🚨 An AI-generated npm package just stole crypto from devs.

"kodane/patch-manager" posed as a legit Node.js tool — but hid a stealth wallet drainer that hit 1,500+ downloads before takedown.

Here’s what to know ↓ https://thehackernews.com/2025/08/ai-generated-malicious-npm-package.html

🚨 Hackers are using fake Microsoft OAuth apps + the Tycoon phishing kit to hijack 365 accounts

They’ve spoofed 50+ brands (Adobe, DocuSign, SharePoint), bypassing MFA with adversary-in-the-middle attacks.

3,000+ users hit across 900 orgs.

Details → https://thehackernews.com/2025/08/attackers-use-fake-oauth-apps-with.html

🚨 A single Slack message could hijack Cursor—AI code editor—with zero clicks.

CVE-2025-54135 let attackers run remote code just by posting in a public channel.

Cursor auto-executed it. No prompts. No approval.

Details here → https://thehackernews.com/2025/08/cursor-ai-code-editor-fixed-flaw.html

🚨 Akira ransomware is hitting SonicWall SSL VPNs—some fully patched.

Researchers suspect a zero-day or credential abuse. Attacks surged in late July.

Org? Disable SSL VPN until further notice.

Full details ↓ https://thehackernews.com/2025/08/akira-ransomware-exploits-sonicwall.html

🚨 China-linked threat group hacked Southeast Asia telecoms — no data stolen, just full remote access to critical networks for 9 months.

They used stealth malware, tunneled through mobile operators, and wiped their tracks.

Here’s what we know ↓ https://thehackernews.com/2025/08/cl-sta-0969-installs-covert-malware-in.html

🚨 Over 11,000 Android phones hijacked by new PlayPraetor malware.

It fakes Google Play pages, abuses accessibility settings, and livestreams your screen—all to steal banking and crypto credentials.

And it's spreading fast.

Here’s what you need to know ↓ https://thehackernews.com/2025/08/playpraetor-android-trojan-infects.html

You’re not just using SaaS. It’s using you.

AI tools, browser plugins, and apps your team installs without asking are opening hidden doors to your data.

Most IT teams have no idea.

Here’s how to take back control ↓ https://thehackernews.com/2025/08/the-wild-west-of-shadow-it.html

⚡ Weekly Recap ⟶ VPN 0‑Day, Mac Stealer Backdoor, AI Malware Disguised as Dev Tools, and an APT Hiding in ISPs.

The scariest part? Most of it looked legit.

Catch up now ↓ https://thehackernews.com/2025/08/weekly-recap-vpn-0-day-encryption.html

🚨 New wave of Python malware hits 4,000+ systems across 62 countries.

PXA Stealer is siphoning passwords, credit cards, and cookies—then selling them via Telegram-powered black markets.

Details here → https://thehackernews.com/2025/08/vietnamese-hackers-use-pxa-stealer-hit.html

🔥 Hackers can fully hijack NVIDIA's Triton AI servers — no login needed.

A new exploit chain gives attackers remote code execution and access to sensitive AI models.

It all starts with a single malformed request.

Full details → https://thehackernews.com/2025/08/nvidia-triton-bugs-let-unauthenticated.html

🚨 A suspected zero-day in SonicWall Gen 7 firewalls is under active attack.

Akira ransomware is exploiting SSL VPNs to breach networks—even with MFA.

20+ confirmed attacks. Domain controllers hit within hours.

Urgent steps + full report → https://thehackernews.com/2025/08/sonicwall-investigating-potential-ssl.html

🚨 DDoS attacks surged 358% in Q1 2025. But it’s not just volume—it’s AI-powered, precision-targeted, and actively evading defenses.

The old playbook is obsolete. Most orgs only test 1% of their attack surface.

The rest? Fully exposed.

Details here → https://thehackernews.com/expert-insights/2025/08/the-new-face-of-ddos-is-impacted-by-ai.html

🚨 15,000+ fake TikTok Shop sites are stealing logins & crypto.

A massive scam uses AI-generated videos, Meta ads & trojan apps to hijack your device.

It mimics influencers—and it's global.

Here’s what you need to know ↓ https://thehackernews.com/2025/08/15000-fake-tiktok-shop-domains-deliver.html

🚨 A phishing attack hidden behind a QR code + CAPTCHA was fully exposed in under 60 seconds—no analyst touch needed.

How? A live, automated sandbox detonated the payload, bypassed defenses, and surfaced IOCs instantly.

Your SOC is missing this.

Details here → https://thehackernews.com/2025/08/how-top-cisos-save-their-socs-from.html

🚨 A high-severity flaw in Cursor AI (CVE-2025-54136) let attackers hijack trusted MCP configs—triggering remote code execution every time you opened the project.

No re-prompt. No warning. Just silent compromise by modifying a config file you already trusted.

Learn more → https://thehackernews.com/2025/08/cursor-ai-code-editor-vulnerability.html

🔑 53% of orgs trust their SaaS vendors. But 70% of SaaS incidents come from misconfigs & bad permissions—your responsibility.

Worse? They leave no logs. No alerts. Just exposure.

Here’s why posture > detection: https://thehackernews.com/2025/08/misconfigurations-are-not.html

🚨 Google just fixed 3 Android bugs hackers were already using.

One lets them hijack your phone through the graphics chip — no clicks needed.

Spyware vendors may be behind it.

PATCH your phones now → https://thehackernews.com/2025/08/google-fixes-3-android-vulnerabilities.html

🚨 CAPTCHAgeddon is here. A fake CAPTCHA scam called ClickFix hijacks devices with a single paste—no download, no file, just clipboard commands.

It's smarter than ClearFake—and spreading fast.

Here’s how it works ↓ https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html

👀 Still pip installing and praying?

Supply chain attacks are everywhere in Python:
→ YOLO package hacked
→ Critical vulns in base images
→ Malicious packages live on PyPI

🔥 Join the free webinar to secure your Python stack → https://thehacker.news/safeguarding-python-supply-chain

🔒 UPDATE: Akira ransomware now uses legit Windows drivers (rwdrv.sys, hlpdrv.sys) in a BYOVD attack to disable Defender and gain kernel access—even in hardened environments.

Tied to SonicWall SSL VPN zero-day—still under active investigation.

Read → https://thehackernews.com/2025/08/sonicwall-investigating-potential-ssl.html