🚨 AI-driven attacks are outsmarting firewalls & EDR—at machine speed.
The biggest weak spot? Your browser.
Lock it down before attackers do.
Full story → https://thehackernews.com/expert-insights/2025/09/taming-ais-threat-vectors-why-cisos.html
The biggest weak spot? Your browser.
Lock it down before attackers do.
Full story → https://thehackernews.com/expert-insights/2025/09/taming-ais-threat-vectors-why-cisos.html
👏8
🚨 Browser attacks are skyrocketing—from Snowflake to Salesforce, attackers are stealing data by:
• Phishing kits that bypass MFA
• “ClickFix” tricks that make you run malware
• Malicious extensions sneaking past web stores
Your browser is now the hacker’s favorite door.
Details here → https://thehackernews.com/2025/09/6-browser-based-attacks-security-teams.html
• Phishing kits that bypass MFA
• “ClickFix” tricks that make you run malware
• Malicious extensions sneaking past web stores
Your browser is now the hacker’s favorite door.
Details here → https://thehackernews.com/2025/09/6-browser-based-attacks-security-teams.html
🔥8😁3
The latest weekly cyber intelligence recap is LIVE.
From a new UEFI bootkit bypassing secure boot to a major npm supply chain attack, this week's recap covers the strategic shifts and critical vulnerabilities you can't afford to miss.
Read the full recap here: https://thehackernews.com/2025/09/weekly-recap-bootkit-malware-ai-powered.html
From a new UEFI bootkit bypassing secure boot to a major npm supply chain attack, this week's recap covers the strategic shifts and critical vulnerabilities you can't afford to miss.
Read the full recap here: https://thehackernews.com/2025/09/weekly-recap-bootkit-malware-ai-powered.html
👍12😱3😁2
🚨 China-backed hackers are targeting Thailand with a stealthy new cyber weapon.
🐍 SnakeDisk – a USB worm that hides files, tricks you to click a fake “USB.exe,” and installs the Yokai backdoor.
Full story → https://thehackernews.com/2025/09/mustang-panda-deploys-snakedisk-usb.html
🐍 SnakeDisk – a USB worm that hides files, tricks you to click a fake “USB.exe,” and installs the Yokai backdoor.
Full story → https://thehackernews.com/2025/09/mustang-panda-deploys-snakedisk-usb.html
🔥10👍8😁5👏3
⚠️ Major npm supply-chain attack just dropped!
40+ popular packages were secretly booby-trapped to steal developer secrets—GitHub tokens, npm keys, even AWS creds—on both Windows & Linux.
🕵️♂️ Audit & rotate your credentials now.
Full story → https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html
40+ popular packages were secretly booby-trapped to steal developer secrets—GitHub tokens, npm keys, even AWS creds—on both Windows & Linux.
🕵️♂️ Audit & rotate your credentials now.
Full story → https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html
⚡12👏5😱4😁1
🚨 AI just ended the Fortune-1000 monopoly on SOCs.
What used to take a full team & $1.5–$2M a year to run a 24/7 SOC is now doable with AI for a fraction of the cost.
1 in 3 small businesses were hacked last year. 88% plan to adopt an AI-driven SOC next.
Full story → https://thehackernews.com/expert-insights/2025/09/soc-for-all-why-every-company-can-now.html
What used to take a full team & $1.5–$2M a year to run a 24/7 SOC is now doable with AI for a fraction of the cost.
1 in 3 small businesses were hacked last year. 88% plan to adopt an AI-driven SOC next.
Full story → https://thehackernews.com/expert-insights/2025/09/soc-for-all-why-every-company-can-now.html
🔥5😱5
🔥 New hardware hack ALERT:
ETH Zürich + Google just broke SK Hynix DDR5 memory wide open.
➡️ “Phoenix” (CVE-2025-6202) gets ROOT in 109s on SK Hynix chips
➡️ ECC & TRR defenses? ❌ Bypassed
➡️ RSA keys + sudo at risk
Full story → https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html
💡 Only fix: crank DRAM refresh rate 3×.
ETH Zürich + Google just broke SK Hynix DDR5 memory wide open.
