North Korean hackers ran a months-long cyber-espionage op against diplomats—hiding malware traffic in GitHub & Dropbox.

Their activity froze during Chinese national holidays.

Details → https://thehackernews.com/2025/08/north-korea-uses-github-in-diplomat.html

Ransomware. Outages. Human error.

The threats are multiplying—and downtime is no longer an option.

The survival playbook? A rock-solid BIA: the map that makes your BCDR strategy actually work.

Here’s why IT leaders can’t afford to skip it ↓ https://thehackernews.com/2025/08/turning-bia-insights-into-resilient-recovery.html

451 Research Reveals: Why AI & SaaS Security Can’t Be Managed Separately.

Security leaders: AI is reshaping your SaaS environment faster than old tools can keep up. Hear from Justin Lam, Principal Analyst at 451 Research, in a live session breaking down the new realities:

🔸 Hidden risks from shadow AI and third-party SaaS
🔸 Real-world attack scenarios and trends, including ShinyHunters
🔸 How unified SaaS & AI security platforms close the gaps

Save your seat for actionable insights, practical frameworks, and a live Q&A with one of the industry’s top minds—so your team is ready for what’s next.

Save My Spot → https://thn.news/ai-saas-attack-surface

🔥 WEBINAR ALERT!

Shadow AI agents are already running inside your business—often unseen, unlogged, and unmanaged.

Once hacked, they don’t think. They just execute—24/7.

Most security programs aren’t built for this.

Join our next webinar to learn how to stop them before attackers strike ↓ https://thehackernews.com/2025/08/webinar-discover-and-control-shadow-ai.html

🛑 PromptFix ALERT! Researchers show AI browsers like Comet can be tricked by hidden prompts inside fake CAPTCHAs.

Moreover, AI browsers may unknowingly:
• Auto-click phishing links
• Autofill credit cards and addresses
• Trigger malware downloads

🔗 Full details here → https://thehackernews.com/2025/08/experts-find-ai-browsers-can-be-tricked.html

🇷🇺 Russia’s Static Tundra hackers (linked to the FSB) are exploiting a 7-year-old critical Cisco flaw to breach telecom, education & manufacturing networks worldwide.

They’re stealing configs, planting implants like SYNful Knock, and hijacking traffic for espionage.

Details → https://thehackernews.com/2025/08/fbi-warns-russian-fsb-linked-hackers.html

⚠️ A single click on a fake site can hijack your password manager.

Researchers found 11 popular extensions (1Password, LastPass, iCloud & more) vulnerable—putting logins, 2FA codes, and credit cards at risk.

6 vendors still haven’t patched.

Protect your PASSWORDS ↓ https://thehackernews.com/2025/08/dom-based-extension-clickjacking.html

🚨 Apple just patched a zero-day already under attack.

Hackers were exploiting a malicious image bug (CVE-2025-43300) in iPhones, iPads & Macs.

Apple says it was used in extremely sophisticated targeted attacks.

Update now. Details ↓ https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html

🚫 That “CEO” on your Zoom call? Might be an AI fake.

Deepfake scams have already stolen $25M+ in single hits—voices, faces, even biometrics can be forged.
The line between real and fake is gone.

How to spot it before it’s too late ↓ https://thehackernews.com/expert-insights/2025/08/defending-against-adversarial-ai-and.html

A 20-year-old hacker just got 10 YEARS in prison.

Noah Urban, part of the Scattered Spider crew, stole millions through SIM swaps & crypto heists—and now owes $13M in restitution.

But the gang isn’t gone. They’ve merged with other groups to get even stronger.

Full story → https://thehackernews.com/2025/08/scattered-spider-hacker-gets-10-years.html

🚨 Shadow AI Agents = The New Insider Threat

They’re already inside your enterprise—untracked, unowned, and attackers are exploiting them.

In our next webinar, SailPoint's Steve Toole reveals:
🔸 How shadow agents emerge
🔸 Real-world attack paths
🔸 What CISOs must do now

Don’t let invisible AI identities be your weakest link.

🔗 Register → https://thehacker.news/shadow-ai-agents-threats

👾 Hackers are using a new malware loader—QuirkyLoader—to spread Agent Tesla, AsyncRAT, Snake Keylogger & more.

One campaign even targeted a Taiwan cybersecurity company with spyware built to steal passwords & keystrokes.

Learn more about this threat ↓ https://thehackernews.com/2025/08/hackers-using-new-quirkyloader-malware.html

🚨 Webinar: Automating Google Workspace Security Policies 🚨

Manual enforcement is impossible — scripts break, alerts pile up, and approvals drag on. Join Google Cloud Security and Zenphi experts to see how human-in-the-loop automation keeps IT in control while enforcing policies consistently.

🕒 When: August 27, 10 AM PT
👉 Register Here to Join Live or Get the Replay: https://thn.news/google-workspace-policies

What You’ll Learn:
📤 Block Gmail Forwarding to Personal Accounts – detect & disable instantly, log for audit.
👀 Shadow IT Monitoring – track OAuth apps & Chrome extensions without endless checks.
👋 Automated Offboarding – revoke access, clear permissions, and document the process.
💡 Bonus: Get exclusive access to the latest Google Cloud Security Trends Report.

🔥 Nearly half of orgs failed password-cracking tests in 2025 (up from last year).

Once inside? Attackers succeed in 98% of cases using valid accounts—slipping past defenses unnoticed.

The weakest link isn’t malware. It’s your passwords.

Read the report → https://thehackernews.com/2025/08/weak-passwords-and-compromised-accounts.html

Hackers are luring people with fake CAPTCHA pages—then tricking them into copy-pasting malware.

The result: a new backdoor, CORNFLAKE.V3, that steals credentials, hides behind Cloudflare, and won’t go away once it’s in.

Here’s how the attack works → https://thehackernews.com/2025/08/cybercriminals-deploy-cornflakev3.html

🚨 Four new Commvault flaws just dropped — and they can be chained for pre-auth remote code execution.

Attackers could seize control before you even log in.

Worst part? One chain works if the default admin password was never changed.

Patch now. Details here → https://thehackernews.com/2025/08/pre-auth-exploit-chains-found-in.html

A Houston software dev just got 4 years in prison.

Why? He built a hidden kill switch that locked out thousands of coworkers the moment his account was disabled.

The sabotage cost his company hundreds of thousands.

Details ↓ https://thehackernews.com/2025/08/ex-developer-jailed-four-years-for.html

Three China-backed hacking groups are tearing into cloud & telecom networks worldwide.

🐼 Murky Panda → hijacked cloud partners to backdoor Entra ID
🐼 Genesis Panda → burrowed deep into CSP accounts
🐼 Glacial Panda → raided telecom networks in 11 countries .

Different methods.
Same mission: espionage.

Details here → https://thehackernews.com/2025/08/chinese-hackers-murky-genesis-and.html

🚨 1,209 cybercriminals arrested across 18 African countries.

• $97.4 million recovered
• 88,000 victims
• 11,432 malicious infrastructures dismantled

From crypto fraud to ransomware, Operation Serengeti shows the global fight against cybercrime is heating up.

Read → https://thehackernews.com/2025/08/interpol-arrests-1209-cybercriminals.html

Why are we still delivering pentest results like it’s 2010?

Static PDFs. Email attachments. Weeks of delay.

Automation flips the script: findings delivered in real time, workflows auto-tracked. This is the future of pentest delivery.

See how → https://thehackernews.com/2025/08/automation-is-redefining-pentest.html