Russia’s APT29 hacked legit websites—secretly redirecting ~10% of visitors into fake “Cloudflare” pages to hijack Microsoft accounts.

Amazon flagged and disrupted the campaign, but the group quickly spun up new domains.

Here’s what you need to know ↓ https://thehackernews.com/2025/08/amazon-disrupts-apt29-watering-hole.html

🚨 New Sitecore flaws put websites at risk of hijack & remote code execution.

Researchers chained a pre-auth cache poisoning bug with RCE to fully compromise patched Sitecore Experience Platform.

Details on CVEs + exploit chain → https://thehackernews.com/2025/08/researchers-warn-of-sitecore-exploit.html

🛑 WARNING: WhatsApp confirms a zero-click spyware attack targeting iPhone & Mac users.

Hackers chained a new WhatsApp flaw with an Apple bug—letting them hijack devices without you even tapping a link.

🔥 Here’s what you need to know ↓ https://thehackernews.com/2025/08/whatsapp-issues-emergency-update-for.html

Hackers are now using Velociraptor—a legit forensic tool—to sneak into networks.

At the same time, fake IT “support” chats on Microsoft Teams are stealing passwords and installing malware.

Trusted tools are becoming attack vectors.

Details here → https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html

North Korea’s hackers just unleashed RokRAT again.

🎯 Targets: academics, ex-officials & researchers in South Korea.

📩 Disguised as an intelligence newsletter—opens a PDF decoy while stealing everything from files to screenshots via Dropbox & Google Cloud.

Read ↓ https://thehackernews.com/2025/09/scarcruft-uses-rokrat-malware-in.html

🚨 80% of cyber incidents now start in the browser.

Enter Scattered Spider—a hacking group that hijacks Chrome & Edge sessions to steal logins, cookies, even your calendar.

The scary part? MFA won’t save you.

Here’s how they do it—and how to stop them ↓ https://thehackernews.com/2025/09/when-browsers-become-attack-surface.html

🔒 One week. Multiple pivots.

Attackers aren’t picking one door anymore—they’re breaking through all of them at once.

From apps to cloud to supply chains, here’s how cyber risk is morphing into a blended threat.

Full recap → https://thehackernews.com/2025/09/weekly-recap-whatsapp-0-day-docker-bug.html

Android malware is evolving: droppers now hide spyware & SMS stealers, not just banking trojans.

Fake apps in India pose as govt/bank tools, slipping past Google’s new protections with a simple “Update” trick.

Here’s how it works ↓ https://thehackernews.com/2025/09/android-droppers-now-deliver-sms.html

🚨 A fake npm package just hijacked crypto wallets.

“nodejs-smtp” disguised itself as the legit nodemailer library—while secretly injecting code into Atomic & Exodus apps to steal BTC, ETH, USDT, XRP, and SOL.

Full story → https://thehackernews.com/2025/09/malicious-npm-package-nodejs-smtp.html

⚠️ UPDATE: ReliaQuest confirms attackers used CVE-2025-54309 to hijack the “crushadmin” account as a backdoor.

55k+ devices still expose CrushFTP online. Logs showing “failed” attempts ≠ safe.

Details → https://thehackernews.com/2025/07/hackers-exploit-critical-crushftp-flaw.html

🚨 UPDATE: Zscaler confirms it’s the latest victim of the Salesloft Drift breach.

Attackers accessed its Salesforce instance, stealing customer contact details, licensing info, and some support case text.

No misuse seen yet. Access revoked, tokens rotated.
Details → https://thehackernews.com/2025/08/google-warns-salesloft-oauth-breach.html

🔴 Most SIEM alerts are junk. 74% of breaches had warnings — but analysts ignored them, buried under 5,000+ daily false positives.

The price? Burnout, wasted millions, and missed threats.

Why the SOC’s beating heart is now its weakest link → https://thehackernews.com/expert-insights/2025/09/the-high-cost-of-useless-alerts-why.html

🛑 Your antivirus can be turned against you.

Hackers hijacked a Microsoft-signed Windows driver to kill 🪲 security tools—then slip in ValleyRAT spyware.

The trick? One flipped byte ⚡ to dodge blocklists.

Here’s how it works ↓ https://thehackernews.com/2025/09/silver-fox-exploits-microsoft-signed.html

🚨 3 days of nonstop brute-force attacks

Researchers traced a record wave of VPN & RDP break-ins to a Ukrainian network (FDN3) tied to bulletproof hosting gangs.

The setup looks custom-built for ransomware: https://thehackernews.com/2025/09/ukrainian-network-fdn3-launches-massive.html

🚨 WEBINAR ALERT - Every month new malware sneaks into PyPI. Even official Python images ship with critical CVEs.

This isn’t just a dev issue—it’s a business risk. Don’t wait for a breach to prove it.

Watch this webinar & learn to protect your org → https://thehacker.news/safeguarding-python-supply-chain

🔥 90% of employees already use AI at work… and nearly HALF of those interactions run through personal emails that bypass company security.

This is the danger of Shadow AI ⚠️

Are CISOs ready? → https://thehackernews.com/2025/09/shadow-ai-discovery-critical-part-of.html

💀 Meet MystRodX: a stealth backdoor that “wakes up” when it gets a secret ping.

Researchers say it’s tied to China’s Liminal Panda espionage group.

This one’s built for espionage → https://thehackernews.com/2025/09/researchers-warn-of-mystrodx-backdoor.html

🚨 UPDATE - Palo Alto Networks confirms it was hit in the Salesloft Drift breach.

Attackers accessed Salesforce CRM data — mostly contacts, sales info & case records.

Products/services not impacted. Other victims: Zscaler, PagerDuty, SpyCloud, Tanium.

Details → https://thehackernews.com/2025/08/google-warns-salesloft-oauth-breach.html

🔥 North Korea’s Lazarus Group just pulled off a bold new hack.

They posed as coworkers on Telegram, set up fake Calendly sites—and cycled through three custom RATs to compromise a DeFi employee’s system.

The scariest part? One tool may have exploited a Chrome zero-day.

Read → https://thehackernews.com/2025/09/lazarus-group-expands-malware-arsenal.html

⚠️ Salesloft pulled the plug on Drift after a massive supply-chain hack.

Hackers stole its OAuth tokens—then used them to breach Salesforce at Cloudflare, Google Workspace, Palo Alto, Zscaler & 700+ orgs.

Full story → https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.html