➡️ “Phoenix” (CVE-2025-6202) gets ROOT in 109s on SK Hynix chips
➡️ ECC & TRR defenses? ❌ Bypassed
➡️ RSA keys + sudo at risk
Full story → https://thehackernews.com/2025/09/phoenix-rowhammer-attack-bypasses.html
💡 Only fix: crank DRAM refresh rate 3×.
🤯16🔥5😁2🤔2
Apple backports a critical fix for CVE-2025-43300—already used in a sophisticated spyware attack.
🕵️♂️ Hackers chained it with a WhatsApp flaw to target fewer than 200 people.
📱 Older iPhones & Macs are now patched—don’t skip this update.
Details → https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html
🕵️♂️ Hackers chained it with a WhatsApp flaw to target fewer than 200 people.
📱 Older iPhones & Macs are now patched—don’t skip this update.
Details → https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html
🔥9👏3🤯1
Fake Facebook “Security” pages use FileFix to drop StealC.
⚠️ Click a fake “Appeal” button → it secretly copies a PowerShell command.
💥 Paste the “path” in File Explorer & BOOM—StealC malware installs, hidden in images on Bitbucket.
One careless paste = instant breach.
Details → https://thehackernews.com/2025/09/new-filefix-variant-delivers-stealc.html
⚠️ Click a fake “Appeal” button → it secretly copies a PowerShell command.
💥 Paste the “path” in File Explorer & BOOM—StealC malware installs, hidden in images on Bitbucket.
One careless paste = instant breach.
Details → https://thehackernews.com/2025/09/new-filefix-variant-delivers-stealc.html
😁10😱4👏3👍1
🚨 38 MILLION downloads. 224 Android apps. A single ad-fraud scheme.
SlopAds secretly hijacked clicks with hidden WebViews—pumping out 2.3 BILLION ad bids a day before Google finally pulled the plug.
Think you can spot a scam? These apps looked totally normal.
Full story → https://thehackernews.com/2025/09/slopads-fraud-ring-exploits-224-android.html
SlopAds secretly hijacked clicks with hidden WebViews—pumping out 2.3 BILLION ad bids a day before Google finally pulled the plug.
Think you can spot a scam? These apps looked totally normal.
Full story → https://thehackernews.com/2025/09/slopads-fraud-ring-exploits-224-android.html
😁7⚡2👍2
🚨 80% of companies have already suffered AI agent mishaps—unauthorized access, data leaks, and invisible risks.
The blind spot? Non-human identities outnumber employees 100:1.
Astrix just launched the first AI Agent Control Plane to lock it all down.
Here’s how it works ↓ https://thehackernews.com/2025/09/securing-agentic-era-introducing.html
The blind spot? Non-human identities outnumber employees 100:1.
Astrix just launched the first AI Agent Control Plane to lock it all down.
Here’s how it works ↓ https://thehackernews.com/2025/09/securing-agentic-era-introducing.html
😁13
⚠️ Chaos Mesh bugs enable Kubernetes cluster takeover.
Four CVEs (three 9.8) + an unauthenticated GraphQL debug server let attackers inject commands & kill processes cluster-wide—even with default settings.
Details → https://thehackernews.com/2025/09/chaos-mesh-critical-graphql-flaws.html
Update to Chaos Mesh v2.7.3 now.
Four CVEs (three 9.8) + an unauthenticated GraphQL debug server let attackers inject commands & kill processes cluster-wide—even with default settings.
Details → https://thehackernews.com/2025/09/chaos-mesh-critical-graphql-flaws.html
Update to Chaos Mesh v2.7.3 now.
👏11🔥2
Microsoft and Cloudflare just nuked a global phishing empire.
🔒 338 fake domains tied to “RaccoonO365” — a $355/month phishing-as-a-service — used to steal 5,000+ Microsoft 365 passwords across 94 countries were seized in a coordinated takedown.
Full story → https://thehackernews.com/2025/09/raccoono365-phishing-network-shut-down.html
🔒 338 fake domains tied to “RaccoonO365” — a $355/month phishing-as-a-service — used to steal 5,000+ Microsoft 365 passwords across 94 countries were seized in a coordinated takedown.
