🚨 260K Laravel APP_KEYs exposed on GitHub — over 600 apps vulnerable, and ~120 at immediate risk of remote code execution.
With keys + URLs leaked, attackers can hijack servers via deserialization.
Most devs likely unaware.
Full story + what to do → https://thehackernews.com/2025/07/over-600-laravel-apps-exposed-to-remote.html
With keys + URLs leaked, attackers can hijack servers via deserialization.
Most devs likely unaware.
Full story + what to do → https://thehackernews.com/2025/07/over-600-laravel-apps-exposed-to-remote.html
🔥19👍3👏1
🚨 First-ever GPU RowHammer attack just hit NVIDIA.
Meet GPUHammer — A single bit flip drops AI accuracy from 80% to 0.1%. Even mitigations like TRR didn’t stop it.
Full details → https://thehackernews.com/2025/07/gpuhammer-new-rowhammer-attack-variant.html
Meet GPUHammer — A single bit flip drops AI accuracy from 80% to 0.1%. Even mitigations like TRR didn’t stop it.
Full details → https://thehackernews.com/2025/07/gpuhammer-new-rowhammer-attack-variant.html
😁23🤯14👏8👍7😱6🔥2🤔2
🚨 New eSIM hack lets attackers hijack mobile profiles & bypass carrier controls.
A flaw in Kigen’s eUICC tech allows malicious applets, stolen certificates, and full profile takeover—risking surveillance and stealth backdoors in billions of devices.
Details → https://thehackernews.com/2025/07/esim-vulnerability-in-kigens-euicc.html
A flaw in Kigen’s eUICC tech allows malicious applets, stolen certificates, and full profile takeover—risking surveillance and stealth backdoors in billions of devices.
Details → https://thehackernews.com/2025/07/esim-vulnerability-in-kigens-euicc.html
🔥18🤯8⚡5😁3👏1
🚨 Indian authorities just busted a Noida call center behind UK tech support scams worth £390,000.
The twist? Live scam calls were in progress during the raid—posing as Microsoft to exploit 100+ victims.
Full story → https://thehackernews.com/2025/07/cbi-shuts-down-390k-uk-tech-support.html
The twist? Live scam calls were in progress during the raid—posing as Microsoft to exploit 100+ victims.
Full story → https://thehackernews.com/2025/07/cbi-shuts-down-390k-uk-tech-support.html
👏23😱9🔥7👍2🤯1
⚡ Bluetooth car exploits. macOS backdoors. Ransomware returns. Arrests hit top cyber gangs.
This week, trusted tools turned toxic—and no one’s perimeter is safe.
Get the full intel in our latest recap →
https://thehackernews.com/2025/07/weekly-recap-scattered-spider-arrests.html
This week, trusted tools turned toxic—and no one’s perimeter is safe.
Get the full intel in our latest recap →
https://thehackernews.com/2025/07/weekly-recap-scattered-spider-arrests.html
🔥17🤔7👍3😁1
🚨 A fake CAPTCHA is all it takes.
Interlock ransomware is back—now pushing a stealthy PHP RAT via “FileFix,” a spin on ClickFix that hijacks File Explorer.
Targets? Everyone.
Tactics? Evolving fast.
Here’s what they’re hiding behind Cloudflare Tunnels ↓ https://thehackernews.com/2025/07/new-php-based-interlock-rat-variant.html
Interlock ransomware is back—now pushing a stealthy PHP RAT via “FileFix,” a spin on ClickFix that hijacks File Explorer.
Targets? Everyone.
Tactics? Evolving fast.
Here’s what they’re hiding behind Cloudflare Tunnels ↓ https://thehackernews.com/2025/07/new-php-based-interlock-rat-variant.html
😁11😱8
🚨 39 million secrets leaked on GitHub in 2024 alone.
Not just mistakes—these are entry points for attackers to breach your cloud, CI/CD, and data stores without triggering alerts.
Even a forgotten repo can cost everything.
Here’s how to stop it → https://thehackernews.com/2025/07/the-unusual-suspect-git-repos.html
Not just mistakes—these are entry points for attackers to breach your cloud, CI/CD, and data stores without triggering alerts.
Even a forgotten repo can cost everything.
Here’s how to stop it → https://thehackernews.com/2025/07/the-unusual-suspect-git-repos.html
🤯19⚡5🔥5👏4😁2🤔1
🚨 The bait? Fake coding assignments.
