Google now requires crypto app developers in the US, UK, EU & 12 more regions to get official licenses before hitting Play Store.

Non-compliance? Apps pulled.

Learn more about this crackdown → https://thehackernews.com/2025/08/google-requires-crypto-app-licenses-in.html

🛑 Your bank card. Your calls. Your phone — all in a cybercriminals' hands.

💳 PhantomCard – NFC trojan that clones your bank card & spends like it’s theirs.
📞 SpyBanker – Steals banking data & hijacks calls in India.
⚙️ KernelSU exploits – Full control of rooted Android devices.

How they work & how to stop them → https://thehackernews.com/2025/08/new-android-malware-wave-hits-banking.html

🔒🚫 Stop hackers before they even knock.

Turn on MFA everywhere. Block every unknown app. Lock risky tools in a digital cage.

This “security by default” playbook slams the door on ransomware & phishing.

See how it works → https://thehackernews.com/2025/08/simple-steps-for-attack-surface.html

The City of Hamilton’s multi-million dollar cybersecurity insurance claim was recently denied following a ransomware attack in 2024. Why? Because MFA wasn’t fully implemented at the time of the attack.

Find and fix MFA gaps with Push Security to avoid claim denial 👉 https://thn.news/stop-identity-attacks-others

⚡ Japan’s cyber watchdog caught hackers using CrossC2—a Cobalt Strike spin-off that hijacks Linux, macOS, and Windows—to breach networks across multiple countries.

They loaded custom malware entirely in memory—and may be tied to Black Basta ransomware crews.

Details → https://thehackernews.com/2025/08/researchers-warn-crossc2-expands-cobalt.html

🔥🏚 That “test server” you forgot about?

It’s still online. And waving at attackers 👋

EASM finds those ghost assets. DRP catches your name on the dark web.

Together, they’re the digital “Did I leave the oven on?” check—before the house burns down.

🛡 Read before something starts smoking → https://thehackernews.com/2025/08/have-you-turned-off-your-virtual-oven.html

🚨 New HTTP/2 flaw can crash major servers.

“MadeYouReset” bypasses Rapid Reset protections—letting attackers flood Apache Tomcat, F5 BIG-IP & more with thousands of requests, taking sites offline.

Here’s how it works → https://thehackernews.com/2025/08/new-http2-madeyoureset-vulnerability.html

🚨 CVSS 10.0 flaw in Cisco Secure Firewall could let attackers run commands with high privilege — no login needed.

The catch? Just RADIUS auth enabled is enough. No workarounds. Patch now.

Full details → https://thehackernews.com/2025/08/cisco-warns-of-cvss-100-fmc-radius-flaw.html

🚨 The US just hit Russian crypto exchange Garantex—and its rebrand Grinex—with new sanctions.

They’ve allegedly laundered $100M+ for ransomware gangs since 2019, moving billions via a ruble-backed stablecoin.

$5M bounty now on a co-founder’s head.

Details → https://thehackernews.com/2025/08/us-sanctions-garantex-and-grinex-over.html

AI isn’t just keeping your data. It’s deciding what to tell you, what to hide, and who else gets to know.

When your AI agent starts shaping your reality, “privacy” stops meaning what you think it does.

Here’s why Zero Trust now applies to minds—human and machine ↓ https://thehackernews.com/2025/08/zero-trust-ai-privacy-in-age-of-agentic.html

⚡ Chinese hackers are burrowing into Taiwan’s web infrastructure — using custom open-source tools to stay hidden for years.

They’re exploiting unpatched servers, planting stealth VPNs, and launching Cobalt Strike for full control.

Here’s how the campaign works → https://thehackernews.com/2025/08/taiwan-web-servers-breached-by-uat-7237.html

👨‍💻 Hackers are abusing a Windows flaw (CVE-2025-26633) to drop malware—masquerading as IT staff on Microsoft Teams and tricking users with rogue MSC files.

The group? EncryptHub, a Russian crew blending social engineering with zero-days.

Details → https://thehackernews.com/2025/08/russian-group-encrypthub-exploits-msc.html

🚨 The ERMAC V3.0 Android banking trojan just had its entire source code leaked—backend, panels, builder, exfil servers.

It still targets 700+ apps, from banking to crypto, and even ships with default creds.

Read ↓ https://thehackernews.com/2025/08/ermac-v30-banking-trojan-source-code.html

20% of breaches in 2025 started with unpatched software.

And patch management? It’s broken.

With SaaS sprawl + BYOD, IT teams can’t keep up. Shadow apps and personal devices are a hacker’s dream.

Here’s what needs to change ↓ https://thehackernews.com/expert-insights/2025/08/why-traditional-approaches-to-patch.html

🚨 New supply-chain attacks hit open-source repos.

• PyPI: termncolor & colorinal delivered multi-stage malware with Windows & Linux backdoors.

• npm: fake packages posed as dev tools & job tests, stealing iCloud Keychain, browser data, wallets.

Details → https://thehackernews.com/2025/08/malicious-pypi-and-npm-packages.html

🚨 Compliance isn’t optional. Fail GDPR, HIPAA, or PCI DSS → massive fines, lawsuits, even shutdowns.

The scary part? Most don’t even know where they’re failing.

Here’s how Wazuh helps fix it:
✅ Real-time alerts
✅ Compliance dashboards
✅ Active response

Read this now → https://thehackernews.com/2025/08/wazuh-for-regulatory-compliance.html

46% of security leaders lose sleep over growing regulatory complexity.

Move beyond checkbox compliance and turn GRC into a strategic advantage with this new Tines guide.

What's in the guide:
🔸 Common challenges for security and compliance teams today
🔸 Four areas where GRC teams can leverage workflow orchestration and automation for immediate impact
🔸 Case study stories from Druva, Path AI, and more

Get the full guide here: https://thn.news/automating-grc-guide

⚡ Cybersecurity isn’t failing in one big breach—it’s leaking everywhere.

This week’s signals show just how fast cracks turn into collapse:

– NFC trojan stealing cards via “tap-to-pay” 🎴
– Active exploits in N-able N-central
– Espionage ops in Georgia & Moldova
– Docker Hub images still hiding the XZ backdoor
– U.S. expands crypto sanctions
– Hackers rushing to weaponize new CVEs

Each story points to one truth: hesitation = risk.

Read full RECAP → https://thehackernews.com/2025/08/weekly-recap-nfc-fraud-curly-comrades-n.html

⚠️ Hackers just weaponized a new Windows flaw (CVE-2025-29824) to drop the PipeMagic backdoor—fueling RansomExx attacks.

The bait? Fake ChatGPT apps and Chrome updates.
Still active. Still evolving.

Details here → https://thehackernews.com/2025/08/microsoft-windows-vulnerability.html

That copyright email in your inbox? It might not be legal trouble—it might be malware.

The “Noodlophile” attack hides in fake copyright notices, abuses Telegram, and slips past security tools.

If your brand lives on social media—you’re a target.

Here’s how it works ↓ https://thehackernews.com/2025/08/noodlophile-malware-campaign-expands.html