BeyondTrust recently dropped the cybersecurity's first-ever arcade game! 🕹️

It's fast, fun, and sneakily educational. Test your reflexes now - no sign-ups, no cookies, just pure fun.

Play now: https://thn.news/acronym-game

⚡ Employees are flooding your stack with AI tools.

The real danger isn’t adoption—it’s shadow AI leaking data with zero guardrails.

🔍 CISOs: 5 rules to stop today’s experiments from becoming tomorrow’s breach ↓ https://thehackernews.com/2025/08/the-5-golden-rules-of-safe-ai-adoption.html

🚨 ShadowSilk hackers just hit nearly 30+ gov targets across Central Asia & APAC.

The crew? A Russian-Chinese tag team using Telegram bots to hide C2 traffic + stealing Chrome passwords.

They’re still active—new victims found in July.

Read → https://thehackernews.com/2025/08/shadowsilk-hits-36-government-targets.html

Hackers just weaponized Anthropic’s AI chatbot Claude to run ransomware-style attacks.

📌 17 orgs hit—healthcare, gov, even emergency services
📌 Ransoms up to $500K
📌 The AI made its own decisions on what data to steal

This is the future of cybercrime.

Full story → https://thehackernews.com/2025/08/anthropic-disrupts-ai-powered.html

🚨 AI-powered ransomware is here.

Researchers just uncovered PromptLock—ransomware strain that uses OpenAI’s new gpt-oss:20b model to write unique attack scripts on every run.

◉ Cross-platform: Windows, Linux, macOS.
◉ Harder to spot. Harder to stop.
◉ For now, it’s “just” a PoC.

Details → https://thehackernews.com/2025/08/someone-created-first-ai-powered.html

⚠️ More tools ≠ more security.

Keeper’s CEO says layered products can’t keep up—only a unified platform with zero trust, least privilege & AI can.

The future of defense isn’t more tools. It’s one platform.

Watch... Here’s why → https://thehackernews.com/videos/2025/08/the-new-mindset-platforms-over-products.html

🔑 Ransomware without the ransomware.

Storm-0501 just rewrote the playbook:
→ No malware
→ No encryption
→ Just full cloud takeover

They steal your data, erase backups, then demand ransom—over Microsoft Teams.

The playbook is wild ↓ https://thehackernews.com/2025/08/storm-0501-exploits-entra-id-to.html

🔥 Shadow AI agents are sneaking into your workflows, launched with one click—and they're using hidden identities to evade detection.

The scary part? They're multiplying unchecked, risking your entire cloud security.

Join this latest free webinar with experts to learn to spot and stop them: https://thehacker.news/shadow-ai-agents

🚨 WARNING - 3.5M download npm package hijacked.

Attackers slipped malicious versions of Nx that stole GitHub + cloud creds, planted backdoors, and even weaponized AI tools like Claude & Gemini.

One of the first known supply chain hacks turning AI assistants into attack tools.

Here’s what devs need to know ↓ https://thehackernews.com/2025/08/malicious-nx-packages-in-s1ngularity.html

🚨 Treasury just hit 2 men & 2 companies with new sanctions—exposing how North Korea’s IT worker scam is fueling its weapons program.

The twist: these “developers” can’t even code without AI like Claude—yet they’ve landed jobs at Fortune 500 firms.

Here’s what’s going on ↓ https://thehackernews.com/2025/08/us-treasury-sanctions-dprk-it-worker.html

🚨 The average data breach now costs $4.88M.

And it’s not just hackers—tiny human errors inside project tools can wipe months of work in seconds. Built-in backups? They won’t save you.

How to actually protect your projects ↓ https://thehackernews.com/2025/08/hidden-vulnerabilities-of-project.html

🚨 A China-linked hacking group, Salt Typhoon, has hit 600 orgs in 80 countries—from telecoms to military networks.

They exploited flaws in Cisco, Ivanti & Palo Alto gear to spy on global comms.

Details → https://thehackernews.com/2025/08/salt-typhoon-exploits-cisco-ivanti-palo.html

⚡ Most teams only see risks after code hits the cloud.

By then, it’s chaos.

Code-to-cloud visibility flips the script—catch issues early, fix faster, stop the scramble.

👉 Join the Sept 18 webinar to get the playbook ↓ https://thehackernews.com/2025/08/webinar-why-top-teams-are-prioritizing.html

Warning: Hackers found a VS Code Marketplace loophole—deleted extension names can be reused by anyone.

One group already slipped in ransomware that demands Shiba Inu tokens.

If a popular extension is removed, its name is up for grabs.

Here’s why this is a supply chain nightmare ↓ https://thehackernews.com/2025/08/researchers-find-vs-code-flaw-allowing.html

🚨 A fake PDF editor is hijacking Google ads—tricking users into downloading TamperedChef, a new info-stealing malware.

It steals logins, cookies & even backdoors your system. The worst part? It hid for 56 days before activating.

Read → https://thehackernews.com/2025/08/tamperedchef-malware-disguised-as-fake.html

🚨 Google says the Salesloft Drift breach is much larger than believed.

All Drift integrations should be treated as compromised.

Revoke, rotate, investigate.

Details here → https://thehackernews.com/2025/08/google-warns-salesloft-oauth-breach.html

🚨 FBI & Dutch police just shut down VerifTools—a dark web hub selling fake passports & driver’s licenses for as little as $9.

BUT within hours, operators relaunched under a new domain.

Criminals used it to bypass KYC checks & steal millions in crypto.

Here’s what’s next ↓ https://thehackernews.com/2025/08/feds-seize-64m-veriftools-fake-id.html

🚨 FreePBX zero-day under active attack.

Hackers are exploiting a CVSS 10.0 flaw to hijack systems, drop backdoors & potentially gain root access. If your admin panel is exposed online, assume compromise.

Here’s what you need to know ↓ https://thehackernews.com/2025/08/freepbx-servers-targeted-by-zero-day.html

🚨 Passwordstate, used by 29,000 orgs worldwide, just patched a critical flaw.

A crafted URL could bypass its emergency access page — exposing credentials.

Researchers also warn its browser extension was at risk of clickjacking: one bad click could leak logins, cards, even 2FA codes.

Full details here → https://thehackernews.com/2025/08/click-studios-patches-passwordstate.html

🚨 Hackers hijacked an abandoned Sogou Zhuyin update server—turning old software into a weapon.

Hundreds of victims, from Taiwan to the U.S., were hit with spyware & backdoors disguised as legit updates.

Even Wikipedia links pointed users to malware.

Read → https://thehackernews.com/2025/08/abandoned-sogou-zhuyin-update-server.html