North Korean hackers pushed 67 new malware-laced npm packages—over 17K downloads already.
They’re now using a stealthier loader called XORIndex to hijack dev machines, steal crypto, and drop Python backdoors.
Read → https://thehackernews.com/2025/07/north-korean-hackers-flood-npm-registry.html
North Korean hackers pushed 67 new malware-laced npm packages—over 17K downloads already.
They’re now using a stealthier loader called XORIndex to hijack dev machines, steal crypto, and drop Python backdoors.
Read → https://thehackernews.com/2025/07/north-korean-hackers-flood-npm-registry.html
👍13🤯12🔥3👏1
🚨 AsyncRAT didn’t just survive—it multiplied.
Since its 2019 GitHub release, this open-source trojan has spawned a swarm of powerful variants like DCRat and Venom RAT—stealing webcams, logging keystrokes, evading antivirus, and more.
Details here → https://thehackernews.com/2025/07/asyncrats-open-source-code-sparks-surge.html
Since its 2019 GitHub release, this open-source trojan has spawned a swarm of powerful variants like DCRat and Venom RAT—stealing webcams, logging keystrokes, evading antivirus, and more.
Details here → https://thehackernews.com/2025/07/asyncrats-open-source-code-sparks-surge.html
🤔12
🚨 Sick of chasing meaningless vuln alerts?
Function-level runtime reachability shows only the code that's actually executing—no fluff, no false positives.
It’s like turning off the noise and seeing just the real threats.
Here’s why it changes everything ↓ https://thehackernews.com/expert-insights/2025/07/everything-to-know-about-runtime.html
Function-level runtime reachability shows only the code that's actually executing—no fluff, no false positives.
It’s like turning off the noise and seeing just the real threats.
Here’s why it changes everything ↓ https://thehackernews.com/expert-insights/2025/07/everything-to-know-about-runtime.html
🔥12
🚨 A new backdoor dubbed HazyBeacon is hitting Southeast Asian governments—hiding in plain sight using AWS Lambda.
It exfiltrates trade secrets via Google Drive and Dropbox.
State-backed. Stealthy. Still active.
Here’s what you need to know ↓ https://thehackernews.com/2025/07/state-backed-hazybeacon-malware-uses.html
It exfiltrates trade secrets via Google Drive and Dropbox.
State-backed. Stealthy. Still active.
Here’s what you need to know ↓ https://thehackernews.com/2025/07/state-backed-hazybeacon-malware-uses.html
😁10👏2🤔2🤯2👍1
LIVE WEBINAR: Building Your Secure AI Roadmap 🔒
Join this practical session to learn how leading teams are integrating security into every phase of the AI lifecycle.
Expect field insights, experts' best practices, and live answers to your toughest questions on AI visibility, red-teaming, runtime protection, and governance.
🗓️ July 23rd, 10 AM ET
🔗 Register here: https://thn.news/secure-ai-roadmap
Join this practical session to learn how leading teams are integrating security into every phase of the AI lifecycle.
Expect field insights, experts' best practices, and live answers to your toughest questions on AI visibility, red-teaming, runtime protection, and governance.
🗓️ July 23rd, 10 AM ET
🔗 Register here: https://thn.news/secure-ai-roadmap
👍9⚡2👏1
🚨 AI agents now outnumber humans in the cloud — and they're logging in with invisible keys.
They act fast, never question commands, and often hold overprivileged access no one monitors.
One forgotten token = full-blown breach.
Here’s how to fix it before it breaks you → https://thehackernews.com/2025/07/securing-agentic-ai-how-to-protect.html
They act fast, never question commands, and often hold overprivileged access no one monitors.
One forgotten token = full-blown breach.
Here’s how to fix it before it breaks you → https://thehackernews.com/2025/07/securing-agentic-ai-how-to-protect.html
🔥13😁1
🚨 New ransomware gang "GLOBAL GROUP" just hit 17 victims across 4 continents — in weeks.
It’s a rebrand of BlackLock, now upgraded with AI chatbots and 85% payouts to lure affiliates.
They’re buying access to law firms and critical networks.
Full story → https://thehackernews.com/2025/07/newly-emerged-global-group-raas-expands.html
It’s a rebrand of BlackLock, now upgraded with AI chatbots and 85% payouts to lure affiliates.
They’re buying access to law firms and critical networks.
