Fake Facebook “Security” pages use FileFix to drop StealC.

⚠️ Click a fake “Appeal” button → it secretly copies a PowerShell command.
💥 Paste the “path” in File Explorer & BOOM—StealC malware installs, hidden in images on Bitbucket.

One careless paste = instant breach.

Details → https://thehackernews.com/2025/09/new-filefix-variant-delivers-stealc.html

🚨 38 MILLION downloads. 224 Android apps. A single ad-fraud scheme.

SlopAds secretly hijacked clicks with hidden WebViews—pumping out 2.3 BILLION ad bids a day before Google finally pulled the plug.

Think you can spot a scam? These apps looked totally normal.

Full story → https://thehackernews.com/2025/09/slopads-fraud-ring-exploits-224-android.html

🚨 80% of companies have already suffered AI agent mishaps—unauthorized access, data leaks, and invisible risks.

The blind spot? Non-human identities outnumber employees 100:1.

Astrix just launched the first AI Agent Control Plane to lock it all down.

Here’s how it works ↓ https://thehackernews.com/2025/09/securing-agentic-era-introducing.html

⚠️ Chaos Mesh bugs enable Kubernetes cluster takeover.

Four CVEs (three 9.8) + an unauthenticated GraphQL debug server let attackers inject commands & kill processes cluster-wide—even with default settings.

Details → https://thehackernews.com/2025/09/chaos-mesh-critical-graphql-flaws.html

Update to Chaos Mesh v2.7.3 now.

Microsoft and Cloudflare just nuked a global phishing empire.

🔒 338 fake domains tied to “RaccoonO365” — a $355/month phishing-as-a-service — used to steal 5,000+ Microsoft 365 passwords across 94 countries were seized in a coordinated takedown.

Full story → https://thehackernews.com/2025/09/raccoono365-phishing-network-shut-down.html

⚠️ VPNs are failing modern security.

They give hackers room to move, lack real-time visibility & break the least-privilege rule.

🔑 Zero-trust is the only way forward—see how KeeperPAM shuts every backdoor.

Full story → https://thehackernews.com/expert-insights/2025/09/the-limitations-of-vpn-based-access-for.html

🚨 DoJ slams BreachForums’ creator with 3 YEARS in prison

Conor “Pompompurin” Fitzpatrick, 22, finally gets hard time after an appeals court tossed his shockingly light 17-day sentence.

He ran a hacker marketplace with 14 BILLION stolen records—and was caught with child abuse material.

Full story → https://thehackernews.com/2025/09/doj-resentences-breachforums-founder-to.html

🚨 Scattered Spider isn’t gone—and now hitting U.S. banks.

Hackers tricked an exec, hijacked Azure accounts, raided VMware servers & tried to steal cloud data.

Their “retirement” was a smokescreen.

Full story → https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html

Meet Georgetown's cybersecurity faculty on October 2 to learn more about the Cybersecurity Risk Management master's program.

Advance your cybersecurity career with Georgetown.

👉 View event: https://thn.news/scs-cybersec-2025

⚠️ Most “AI security” tools can’t see what your team pastes into ChatGPT or uploads to personal AI apps.

Bans? They just drive shadow AI deeper.

🔑 Real fix: last-mile, in-browser controls—redact, warn, allow—no clunky agents or network reroutes.

Full guide → https://thehackernews.com/2025/09/rethinking-ai-data-security-buyers-guide.html

🚨 China-backed hackers just impersonated top U.S. officials to steal intel.

They posed as the House China Committee chair & the U.S.-China Business Council, luring trade experts—then slipped in a Visual Studio Code backdoor.

Here’s the full report→ https://thehackernews.com/2025/09/chinese-ta415-uses-vs-code-remote.html

⚠️ Quantum hackers could shatter today’s encryption overnight.
🤖 AI attacks already trick 60%—breaches cost $10M+.

The cyber storm is here. Join our next expert WEBINAR to learn how to lock down your data before Q-day.

👉 Save your seat now ↓ https://thehackernews.com/2025/09/from-quantum-hacks-to-ai-defenses.html

🛡️ No more guessing on container security. Securing the Stack breaks down what really works—from busting myths and risks, to building trusted images, to securing your full CI/CD pipeline.

Get the expert blueprint your team needs to lock down vulnerabilities and ship software with confidence.

➡️ Join the 20-min webinar to learn why simply containerizing your applications does not make them safe: https://thn.news/stack-security-webinar

🚨 AI-powered hotel hack on the rise:

Cyber gang TA558 (RevengeHotels) is using LLM-generated phishing emails in Portuguese & Spanish to drop Venom RAT—a $650 malware that steals guest credit-card data, kills Microsoft Defender & spreads via USB 🏨💳

Full report → https://thehackernews.com/2025/09/ta558-uses-ai-generated-scripts-to.html

🚨 UPDATE: New intel on Russia’s APT28 attack...

Sekoia says Operation Phantom Net Voxel used Signal to send booby-trapped Word docs, dropping COVENANT & BEARDSHELL malware.

Full update → https://thehackernews.com/2025/06/apt28-uses-signal-chat-to-deploy.html

🚨 Chrome users: a new zero-day is under active attack.

CVE-2025-10585 targets Chrome’s V8 engine—Chrome’s 6th zero-day of 2025.

Details → https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html

⚡ Update now: 140.0.7339.185/.186 (Win/macOS), 140.0.7339.185 (Linux).

If you use Edge/Brave/Opera/Vivaldi, patch too.

🕵️‍♀️ Two fake Python packages just dropped a powerful RAT on Windows.

“sisaws” & “secmeasure” secretly install SilentSync — capable of stealing browser passwords, files, and screenshots.

Full story → https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html

🔥 AI is now the biggest career risk for CISOs—bigger than any breach.

⚡Move too fast → data leaks & shadow AI spread.
🐢Move too slow → rivals race ahead.

How to stay secure and competitive ↓ https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html