🚨 A fake npm package just hijacked crypto wallets.

“nodejs-smtp” disguised itself as the legit nodemailer library—while secretly injecting code into Atomic & Exodus apps to steal BTC, ETH, USDT, XRP, and SOL.

Full story → https://thehackernews.com/2025/09/malicious-npm-package-nodejs-smtp.html

⚠️ UPDATE: ReliaQuest confirms attackers used CVE-2025-54309 to hijack the “crushadmin” account as a backdoor.

55k+ devices still expose CrushFTP online. Logs showing “failed” attempts ≠ safe.

Details → https://thehackernews.com/2025/07/hackers-exploit-critical-crushftp-flaw.html

🚨 UPDATE: Zscaler confirms it’s the latest victim of the Salesloft Drift breach.

Attackers accessed its Salesforce instance, stealing customer contact details, licensing info, and some support case text.

No misuse seen yet. Access revoked, tokens rotated.
Details → https://thehackernews.com/2025/08/google-warns-salesloft-oauth-breach.html

🔴 Most SIEM alerts are junk. 74% of breaches had warnings — but analysts ignored them, buried under 5,000+ daily false positives.

The price? Burnout, wasted millions, and missed threats.

Why the SOC’s beating heart is now its weakest link → https://thehackernews.com/expert-insights/2025/09/the-high-cost-of-useless-alerts-why.html

🛑 Your antivirus can be turned against you.

Hackers hijacked a Microsoft-signed Windows driver to kill 🪲 security tools—then slip in ValleyRAT spyware.

The trick? One flipped byte ⚡ to dodge blocklists.

Here’s how it works ↓ https://thehackernews.com/2025/09/silver-fox-exploits-microsoft-signed.html

🚨 3 days of nonstop brute-force attacks

Researchers traced a record wave of VPN & RDP break-ins to a Ukrainian network (FDN3) tied to bulletproof hosting gangs.

The setup looks custom-built for ransomware: https://thehackernews.com/2025/09/ukrainian-network-fdn3-launches-massive.html

🚨 WEBINAR ALERT - Every month new malware sneaks into PyPI. Even official Python images ship with critical CVEs.

This isn’t just a dev issue—it’s a business risk. Don’t wait for a breach to prove it.

Watch this webinar & learn to protect your org → https://thehacker.news/safeguarding-python-supply-chain

🔥 90% of employees already use AI at work… and nearly HALF of those interactions run through personal emails that bypass company security.

This is the danger of Shadow AI ⚠️

Are CISOs ready? → https://thehackernews.com/2025/09/shadow-ai-discovery-critical-part-of.html

💀 Meet MystRodX: a stealth backdoor that “wakes up” when it gets a secret ping.

Researchers say it’s tied to China’s Liminal Panda espionage group.

This one’s built for espionage → https://thehackernews.com/2025/09/researchers-warn-of-mystrodx-backdoor.html

🚨 UPDATE - Palo Alto Networks confirms it was hit in the Salesloft Drift breach.

Attackers accessed Salesforce CRM data — mostly contacts, sales info & case records.

Products/services not impacted. Other victims: Zscaler, PagerDuty, SpyCloud, Tanium.

Details → https://thehackernews.com/2025/08/google-warns-salesloft-oauth-breach.html

🔥 North Korea’s Lazarus Group just pulled off a bold new hack.

They posed as coworkers on Telegram, set up fake Calendly sites—and cycled through three custom RATs to compromise a DeFi employee’s system.

The scariest part? One tool may have exploited a Chrome zero-day.

Read → https://thehackernews.com/2025/09/lazarus-group-expands-malware-arsenal.html

⚠️ Salesloft pulled the plug on Drift after a massive supply-chain hack.

Hackers stole its OAuth tokens—then used them to breach Salesforce at Cloudflare, Google Workspace, Palo Alto, Zscaler & 700+ orgs.

Full story → https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.html

Hackers are busy.

⚠️ CISA says TP-Link Wi-Fi extenders can be reset + hijacked — and since they’re end-of-life, no fixes are coming.

⚠️ WhatsApp + Apple flaws are being chained in a spyware campaign, quietly targeting fewer than 200 people.

Details you don’t want to miss ↓ https://thehackernews.com/2025/09/cisa-adds-tp-link-and-whatsapp-flaws-to.html

👨‍💻 Security teams fight on two fronts.

➡️ In dashboards: everything’s tidy—tickets, owners, workflows.
➡️ In reality: attackers chain “low” and “medium” issues into paths that reach the crown jewels.

Order alone isn’t enough. We need the attacker’s view.

That’s what ServiceNow + XM Cyber delivers: attack-graph intelligence that shows which fixes actually block real attack paths.

Full article by XM Cyber’s Elad Niddam on The Hacker News → https://thehackernews.com/expert-insights/2025/09/servicenow-and-xm-cyber-new-model-for.html

🚨 Cloudflare just stopped the largest DDoS attack ever recorded — peaking at 11.5 Tbps.

It lasted only 35 seconds… but experts warn these “tsunami” attacks can be smoke screens for data theft and deeper breaches.

Here’s what happened ↓ https://thehackernews.com/2025/09/cloudflare-blocks-record-breaking-115.html

👨‍💻 Hackers don’t care if your risks start in code or show up in the cloud.

But if you can’t see both, you’ll never fix the weak link.

Code-to-cloud visibility isn’t optional anymore.

⚡ Join our webinar with Ziad Ghalleb, Technical PMM Wiz to learn why it’s the new AppSec foundation → https://thehacker.news/code-to-cloud-appsec

🚨 Iranian-linked hackers just launched a global spear-phishing blitz—targeting embassies, consulates & ministries across Europe, Africa, Asia & the Americas.

The bait? Fake “urgent” diplomatic emails—some sent from a hacked Oman MFA mailbox.

Full details → https://thehackernews.com/2025/09/iranian-hackers-exploit-100-embassy.html

🚨 Google patched 120 Android security flaws — including 2 already exploited in real-world attacks.

Hackers don’t need your clicks. They don’t need your permission. They’re already in.

Update immediately. Full story → https://thehackernews.com/2025/09/android-security-alert-google-patches.html

⚠️ Hackers are already weaponizing HexStrike AI—a tool built for ethical hacking—to exploit fresh Citrix flaws.

What was meant to protect networks is now fueling real-world cyberattacks at scale.

Patch fast. Details here → https://thehackernews.com/2025/09/threat-actors-weaponize-hexstrike-ai-to.html

Still in the dark about your identity risks? BeyondTrust flips the switch 💡

Their complimentary Identity Security Risk Assessment gives you rapid clarity on hidden privilege risks & best remediation steps.

Try it out today ⤵️ https://thn.news/secure-identity-check