Full story → https://thehackernews.com/2025/07/newly-emerged-global-group-raas-expands.html
🔥15🤯5
🚨 A single DDoS attack just peaked at 7.3 Tbps—in 45 seconds.
Cloudflare says hyper-volumetric attacks are exploding, with ransom threats up 68%.
Botnets like DemonBot are turning unsecured IoT into weapons.
Here’s what’s happening → https://thehackernews.com/2025/07/hyper-volumetric-ddos-attacks-reach.html
Cloudflare says hyper-volumetric attacks are exploding, with ransom threats up 68%.
Botnets like DemonBot are turning unsecured IoT into weapons.
Here’s what’s happening → https://thehackernews.com/2025/07/hyper-volumetric-ddos-attacks-reach.html
🤯26👏11🔥9⚡4
🛑 Google’s AI just stopped a cyberattack before it even began.
An LLM agent named Big Sleep discovered a critical SQLite flaw (CVE-2025-6965) that threat actors were likely about to exploit—making it the first known case of an AI foiling a live exploit attempt.
Details on how it worked → https://thehackernews.com/2025/07/google-ai-big-sleep-stops-exploitation.html
An LLM agent named Big Sleep discovered a critical SQLite flaw (CVE-2025-6965) that threat actors were likely about to exploit—making it the first known case of an AI foiling a live exploit attempt.
Details on how it worked → https://thehackernews.com/2025/07/google-ai-big-sleep-stops-exploitation.html
🔥20🤯20👍6👏3
⚠️ WARNING - Google Chrome Zero-Day Alert!
A new exploit is hitting users right now — CVE-2025-6558 lets attackers break out of the browser sandbox.
Update Chrome ASAP → https://thehackernews.com/2025/07/urgent-google-releases-critical-chrome.html
(Edge, Brave, Opera users: you're not safe either.)
A new exploit is hitting users right now — CVE-2025-6558 lets attackers break out of the browser sandbox.
Update Chrome ASAP → https://thehackernews.com/2025/07/urgent-google-releases-critical-chrome.html
(Edge, Brave, Opera users: you're not safe either.)
🤯35👍6🔥4👏2
🚨 Two Android threats just collided — and it’s getting wild.
Hackers are using evil twin apps with the same package name as legit Play Store apps to deliver Konfety malware — now upgraded with fake encryption, APK crashes, dynamic payloads, and hidden installs.
At the same time, TapTrap lets apps hijack your screen taps to grant malware dangerous permissions — no user awareness needed.
This isn’t theoretical. Android 16 is still vulnerable.
Details here → https://thehackernews.com/2025/07/new-konfety-malware-variant-evades.html
Hackers are using evil twin apps with the same package name as legit Play Store apps to deliver Konfety malware — now upgraded with fake encryption, APK crashes, dynamic payloads, and hidden installs.
At the same time, TapTrap lets apps hijack your screen taps to grant malware dangerous permissions — no user awareness needed.
This isn’t theoretical. Android 16 is still vulnerable.
Details here → https://thehackernews.com/2025/07/new-konfety-malware-variant-evades.html
😱18👍4🔥4
🚨 M&A chaos isn't just financial—it’s identity chaos too.
Mergers can spawn 25+ siloed systems, untracked privileged accounts, and dangerous role creep. One wrong move? Audit failures or full-blown breaches.
Here’s how to restore order before risk takes over ↓ https://thehackernews.com/expert-insights/2025/07/identity-challenges-in-mergers-and.html
Mergers can spawn 25+ siloed systems, untracked privileged accounts, and dangerous role creep. One wrong move? Audit failures or full-blown breaches.
Here’s how to restore order before risk takes over ↓ https://thehackernews.com/expert-insights/2025/07/identity-challenges-in-mergers-and.html
🔥11
⚡ Deepfake CEOs. Fake job offers. Cloned websites.
AI-powered scams are fooling even trained teams—because they look real. These aren’t phishing emails. They’re full-scale impersonation attacks.
See how to stop them in real time.
Watch the webinar → https://thehackernews.com/2025/07/deepfakes-fake-recruiters-cloned-cfos.html
AI-powered scams are fooling even trained teams—because they look real. These aren’t phishing emails. They’re full-scale impersonation attacks.
See how to stop them in real time.
Watch the webinar → https://thehackernews.com/2025/07/deepfakes-fake-recruiters-cloned-cfos.html
😁14👏4🔥3