👀 Still pip installing and praying?

Supply chain attacks are everywhere in Python:
→ YOLO package hacked
→ Critical vulns in base images
→ Malicious packages live on PyPI

🔥 Join the free webinar to secure your Python stack → https://thehacker.news/safeguarding-python-supply-chain

🔒 UPDATE: Akira ransomware now uses legit Windows drivers (rwdrv.sys, hlpdrv.sys) in a BYOVD attack to disable Defender and gain kernel access—even in hardened environments.

Tied to SonicWall SSL VPN zero-day—still under active investigation.

Read → https://thehackernews.com/2025/08/sonicwall-investigating-potential-ssl.html

🔥 AI just changed the rules of pen testing.

Now you can say: "Check if leaked creds can access prod-finance."

And in seconds, it attacks, adapts, and reports—no scripts, no guesswork.

Vibe Red Teaming is here. Testing becomes a conversation.

→ Full vision from Pentera's CTO: https://thehackernews.com/2025/08/ai-is-transforming-cybersecurity.html

🚨 CISA just confirmed active exploits targeting 3 old D-Link camera and recorder flaws — one remains unpatched.

These vulnerabilities expose admin passwords and enable command execution.

One affected model reached end-of-life. Still using it? You're exposed.

Mitigations required by Aug 26 → https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.html

🚨 Ukraine hit by wave of cyberattacks — again.

Phishing emails posing as court summons are dropping malware that steals docs, grabs screenshots, and executes remote commands.

Here’s what’s happening ↓ https://thehackernews.com/2025/08/cert-ua-warns-of-hta-delivered-c.html

🚨 Trend Micro flaw (CVE-2025-54948 and CVE-2025-54987) lets attackers run code before login.

Two critical bugs (CVSS 9.4) are being exploited right now in Apex One on-prem.

Admins, patch fast — remote code execution is on the table.

Here’s what you need to know ↓ https://thehackernews.com/2025/08/trend-micro-confirms-active.html

Microsoft just built an AI that reverse-engineers malware by itself.

No hints. No human help — and 90%+ accuracy.

It could change how threats are found—before they even spread.

Here’s what Project Ire can do ↓ https://thehackernews.com/2025/08/microsoft-launches-project-ire-to.html

📈 vCISO adoption just exploded 319% in one year.

MSPs & MSSPs are scrambling to meet SMB demand—and AI is powering the shift.

It’s not just about security. It’s driving higher margins, better upsell, and recurring revenue.

Check full report → https://thehackernews.com/2025/08/ai-slashes-workloads-for-vcisos-by-68.html

🚨 UPDATE: Google confirms it was hit in the Salesforce vishing attacks.

Hackers accessed contact data for small biz clients in June—then vanished.

Now? They're back, threatening victims with 72-hour bitcoin extortion demands, posing as ShinyHunters.

Read ↓ https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html

🚨 Millions duped by fake apps on Apple & Google stores.

VexTrio, a global crime ring, used bogus VPNs & cleaners to steal data, push ads, and charge hidden fees.

It’s still active.

Details here → https://thehackernews.com/2025/08/fake-vpn-and-spam-blocker-apps-tied-to.html

🚨 One container in Amazon ECS can now hijack all others’ AWS creds on the same EC2 host.

Researchers exposed a stealthy privilege escalation chain called ECScape — no exploit, just abusing AWS internals.

Amazon: "Working as designed."

Details → https://thehackernews.com/2025/08/researchers-uncover-ecscape-flaw-in.html

Your pip install isn’t as safe as you think.

From typo-squatting to CVE-packed base images, Python supply chain attacks are everywhere—and evolving fast.

🎥 Learn how to lock down your stack in 2025. Tools, tactics, and real-world examples:

Watch the webinar → https://thehackernews.com/2025/08/webinar-how-to-stop-python-supply-chain.html

🚨 Attackers are hitting SonicWall firewalls again—but it’s not a new zero-day.

Turns out, they’re exploiting a known bug (CVE-2024-40766) and weak password hygiene.

Migrating from Gen 6 to Gen 7 without resets? That’s leaving doors wide open.

Full details + what to fix → https://thehackernews.com/2025/08/sonicwall-confirms-patched.html

🚨 Microsoft just warned: CVE-2025-53786 lets hackers silently escalate privileges from on-prem Exchange to the cloud.

No logs. No easy traces.
Your hybrid setup could be a silent breach vector.

Full details + fixes → https://thehackernews.com/2025/08/microsoft-discloses-exchange-server.html

🚨 Hackers can hijack Axis camera networks without logging in.

A CVSS 9.0 flaw in Axis Device Manager & Camera Station enables pre-auth remote code execution—impacting 6,500+ servers, mostly in the U.S.

Live feeds could be watched or shut down.

Details → https://thehackernews.com/2025/08/6500-axis-servers-expose-remoting.html

🚨 11 malicious Go packages just found — infecting both Windows and Linux.

They silently download payloads, hijack shells, and can steal browser data.

Worse: they look legit, preying on confused devs importing from GitHub.

Details devs need to see ↓ https://thehackernews.com/2025/08/malicious-go-npm-packages-deliver-cross.html

🚨 Cloud attacks now execute in under 10 minutes.

AI is fueling both sides:
🔒 500% surge in AI workloads
⚠️ CI/CD pipelines under fire
🛡️ Real-time defense is no longer optional

Real-time defense isn’t optional—it’s survival.

Full 2025 report → https://thehackernews.com/2025/08/the-ai-powered-security-shift-what-2025.html

🚨 Hackers are hijacking legit ad tools to push fake browser updates—spreading SocGholish malware linked to LockBit, Evil Corp & others.

It’s a Malware-as-a-Service network selling your device as a doorway in.

How it works → https://thehackernews.com/2025/08/socgholish-malware-spread-via-ad-tools.html

$1M in crypto gone—stolen by 150+ fake Firefox wallet extensions.

The scam: lookalike MetaMask, TronLink, Exodus add-ons that start clean… then turn malicious when no one’s watching.

Now spreading to Chrome. AI is helping them scale.

Full story → https://thehackernews.com/2025/08/greedybear-steals-1m-in-crypto-using.html

🚨 RubyGems & PyPI under attack:

🔸 60 fake RubyGems stole social media logins (275K+ downloads)
🔸 PyPI fakes hijacked crypto staking wallets

Both hide credential-stealing code in legit-looking packages.

Details → https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html