🚨 Hackers abused fake GitHub accounts to host Amadey malware plugins & stealers like Lumma & RedLine.

They used Emmenhtal loader to drop payloads—evading filters with public repos. Even legit tools like PuTTY were weaponized.

Details → https://thehackernews.com/2025/07/hackers-use-github-repositories-to-host.html

🚨 Critical NVIDIA GPU bug lets attackers hijack AI containers with just 3 lines of code (CVSS 9.0).

Impacts 37% of cloud environments—risking full server takeover & model theft.

Read the full report → https://thehackernews.com/2025/07/critical-nvidia-container-toolkit-flaw.html

🚨 Google sues 25 China-based actors behind BADBOX 2.0 — a botnet infecting 10M+ devices with malware before they even reach users.

The kicker? They used hacked TVs & apps to steal ad money from Google itself.

Details here → https://thehackernews.com/2025/07/google-sues-25-chinese-entities-over.html

🚨 New malware “LAMEHUG” uses a coding LLM to generate real-time attack commands—no scripts needed.

Discovered by Ukraine CERT, it runs through Hugging Face and was sent by APT28 to target officials.

This changes how phishing works → https://thehackernews.com/2025/07/cert-ua-discovers-lamehug-malware.html

🚨 Ransomware now wipes backups, steals data & blocks recovery.

Old backup plans won’t cut it.

SMBs lose ₹45L/day to downtime — not counting trust & revenue loss.

Build real cyber resilience now ↓ https://thehackernews.com/2025/07/how-cyber-resilience-helps-it-defend-against-ransomwa.html

🚨 ALERT - Hackers exploited two Ivanti flaws as zero-days to drop stealth malware MDifyLoader—and run Cobalt Strike in memory.

It hides using DLL sideloading, evades detection, and keeps coming back.

Full story ↓ https://thehackernews.com/2025/07/ivanti-zero-days-exploited-to-drop.html

⚠️ WARNING - Fake CVs are being used to breach defense, energy & aviation sectors in Asia.

Espionage group UNG0002 is deploying Cobalt Strike, Shadow RAT & fake gov CAPTCHA pages in targeted attacks across China, Hong Kong & Pakistan.

Full breakdown → https://thehackernews.com/2025/07/ung0002-group-hits-china-hong-kong.html

🔥 China’s border police are using a secret tool called Massistant to extract everything—from GPS to Signal chats—off phones.

It installs silently, pulls your data, then vanishes. iPhones may be next.

Details here → https://thehackernews.com/2025/07/chinas-massistant-tool-secretly.html

🚨 Hackers are actively exploiting a critical flaw in CrushFTP (CVE-2025-54309, CVSS 9.0) to gain admin access via HTTPS—no DMZ needed.

They reverse engineered a patch and struck fast.

The worst part? Many systems are still exposed.

Details here → https://thehackernews.com/2025/07/hackers-exploit-critical-crushftp-flaw.html

🚨 Hackers hijacked popular npm packages using phishing emails that mimicked npm support.

They published malware directly—no GitHub commits, no PRs.

One version tries to run a DLL for remote code execution.

Check if you’re affected ↓ https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html

⚠️ A critical UNPATCHED zero-day in Microsoft SharePoint (CVE-2025-53770) is being massively exploited right now.

At least 75 orgs breached—including major companies and governments.

Here’s what you need to know ↓ https://thehackernews.com/2025/07/critical-microsoft-sharepoint-flaw.html

🚨 Web3 devs targeted with fake AI job interviews — to steal your crypto.

Hackers lure victims with sites like “Norlax AI,” then drop malware disguised as a Realtek audio driver.

One click = stolen wallets, credentials, and project data.

Read → https://thehackernews.com/2025/07/encrypthub-targets-web3-developers.html

🔥 ALERT ➟ Microsoft issues urgent security patches for critical SharePoint RCE flaw (CVE-2025-53770), now under active exploitation worldwide.

Hackers are bypassing MFA, stealing keys, and targeting banks, government agencies, hospitals & more.

Details → https://thehackernews.com/2025/07/microsoft-releases-urgent-patch-for.html

If your SharePoint is on-prem and internet-facing—assume compromise. Patching alone won’t evict the threat.

🛡️ Urgent steps: Patch, rotate machine keys, restart IIS.

🚨 HPE Wi-Fi gear shipped with hardcoded admin logins.

CVE-2025-37103 scores 9.8/10—no password needed to hijack your network.

It can be chained with a second bug for full system takeover.

Full details → https://thehackernews.com/2025/07/hard-coded-credentials-found-in-hpe.html

🚨 Over 3,500 websites hijacked to secretly mine crypto — just by visiting them.

The stealthy JavaScript miner hides in plain sight, adjusts intensity based on your device, and runs silently in the background.

It's linked to credit card theft too.

Read ↓ https://thehackernews.com/2025/07/3500-websites-hijacked-to-secretly-mine.html

🚨 Hackers are bypassing FIDO keys—without breaking them.

A new phishing trick fools users into scanning legit QR codes, handing attackers full access.

The worst part? It abuses a real cross-device sign-in feature.

How PoisonSeed pulls it off ↓ https://thehackernews.com/2025/07/poisonseed-hackers-bypass-fido-keys.html

🚨 Over 80% of orgs are adopting Zero Trust by 2026—but AI is rewriting the playbook.

Predictive models block threats. Generative AI speeds triage. Agentic AI enforces policies autonomously.

The catch? Human oversight still makes or breaks security.

Learn more ↓ https://thehackernews.com/2025/07/assessing-role-of-ai-in-zero-trust.html

⚠️ Zero-days are hitting faster than teams can patch.

→ SharePoint & Chrome under active attack
→ Hackers exploit NVIDIA, SQLite, CrushFTP
→ $2.17B stolen in crypto so far this year
→ AI just stopped a real-world exploit before humans did

This week proves: No system is safe.

Full recap → https://thehackernews.com/2025/07/weekly-recap-sharepoint-0-day-chrome.html

60% of breaches in 2025 involved one common risk: humans handling passwords.

We may dream of a passwordless future, but today’s real fix is removing users from the login flow.

Here’s how teams are doing it—without waiting for full passkey adoption ↓ https://thehackernews.com/expert-insights/2025/07/how-to-go-passwordless-without-getting.html

🚨 China-linked APT41 breached African gov IT networks using internal SharePoint servers as C2.

The attack used stolen admin creds, DLL sideloading, and fake GitHub domains—marking rare APT41 activity in Africa.

Full details → https://thehackernews.com/2025/07/china-linked-hackers-launch-targeted.html