🚨 3 days of nonstop brute-force attacks

Researchers traced a record wave of VPN & RDP break-ins to a Ukrainian network (FDN3) tied to bulletproof hosting gangs.

The setup looks custom-built for ransomware: https://thehackernews.com/2025/09/ukrainian-network-fdn3-launches-massive.html

🚨 WEBINAR ALERT - Every month new malware sneaks into PyPI. Even official Python images ship with critical CVEs.

This isn’t just a dev issue—it’s a business risk. Don’t wait for a breach to prove it.

Watch this webinar & learn to protect your org → https://thehacker.news/safeguarding-python-supply-chain

🔥 90% of employees already use AI at work… and nearly HALF of those interactions run through personal emails that bypass company security.

This is the danger of Shadow AI ⚠️

Are CISOs ready? → https://thehackernews.com/2025/09/shadow-ai-discovery-critical-part-of.html

💀 Meet MystRodX: a stealth backdoor that “wakes up” when it gets a secret ping.

Researchers say it’s tied to China’s Liminal Panda espionage group.

This one’s built for espionage → https://thehackernews.com/2025/09/researchers-warn-of-mystrodx-backdoor.html

🚨 UPDATE - Palo Alto Networks confirms it was hit in the Salesloft Drift breach.

Attackers accessed Salesforce CRM data — mostly contacts, sales info & case records.

Products/services not impacted. Other victims: Zscaler, PagerDuty, SpyCloud, Tanium.

Details → https://thehackernews.com/2025/08/google-warns-salesloft-oauth-breach.html

🔥 North Korea’s Lazarus Group just pulled off a bold new hack.

They posed as coworkers on Telegram, set up fake Calendly sites—and cycled through three custom RATs to compromise a DeFi employee’s system.

The scariest part? One tool may have exploited a Chrome zero-day.

Read → https://thehackernews.com/2025/09/lazarus-group-expands-malware-arsenal.html

⚠️ Salesloft pulled the plug on Drift after a massive supply-chain hack.

Hackers stole its OAuth tokens—then used them to breach Salesforce at Cloudflare, Google Workspace, Palo Alto, Zscaler & 700+ orgs.

Full story → https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.html

Hackers are busy.

⚠️ CISA says TP-Link Wi-Fi extenders can be reset + hijacked — and since they’re end-of-life, no fixes are coming.

⚠️ WhatsApp + Apple flaws are being chained in a spyware campaign, quietly targeting fewer than 200 people.

Details you don’t want to miss ↓ https://thehackernews.com/2025/09/cisa-adds-tp-link-and-whatsapp-flaws-to.html

👨‍💻 Security teams fight on two fronts.

➡️ In dashboards: everything’s tidy—tickets, owners, workflows.
➡️ In reality: attackers chain “low” and “medium” issues into paths that reach the crown jewels.

Order alone isn’t enough. We need the attacker’s view.

That’s what ServiceNow + XM Cyber delivers: attack-graph intelligence that shows which fixes actually block real attack paths.

Full article by XM Cyber’s Elad Niddam on The Hacker News → https://thehackernews.com/expert-insights/2025/09/servicenow-and-xm-cyber-new-model-for.html

🚨 Cloudflare just stopped the largest DDoS attack ever recorded — peaking at 11.5 Tbps.

It lasted only 35 seconds… but experts warn these “tsunami” attacks can be smoke screens for data theft and deeper breaches.

Here’s what happened ↓ https://thehackernews.com/2025/09/cloudflare-blocks-record-breaking-115.html

👨‍💻 Hackers don’t care if your risks start in code or show up in the cloud.

But if you can’t see both, you’ll never fix the weak link.

Code-to-cloud visibility isn’t optional anymore.

⚡ Join our webinar with Ziad Ghalleb, Technical PMM Wiz to learn why it’s the new AppSec foundation → https://thehacker.news/code-to-cloud-appsec

🚨 Iranian-linked hackers just launched a global spear-phishing blitz—targeting embassies, consulates & ministries across Europe, Africa, Asia & the Americas.

The bait? Fake “urgent” diplomatic emails—some sent from a hacked Oman MFA mailbox.

Full details → https://thehackernews.com/2025/09/iranian-hackers-exploit-100-embassy.html

🚨 Google patched 120 Android security flaws — including 2 already exploited in real-world attacks.

Hackers don’t need your clicks. They don’t need your permission. They’re already in.

Update immediately. Full story → https://thehackernews.com/2025/09/android-security-alert-google-patches.html

⚠️ Hackers are already weaponizing HexStrike AI—a tool built for ethical hacking—to exploit fresh Citrix flaws.

What was meant to protect networks is now fueling real-world cyberattacks at scale.

Patch fast. Details here → https://thehackernews.com/2025/09/threat-actors-weaponize-hexstrike-ai-to.html

Still in the dark about your identity risks? BeyondTrust flips the switch 💡

Their complimentary Identity Security Risk Assessment gives you rapid clarity on hidden privilege risks & best remediation steps.

Try it out today ⤵️ https://thn.news/secure-identity-check

🚨 Your employees could be pasting secrets into ChatGPT right now.

📧 Emails, 📂 files, 🔑 IP—all flowing out.
Most DLP tools? Blind to it.

Here’s how GenAI traffic actually gets monitored ↓ https://thehackernews.com/2025/08/can-your-security-stack-see-chatgpt-why.html

Most data leaks aren’t hacks.

They’re mistakes. Misconfigurations. Emails sent to the wrong inbox.

DeepSeek’s 1M leaked logs are just the latest reminder: one slip can expose secrets, crush trust, and cost millions.

Here’s how it happens → https://thehackernews.com/2025/09/detecting-data-leaks-before-disaster.html

🚨 Hackers were caught hiding malware inside Ethereum smart contracts.

Two npm packages used blockchain tricks to drop payloads on dev systems—part of a wider fake crypto-trading-bot campaign on GitHub.

The new frontier of supply chain attacks → https://thehackernews.com/2025/09/malicious-npm-packages-exploit-ethereum.html

🛡️ Cyberattacks are hitting endpoints harder than ever.

Gartner’s 2025 report just confirmed: SentinelOne remains a Leader in endpoint protection — for the 5th year straight.

What that says about AI-driven defense ↓ https://thehackernews.com/2025/07/ai-driven-trends-in-endpoint-security.html

🚨 CISA just flagged 2 new TP-Link router flaws as actively exploited—one allows remote code execution, the other leaks passwords.

Many of the affected models are end-of-life. No more patches coming.

Here’s what you need to know ↓ https://thehackernews.com/2025/09/cisa-flags-tp-link-router-flaws-cve.html