🚨 CISA just confirmed active exploits targeting 3 old D-Link camera and recorder flaws — one remains unpatched.

These vulnerabilities expose admin passwords and enable command execution.

One affected model reached end-of-life. Still using it? You're exposed.

Mitigations required by Aug 26 → https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.html

🚨 Ukraine hit by wave of cyberattacks — again.

Phishing emails posing as court summons are dropping malware that steals docs, grabs screenshots, and executes remote commands.

Here’s what’s happening ↓ https://thehackernews.com/2025/08/cert-ua-warns-of-hta-delivered-c.html

🚨 Trend Micro flaw (CVE-2025-54948 and CVE-2025-54987) lets attackers run code before login.

Two critical bugs (CVSS 9.4) are being exploited right now in Apex One on-prem.

Admins, patch fast — remote code execution is on the table.

Here’s what you need to know ↓ https://thehackernews.com/2025/08/trend-micro-confirms-active.html

Microsoft just built an AI that reverse-engineers malware by itself.

No hints. No human help — and 90%+ accuracy.

It could change how threats are found—before they even spread.

Here’s what Project Ire can do ↓ https://thehackernews.com/2025/08/microsoft-launches-project-ire-to.html

📈 vCISO adoption just exploded 319% in one year.

MSPs & MSSPs are scrambling to meet SMB demand—and AI is powering the shift.

It’s not just about security. It’s driving higher margins, better upsell, and recurring revenue.

Check full report → https://thehackernews.com/2025/08/ai-slashes-workloads-for-vcisos-by-68.html

🚨 UPDATE: Google confirms it was hit in the Salesforce vishing attacks.

Hackers accessed contact data for small biz clients in June—then vanished.

Now? They're back, threatening victims with 72-hour bitcoin extortion demands, posing as ShinyHunters.

Read ↓ https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html

🚨 Millions duped by fake apps on Apple & Google stores.

VexTrio, a global crime ring, used bogus VPNs & cleaners to steal data, push ads, and charge hidden fees.

It’s still active.

Details here → https://thehackernews.com/2025/08/fake-vpn-and-spam-blocker-apps-tied-to.html

🚨 One container in Amazon ECS can now hijack all others’ AWS creds on the same EC2 host.

Researchers exposed a stealthy privilege escalation chain called ECScape — no exploit, just abusing AWS internals.

Amazon: "Working as designed."

Details → https://thehackernews.com/2025/08/researchers-uncover-ecscape-flaw-in.html

Your pip install isn’t as safe as you think.

From typo-squatting to CVE-packed base images, Python supply chain attacks are everywhere—and evolving fast.

🎥 Learn how to lock down your stack in 2025. Tools, tactics, and real-world examples:

Watch the webinar → https://thehackernews.com/2025/08/webinar-how-to-stop-python-supply-chain.html

🚨 Attackers are hitting SonicWall firewalls again—but it’s not a new zero-day.

Turns out, they’re exploiting a known bug (CVE-2024-40766) and weak password hygiene.

Migrating from Gen 6 to Gen 7 without resets? That’s leaving doors wide open.

Full details + what to fix → https://thehackernews.com/2025/08/sonicwall-confirms-patched.html

🚨 Microsoft just warned: CVE-2025-53786 lets hackers silently escalate privileges from on-prem Exchange to the cloud.

No logs. No easy traces.
Your hybrid setup could be a silent breach vector.

Full details + fixes → https://thehackernews.com/2025/08/microsoft-discloses-exchange-server.html

🚨 Hackers can hijack Axis camera networks without logging in.

A CVSS 9.0 flaw in Axis Device Manager & Camera Station enables pre-auth remote code execution—impacting 6,500+ servers, mostly in the U.S.

Live feeds could be watched or shut down.

Details → https://thehackernews.com/2025/08/6500-axis-servers-expose-remoting.html

🚨 11 malicious Go packages just found — infecting both Windows and Linux.

They silently download payloads, hijack shells, and can steal browser data.

Worse: they look legit, preying on confused devs importing from GitHub.

Details devs need to see ↓ https://thehackernews.com/2025/08/malicious-go-npm-packages-deliver-cross.html

🚨 Cloud attacks now execute in under 10 minutes.

AI is fueling both sides:
🔒 500% surge in AI workloads
⚠️ CI/CD pipelines under fire
🛡️ Real-time defense is no longer optional

Real-time defense isn’t optional—it’s survival.

Full 2025 report → https://thehackernews.com/2025/08/the-ai-powered-security-shift-what-2025.html

🚨 Hackers are hijacking legit ad tools to push fake browser updates—spreading SocGholish malware linked to LockBit, Evil Corp & others.

It’s a Malware-as-a-Service network selling your device as a doorway in.

How it works → https://thehackernews.com/2025/08/socgholish-malware-spread-via-ad-tools.html

$1M in crypto gone—stolen by 150+ fake Firefox wallet extensions.

The scam: lookalike MetaMask, TronLink, Exodus add-ons that start clean… then turn malicious when no one’s watching.

Now spreading to Chrome. AI is helping them scale.

Full story → https://thehackernews.com/2025/08/greedybear-steals-1m-in-crypto-using.html

🚨 RubyGems & PyPI under attack:

🔸 60 fake RubyGems stole social media logins (275K+ downloads)
🔸 PyPI fakes hijacked crypto staking wallets

Both hide credential-stealing code in legit-looking packages.

Details → https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html

🚨 Stolen logins are now the #1 way hackers break in — beating phishing & software flaws.

Many still work. Attackers don’t need exploits when they can just log in.

Think your passwords are safe? You might want to check.

Full report → https://thehackernews.com/2025/08/leaked-credentials-up-160-what.html

🚨 Brazil hit by two cyber threats:

1️⃣ Hackers using AI-built fake gov sites to steal IDs + cash via PIX.
2️⃣ Efimer Trojan spreading via fake legal emails, torrents & WordPress hacks — swapping crypto wallets + stealing funds.

How both attacks work → https://thehackernews.com/2025/08/ai-tools-fuel-brazilian-phishing-scam.html

🚨 14 new flaws in CyberArk & HashiCorp vaults can let hackers steal corporate secrets without a password — some bugs sat undetected for 9 years.

Researchers warn attackers could chain them for full remote takeover.

Full story → https://thehackernews.com/2025/08/cyberark-and-hashicorp-flaws-enable.html