🚨 WARNING: Just opening the wrong repo in Cursor (the AI-powered VS Code fork) can secretly run code on your computer.

Why? Workspace Trust is off by default! A booby-trapped GitHub project = instant system compromise.

Here’s how it works (and how to stay safe) ↓ https://thehackernews.com/2025/09/cursor-ai-code-editor-flaw-enables.html

⚠️ A new ransomware is here → HybridPetya.

It doesn’t just lock your files — it can bypass Secure Boot on modern PCs, sneak into UEFI, and encrypt your entire system.Victims see a fake CHKDSK screen before being hit with a $1,000 Bitcoin demand.

The scariest part? Researchers say Secure Boot bypasses like this are becoming more common.

Details here → https://thehackernews.com/2025/09/new-hybridpetya-ransomware-bypasses.html

⚠️ Hackers are actively exploiting a critical flaw (CVSS 9.0) in Dassault’s DELMIA Apriso software.

The attack drops spyware that can log keystrokes, take screenshots & spy on apps. 👀

CISA says: Patch by Oct 2, 2025.

Read → https://thehackernews.com/2025/09/critical-cve-2025-5086-in-delmia-apriso.html

🔥 Cloud security is shifting fast: prevention isn’t enough.

The real battlefield? Runtime visibility — spotting what’s actually being attacked in production ⚡️

AI + CNAPPs are cutting through the noise so teams fix what matters, not chase alerts.

Details here ↓ https://thehackernews.com/2025/09/cloud-native-security-in-2025-why.html

🚨 Apple just warned users in France:

Spyware is back — iCloud devices targeted again (4th time this year).

🎯 Who’s in the crosshairs? Journalists, lawyers, activists, politicians.

The worst part? Zero-click hacks are still in play.

Full story ↓ https://thehackernews.com/2025/09/apple-warns-french-users-of-fourth.html

⚠️ Samsung just fixed a zero-day bug in Android 13–16.

Hackers were already using it to break in through a hidden image library 😳

If you’ve got a Galaxy, update ASAP. Don’t wait.

Here’s the full story → https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html

🚨 FBI warning: Hackers are raiding Salesforce to steal data + extort companies.

UNC6040 & UNC6395 are behind it—using stolen tokens, phishing calls, and custom tools.

ShinyHunters, LAPSUS$ & Scattered Spider teamed up… then suddenly claimed they’re “retiring.”

👀 Don’t count on it.

Details → https://thehackernews.com/2025/09/fbi-warns-of-unc6040-and-unc6395.html

🚨 Big malware attack on Chinese-speaking users:

🔹 Top Google results hijacked to push fake downloads of Chrome, Telegram, WhatsApp & more

🔹 Trojans dropped: HiddenGh0st, Winos (ValleyRAT) & new kkRAT

🔹 Steals crypto, logs keys, enables full remote control

Details → https://thehackernews.com/2025/09/hiddengh0st-winos-and-kkrat-exploit-seo.html

🚨 New AI-powered hacking tool sparks alarm:

China-linked “Villager” hit 11,000+ downloads on PyPI—already packing RAT plugins like AsyncRAT & Mimikatz.

🔑 It automates exploits, hides its tracks in self-destructing containers, and lowers the skill barrier for cyberattacks.

Full story → https://thehackernews.com/2025/09/ai-powered-villager-pen-testing-tool.html

🚨 AI-driven attacks are outsmarting firewalls & EDR—at machine speed.

The biggest weak spot? Your browser.

Lock it down before attackers do.

Full story → https://thehackernews.com/expert-insights/2025/09/taming-ais-threat-vectors-why-cisos.html

🚨 Browser attacks are skyrocketing—from Snowflake to Salesforce, attackers are stealing data by:

• Phishing kits that bypass MFA
• “ClickFix” tricks that make you run malware
• Malicious extensions sneaking past web stores

Your browser is now the hacker’s favorite door.

Details here → https://thehackernews.com/2025/09/6-browser-based-attacks-security-teams.html

The latest weekly cyber intelligence recap is LIVE.

From a new UEFI bootkit bypassing secure boot to a major npm supply chain attack, this week's recap covers the strategic shifts and critical vulnerabilities you can't afford to miss.

Read the full recap here: https://thehackernews.com/2025/09/weekly-recap-bootkit-malware-ai-powered.html

🚨 China-backed hackers are targeting Thailand with a stealthy new cyber weapon.

🐍 SnakeDisk – a USB worm that hides files, tricks you to click a fake “USB.exe,” and installs the Yokai backdoor.

Full story → https://thehackernews.com/2025/09/mustang-panda-deploys-snakedisk-usb.html

⚠️ Major npm supply-chain attack just dropped!

40+ popular packages were secretly booby-trapped to steal developer secrets—GitHub tokens, npm keys, even AWS creds—on both Windows & Linux.

🕵️‍♂️ Audit & rotate your credentials now.

Full story → https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html

🚨 AI just ended the Fortune-1000 monopoly on SOCs.

What used to take a full team & $1.5–$2M a year to run a 24/7 SOC is now doable with AI for a fraction of the cost.

1 in 3 small businesses were hacked last year. 88% plan to adopt an AI-driven SOC next.

Full story → https://thehackernews.com/expert-insights/2025/09/soc-for-all-why-every-company-can-now.html

🔥 New hardware hack ALERT:

ETH Zürich + Google just broke SK Hynix DDR5 memory wide open.

➡️ “Phoenix” (CVE-2025-6202) gets ROOT in 109s on SK Hynix chips
➡️ ECC & TRR defenses? ❌ Bypassed
➡️ RSA keys + sudo at risk

Full story → https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html

💡 Only fix: crank DRAM refresh rate 3×.

Apple backports a critical fix for CVE-2025-43300—already used in a sophisticated spyware attack.

🕵️‍♂️ Hackers chained it with a WhatsApp flaw to target fewer than 200 people.

📱 Older iPhones & Macs are now patched—don’t skip this update.

Details → https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html

Fake Facebook “Security” pages use FileFix to drop StealC.

⚠️ Click a fake “Appeal” button → it secretly copies a PowerShell command.
💥 Paste the “path” in File Explorer & BOOM—StealC malware installs, hidden in images on Bitbucket.

One careless paste = instant breach.

Details → https://thehackernews.com/2025/09/new-filefix-variant-delivers-stealc.html

🚨 38 MILLION downloads. 224 Android apps. A single ad-fraud scheme.

SlopAds secretly hijacked clicks with hidden WebViews—pumping out 2.3 BILLION ad bids a day before Google finally pulled the plug.

Think you can spot a scam? These apps looked totally normal.

Full story → https://thehackernews.com/2025/09/slopads-fraud-ring-exploits-224-android.html

🚨 80% of companies have already suffered AI agent mishaps—unauthorized access, data leaks, and invisible risks.

The blind spot? Non-human identities outnumber employees 100:1.

Astrix just launched the first AI Agent Control Plane to lock it all down.

Here’s how it works ↓ https://thehackernews.com/2025/09/securing-agentic-era-introducing.html