🚨 WARNING: Dutch cyber watchdog confirms: a Citrix zero-day (CVE-2025-6543) was exploited for months before disclosure—hitting critical orgs, leaving hidden web shells, and erasing traces.

Patches are out. If you run NetScaler, act now.

Full story → https://thehackernews.com/2025/08/dutch-ncsc-confirms-active-exploitation.html

New research by Pentera builds on Wiz’s IngressNightmare and reveals critical injection vulnerabilities in the widely used ingress-nginx Kubernetes controller.

Pentera’s team uncovered additional attack vectors that exploit common configuration oversights - going beyond the four originally disclosed CVEs. These newly discovered injection points can allow attackers to bypass security controls, execute arbitrary code, and pivot deeper into Kubernetes clusters.

👉 Join experts live on August 20 at 11:00 AM ET for a technical deep dive into the full scope of these vulnerabilities and their real-world impact: https://thn.news/IngressNightmare-webinar

Read the full research report 👉 https://thn.news/cyberattacks-explained

🇷🇺 New Threat: Curly COMrades hacked govt & energy networks in Georgia & Moldova — stealing credentials & hiding for months.

Their secret weapon? Hijacking Windows’ own components to run commands as SYSTEM… and no one notices.

Find details here → https://thehackernews.com/2025/08/new-curly-comrades-apt-using-ngen-com.html

Identity attacks are evolving, but are your IR playbooks keeping up? Join Push Security's Josh Gideon on August 13th & 14th as he dives into the new challenges facing incident responders in the cloud. Don't miss out on a step-by-step walkthrough of how security teams are using browser telemetry to supercharge their security investigations.

Register here: https://thn.news/identity-attacks-webinar-tg

🚨 Your browser is now your biggest insider threat.

🤖 GenAI prompts
⚠️ Risky extensions
💻 Unmanaged devices

All leaking data in-session.

🥊 Enterprise Browser vs. Secure Extension — 9 brutal rounds.

Who wins? → https://thehackernews.com/2025/08/the-ultimate-battle-enterprise-browsers.html

⚠️ Two of the most dangerous hacker groups — ShinyHunters & Scattered Spider — are joining forces.

They’ve hit Salesforce users worldwide, and signs show their next big target: banks & financial firms.

Here’s why this alliance is bad news ↓ https://thehackernews.com/2025/08/cybercrime-groups-shinyhunters.html

🚨 780+ malicious IPs just launched a coordinated brute-force attack on Fortinet SSL VPNs — shifting mid-campaign to hit FortiManager.

Researchers warn this pattern often precedes a new CVE disclosure within weeks.

Read → https://thehackernews.com/2025/08/fortinet-ssl-vpns-hit-by-global-brute.html

🚨 Over a year after the XZ Utils backdoor was exposed, 35 infected Docker images are still live on Docker Hub — some built on top of each other, quietly spreading the malware.

They can let attackers bypass SSH auth & run root commands.

Full story → https://thehackernews.com/2025/08/researchers-spot-xz-utils-backdoor-in.html

🚨 New RANSOMWARE ALERT: “Charon” is hitting Middle East gov & aviation targets—using nation-state-level tactics to dodge defenses & lock files fast.

It mimics a China-linked APT, sideloads malicious DLLs, and even packs a driver to kill EDR (likely still in testing).

Read → https://thehackernews.com/2025/08/charon-ransomware-hits-middle-east.html

⚡ Microsoft patched 111 flaws — including a zero-day in Windows Kerberos that could let attackers seize entire Active Directory domains.

Some bugs score 10/10 severity. Others hit Azure OpenAI, Microsoft 365 Copilot, & Edge.

Read: https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html

Your Salesforce scans aren’t telling you everything.

Automated tools show what’s already there.

Only human-led penetration testing shows what could happen — uncovering hidden attack paths your scanners miss.

Here’s why most teams remain exposed → https://thehackernews.com/expert-insights/2025/08/the-second-layer-of-salesforce-security.html

🛑 Hackers are now using AI to deepfake your CFO’s voice, create perfect fake identities, and break into systems at machine speed.

The frontline isn’t your 🛡️ firewall anymore. It’s your login screen.

⚡ Join this free WEBINAR to see how to protect your business before it’s too late → https://thehackernews.com/2025/08/webinar-what-next-wave-of-ai.html

🚨 Active Exploit Alert → A critical FortiSIEM flaw (CVSS 9.8) lets attackers run code without logging in — and hackers are already using it.

No clear signs if you’ve been hit. Update now or risk silent compromise.

Full details → https://thehackernews.com/2025/08/fortinet-warns-about-fortisiem.html

Advance your skills in strategic security design with Georgetown’s Online Certificate in Cybersecurity Strategy.

Learn more → https://thn.news/cybersecurity-strategy-gt-ig

🚨 Critical flaws just hit Zoom & Xerox.

One lets attackers hijack Windows Zoom clients (CVSS 9.6).

Another in Xerox FreeFlow Core (CVSS 9.8) could give full remote control—easy to exploit.

PATCH NOW / Details → https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html

🤖 AI is taking over the SOC grind.

Gartner just named AI SOC agents the next big thing—slashing false positives, spotting gaps, and investigating threats in minutes.

But when it comes to the toughest calls? Humans still decide.

⚡ Read how it’s changing security → https://thehackernews.com/2025/08/ai-soc-101-key-capabilities-security.html

New Malware Alert: A stealthy threat called PS1Bot is hiding in online ads—stealing passwords, crypto wallets, and screenshots—while leaving almost no trace.

It’s already active worldwide.

Here’s how it works (and how to spot it) → https://thehackernews.com/2025/08/new-ps1bot-malware-campaign-uses.html

🚨 CISA warns: Hackers are actively exploiting 2 new flaws in N-able’s N-central — the RMM tool used by countless MSPs to control client systems.

Both bugs allow command execution if exploited. Patch by Aug 20 or risk takeover.

Full story → https://thehackernews.com/2025/08/cisa-adds-two-n-able-n-central-flaws-to.html

Google now requires crypto app developers in the US, UK, EU & 12 more regions to get official licenses before hitting Play Store.

Non-compliance? Apps pulled.

Learn more about this crackdown → https://thehackernews.com/2025/08/google-requires-crypto-app-licenses-in.html

🛑 Your bank card. Your calls. Your phone — all in a cybercriminals' hands.

💳 PhantomCard – NFC trojan that clones your bank card & spends like it’s theirs.
📞 SpyBanker – Steals banking data & hijacks calls in India.
⚙️ KernelSU exploits – Full control of rooted Android devices.

How they work & how to stop them → https://thehackernews.com/2025/08/new-android-malware-wave-hits-banking.html