Full story → https://thehackernews.com/2025/09/raccoono365-phishing-network-shut-down.html
😁14👏9👍5🤯4
⚠️ VPNs are failing modern security.
They give hackers room to move, lack real-time visibility & break the least-privilege rule.
🔑 Zero-trust is the only way forward—see how KeeperPAM shuts every backdoor.
Full story → https://thehackernews.com/expert-insights/2025/09/the-limitations-of-vpn-based-access-for.html
They give hackers room to move, lack real-time visibility & break the least-privilege rule.
🔑 Zero-trust is the only way forward—see how KeeperPAM shuts every backdoor.
Full story → https://thehackernews.com/expert-insights/2025/09/the-limitations-of-vpn-based-access-for.html
👏11⚡4😁2🔥1
🚨 DoJ slams BreachForums’ creator with 3 YEARS in prison
Conor “Pompompurin” Fitzpatrick, 22, finally gets hard time after an appeals court tossed his shockingly light 17-day sentence.
He ran a hacker marketplace with 14 BILLION stolen records—and was caught with child abuse material.
Full story → https://thehackernews.com/2025/09/doj-resentences-breachforums-founder-to.html
Conor “Pompompurin” Fitzpatrick, 22, finally gets hard time after an appeals court tossed his shockingly light 17-day sentence.
He ran a hacker marketplace with 14 BILLION stolen records—and was caught with child abuse material.
Full story → https://thehackernews.com/2025/09/doj-resentences-breachforums-founder-to.html
🤯10🔥4😱1
🚨 Scattered Spider isn’t gone—and now hitting U.S. banks.
Hackers tricked an exec, hijacked Azure accounts, raided VMware servers & tried to steal cloud data.
Their “retirement” was a smokescreen.
Full story → https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html
Hackers tricked an exec, hijacked Azure accounts, raided VMware servers & tried to steal cloud data.
Their “retirement” was a smokescreen.
Full story → https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html
👏9🔥5
Meet Georgetown's cybersecurity faculty on October 2 to learn more about the Cybersecurity Risk Management master's program.
Advance your cybersecurity career with Georgetown.
👉 View event: https://thn.news/scs-cybersec-2025
Advance your cybersecurity career with Georgetown.
👉 View event: https://thn.news/scs-cybersec-2025
👏5
⚠️ Most “AI security” tools can’t see what your team pastes into ChatGPT or uploads to personal AI apps.
Bans? They just drive shadow AI deeper.
🔑 Real fix: last-mile, in-browser controls—redact, warn, allow—no clunky agents or network reroutes.
Full guide → https://thehackernews.com/2025/09/rethinking-ai-data-security-buyers-guide.html
Bans? They just drive shadow AI deeper.
🔑 Real fix: last-mile, in-browser controls—redact, warn, allow—no clunky agents or network reroutes.
Full guide → https://thehackernews.com/2025/09/rethinking-ai-data-security-buyers-guide.html
🔥8👍1
🚨 China-backed hackers just impersonated top U.S. officials to steal intel.
They posed as the House China Committee chair & the U.S.-China Business Council, luring trade experts—then slipped in a Visual Studio Code backdoor.
Here’s the full report→ https://thehackernews.com/2025/09/chinese-ta415-uses-vs-code-remote.html
They posed as the House China Committee chair & the U.S.-China Business Council, luring trade experts—then slipped in a Visual Studio Code backdoor.
Here’s the full report→ https://thehackernews.com/2025/09/chinese-ta415-uses-vs-code-remote.html
😁7😱3🤯1
⚠️ Quantum hackers could shatter today’s encryption overnight.
🤖 AI attacks already trick 60%—breaches cost $10M+.
The cyber storm is here. Join our next expert WEBINAR to learn how to lock down your data before Q-day.
👉 Save your seat now ↓ https://thehackernews.com/2025/09/from-quantum-hacks-to-ai-defenses.html
🤖 AI attacks already trick 60%—breaches cost $10M+.
The cyber storm is here. Join our next expert WEBINAR to learn how to lock down your data before Q-day.
👉 Save your seat now ↓ https://thehackernews.com/2025/09/from-quantum-hacks-to-ai-defenses.html
😁7👍3⚡2