🚨 Hackers are hijacking Google search ads to trick devs into downloading malware disguised as GitHub tools.

The payload? A 128MB file that hides from sandboxes unless your GPU passes its “check.” Info theft & remote access are the endgame.

Details ↓ https://thehackernews.com/2025/09/gpugate-malware-uses-google-ads-and.html

🚨 Threat hunters just uncovered 45 domains tied to China-backed hackers Salt Typhoon & UNC4841—some active since May 2020.

These groups hit U.S. telecoms & exploited zero-days in Barracuda appliances. Your org could already be exposed.

Details here ↓ https://thehackernews.com/2025/09/45-previously-unreported-domains-expose.html

⚡ Firewalls aren’t enough anymore—AI attacks are evolving faster than traditional defenses.

Zscaler's Zero Trust + AI keeps your data safe, blocks ransomware, and lets you use AI securely without risk.

Here’s what the CEO Jay Chaudhry says about staying ahead ↓ https://thehackernews.com/videos/2025/09/zero-trust-ai-protecting-what-firewalls.html

🚨 20 npm packages with 2 BILLION+ weekly downloads (incl. chalk & debug) were hacked.

A maintainer was phished into giving up 2FA — attackers slipped in malware that hijacks wallets & steals crypto.

Here’s what went down ↓ https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html

🚨 Hackers are hijacking exposed Docker APIs to spread a cryptojacking botnet—using TOR domains, masscan scans, and even Chrome debug ports to steal data & expand.

The wild part? The malware code includes an emoji, hinting it was LLM-built.

Here’s what’s happening ↓ https://thehackernews.com/2025/09/tor-based-cryptojacking-attack-expands.html

🚨 Two new cyber campaigns are live:

1️⃣ MostereRAT — phishing emails targeting Japan.
Disables Windows security, hijacks TrustedInstaller, installs AnyDesk/TigerVNC, logs keystrokes, and even adds hidden admins.

2️⃣ ClickFix 2.0 — fake AnyDesk + Cloudflare page tricking users into opening File Explorer → drops MetaStealer.

Hackers are raising the bar. Stay alert.

Read → https://thehackernews.com/2025/09/from-mostererat-to-clickfix-new-malware.html

🚨 88% of boards now see cybersecurity as a business risk. Yet every budget season, security still gets sidelined.

One insurer estimated a single PII breach = $5M+ loss.

The fix? Continuous, automated validation that proves ROI.

Here’s what CISOs are telling boards ↓ https://thehackernews.com/2025/09/how-leading-cisos-are-getting-budget.html

⚠️ Shadow AI Agents are already inside your enterprise.

→ Impersonating users
→ Leaking data
→ Multiplying out of sight

👀 You can’t defend what you can’t see.

Join our panel before Shadow AI outruns your defenses.

Register now → https://thehackernews.com/2025/09/webinar-shadow-ai-agents-multiply-fast.html

🚨 New Android threat: RatOn

• Drains crypto wallets (MetaMask, Trust, Phantom)
• Hacks Czech bank app George Česko for auto-transfers
• Spreads via fake TikTok apps
• Can lock your phone with ransom screens

Active since July. Still evolving.

Details here → https://thehackernews.com/2025/09/raton-android-malware-detected-with-nfc.html

⚠️ Hackers just leveled up phishing.

Axios abuse in Microsoft 365 + Salty 2FA kits are bypassing MFA, hijacking session tokens, and stealing logins at scale.

Success rates? Up to 70%. The new playbook blurs legit vs fake traffic.

Here’s how it works ↓ https://thehackernews.com/2025/09/axios-abuse-and-salty-2fa-kits-fuel.html

🚨 SAP just patched three critical NetWeaver flaws that let attackers run code & upload files without limits.

One flaw scores 10/10 CVSS—full system compromise is possible.

Don’t wait—update now.

Full details → https://thehackernews.com/2025/09/sap-patches-critical-netweaver-cvss-up.html

🚨 Adobe just dropped a critical warning: a new Magento flaw, SessionReaper (CVE-2025-54236, 9.1/10), could let attackers hijack customer accounts via the REST API.

It’s one of the worst Magento vulnerabilities in years.

Merchants—patch immediately → https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html

⚡ A new phishing kit called Salty2FA can steal your password and bypass 2FA codes — SMS, push, even voice.

It’s already hitting banks, energy, and telecoms across the US & Europe.

What’s happening + how to defend → https://thehackernews.com/2025/09/watch-out-for-salty2fa-new-phishing-kit.html

🚨 China-linked hackers posed as a U.S. Congressman—sending “urgent” emails with hidden malware to infiltrate U.S. agencies, trade groups, and law firms during tense trade talks.

Details here → https://thehackernews.com/2025/09/china-linked-apt41-hackers-target-us.html

🔥 Apple just gave the iPhone 17 a built-in shield against hackers.

A new feature called Memory Integrity Enforcement blocks the very exploits spyware depends on—buffer overflows, use-after-free bugs—without slowing performance.

🔒 This could be Apple’s biggest security upgrade in years.

Full story → https://thehackernews.com/2025/09/apple-iphone-air-and-iphone-17-feature.html

Microsoft just dropped a massive Patch Tuesday:

⚡ 80 flaws fixed — 8 critical

⚡ One already public: SMB bug (CVE-2025-55234) that opens the door to relay + MITM attacks

⚡ A 10.0 Azure flaw + NTLM bug that could hand over SYSTEM access

Patch now. Audit SMB.

Details → https://thehackernews.com/2025/09/microsoft-fixes-80-flaws-including-smb.html

🤖 AI is rewriting cybersecurity.

vCISO providers using automation cut their workload by 68% in just one year.

What used to take 13 hours now takes 3—freeing teams to move faster, serve more clients, and grow.

Details here ↓ https://thehackernews.com/2025/09/the-time-saving-guide-for-service.html

🚨 New malware alert: macOS backdoor CHILLYHELL and cross-platform RAT ZynorRAT discovered.

CHILLYHELL was Apple-notarized and linked to Ukrainian gov site attacks—Apple revoked its certs.

ZynorRAT hijacks Windows & Linux via Telegram, stealing files and taking screenshots.

Full details → https://thehackernews.com/2025/09/chillyhell-macos-backdoor-and-zynorrat.html

🛑 DDoS tests in a sandbox won’t save you.

The only way to know if your defenses hold? Test in production, target your critical assets, and retest until it breaks (or holds).

Your next outage might be hiding in what you didn’t test.

✅ Full guide → https://thehackernews.com/expert-insights/2025/09/how-to-get-most-out-of-your-ddos-testing.html

🤖 AI agents are taking over business operations—but they’re also creating new security threats. ⚠️

🛡️ Join Auth0’s Michelle Agroskin to learn how to secure AI, prevent data leaks, and stay ahead of attacks.

Save your spot now → https://thehacker.news/ai-agents-security