to go beyond alerts and lead every stage of the investigation — this is for you.
👉 Start your first investigation now! https://thn.news/advanced-endpoint-path
🔥13🤔6
🚨 Hackers can hijack your car over Bluetooth.
New “PerfektBlue” flaws let attackers run remote code on Mercedes, VW & Skoda—just by pairing.
They can track location, record audio, and even reach engine controls.
Full story → https://thehackernews.com/2025/07/perfektblue-bluetooth-vulnerabilities.html
New “PerfektBlue” flaws let attackers run remote code on Mercedes, VW & Skoda—just by pairing.
They can track location, record audio, and even reach engine controls.
Full story → https://thehackernews.com/2025/07/perfektblue-bluetooth-vulnerabilities.html
🤔19😁15👍8🔥8🤯7👏4
🚨 A critical flaw in Fortinet’s FortiWeb lets unauthenticated attackers run SQL commands remotely (CVSS 9.6).
The bug? It blindly trusts tokens—letting attackers write to the file system.
Fix it now or risk real damage.
Read → https://thehackernews.com/2025/07/fortinet-releases-patch-for-critical.html
The bug? It blindly trusts tokens—letting attackers write to the file system.
Fix it now or risk real damage.
Read → https://thehackernews.com/2025/07/fortinet-releases-patch-for-critical.html
😁20🤔7
🚨 Over 1.2B risky transactions blocked.
AI tools like Copilot leaked SSNs. SaaS, email & file sharing aren’t far behind. The 2025 Data Risk Report shows just how exposed your enterprise data really is.
Read more → https://thehackernews.com/2025/07/securing-data-in-ai-era.html
AI tools like Copilot leaked SSNs. SaaS, email & file sharing aren’t far behind. The 2025 Data Risk Report shows just how exposed your enterprise data really is.
Read more → https://thehackernews.com/2025/07/securing-data-in-ai-era.html
🔥22👍4👏4
🚨 260K Laravel APP_KEYs exposed on GitHub — over 600 apps vulnerable, and ~120 at immediate risk of remote code execution.
With keys + URLs leaked, attackers can hijack servers via deserialization.
Most devs likely unaware.
Full story + what to do → https://thehackernews.com/2025/07/over-600-laravel-apps-exposed-to-remote.html
With keys + URLs leaked, attackers can hijack servers via deserialization.
Most devs likely unaware.
Full story + what to do → https://thehackernews.com/2025/07/over-600-laravel-apps-exposed-to-remote.html
🔥19👍3👏1
🚨 First-ever GPU RowHammer attack just hit NVIDIA.
Meet GPUHammer — A single bit flip drops AI accuracy from 80% to 0.1%. Even mitigations like TRR didn’t stop it.
Full details → https://thehackernews.com/2025/07/gpuhammer-new-rowhammer-attack-variant.html
Meet GPUHammer — A single bit flip drops AI accuracy from 80% to 0.1%. Even mitigations like TRR didn’t stop it.
Full details → https://thehackernews.com/2025/07/gpuhammer-new-rowhammer-attack-variant.html
😁23🤯14👏8👍7😱6🔥2🤔2
🚨 New eSIM hack lets attackers hijack mobile profiles & bypass carrier controls.
A flaw in Kigen’s eUICC tech allows malicious applets, stolen certificates, and full profile takeover—risking surveillance and stealth backdoors in billions of devices.
Details → https://thehackernews.com/2025/07/esim-vulnerability-in-kigens-euicc.html
A flaw in Kigen’s eUICC tech allows malicious applets, stolen certificates, and full profile takeover—risking surveillance and stealth backdoors in billions of devices.
Details → https://thehackernews.com/2025/07/esim-vulnerability-in-kigens-euicc.html
🔥18🤯8⚡5😁3👏1