⚠️ Chaos Mesh bugs enable Kubernetes cluster takeover.
Four CVEs (three 9.8) + an unauthenticated GraphQL debug server let attackers inject commands & kill processes cluster-wide—even with default settings.
Details → https://thehackernews.com/2025/09/chaos-mesh-critical-graphql-flaws.html
Update to Chaos Mesh v2.7.3 now.
Four CVEs (three 9.8) + an unauthenticated GraphQL debug server let attackers inject commands & kill processes cluster-wide—even with default settings.
Details → https://thehackernews.com/2025/09/chaos-mesh-critical-graphql-flaws.html
Update to Chaos Mesh v2.7.3 now.
👏11🔥2
Microsoft and Cloudflare just nuked a global phishing empire.
🔒 338 fake domains tied to “RaccoonO365” — a $355/month phishing-as-a-service — used to steal 5,000+ Microsoft 365 passwords across 94 countries were seized in a coordinated takedown.
Full story → https://thehackernews.com/2025/09/raccoono365-phishing-network-shut-down.html
🔒 338 fake domains tied to “RaccoonO365” — a $355/month phishing-as-a-service — used to steal 5,000+ Microsoft 365 passwords across 94 countries were seized in a coordinated takedown.
Full story → https://thehackernews.com/2025/09/raccoono365-phishing-network-shut-down.html
😁14👏9👍5🤯4
⚠️ VPNs are failing modern security.
They give hackers room to move, lack real-time visibility & break the least-privilege rule.
🔑 Zero-trust is the only way forward—see how KeeperPAM shuts every backdoor.
Full story → https://thehackernews.com/expert-insights/2025/09/the-limitations-of-vpn-based-access-for.html
They give hackers room to move, lack real-time visibility & break the least-privilege rule.
🔑 Zero-trust is the only way forward—see how KeeperPAM shuts every backdoor.
Full story → https://thehackernews.com/expert-insights/2025/09/the-limitations-of-vpn-based-access-for.html
👏11⚡4😁2🔥1
🚨 DoJ slams BreachForums’ creator with 3 YEARS in prison
Conor “Pompompurin” Fitzpatrick, 22, finally gets hard time after an appeals court tossed his shockingly light 17-day sentence.
He ran a hacker marketplace with 14 BILLION stolen records—and was caught with child abuse material.
Full story → https://thehackernews.com/2025/09/doj-resentences-breachforums-founder-to.html
Conor “Pompompurin” Fitzpatrick, 22, finally gets hard time after an appeals court tossed his shockingly light 17-day sentence.
He ran a hacker marketplace with 14 BILLION stolen records—and was caught with child abuse material.
Full story → https://thehackernews.com/2025/09/doj-resentences-breachforums-founder-to.html
🤯10🔥4😱1
🚨 Scattered Spider isn’t gone—and now hitting U.S. banks.
Hackers tricked an exec, hijacked Azure accounts, raided VMware servers & tried to steal cloud data.
Their “retirement” was a smokescreen.
Full story → https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html
Hackers tricked an exec, hijacked Azure accounts, raided VMware servers & tried to steal cloud data.
Their “retirement” was a smokescreen.
Full story → https://thehackernews.com/2025/09/scattered-spider-resurfaces-with.html
👏9🔥5
Meet Georgetown's cybersecurity faculty on October 2 to learn more about the Cybersecurity Risk Management master's program.
Advance your cybersecurity career with Georgetown.
👉 View event: https://thn.news/scs-cybersec-2025
Advance your cybersecurity career with Georgetown.
👉 View event: https://thn.news/scs-cybersec-2025
👏5
⚠️ Most “AI security” tools can’t see what your team pastes into ChatGPT or uploads to personal AI apps.
Bans? They just drive shadow AI deeper.
🔑 Real fix: last-mile, in-browser controls—redact, warn, allow—no clunky agents or network reroutes.
Full guide → https://thehackernews.com/2025/09/rethinking-ai-data-security-buyers-guide.html
Bans? They just drive shadow AI deeper.
🔑 Real fix: last-mile, in-browser controls—redact, warn, allow—no clunky agents or network reroutes.
Full guide → https://thehackernews.com/2025/09/rethinking-ai-data-security-buyers-guide.html
🔥8👍1
🚨 China-backed hackers just impersonated top U.S. officials to steal intel.
They posed as the House China Committee chair & the U.S.-China Business Council, luring trade experts—then slipped in a Visual Studio Code backdoor.
Here’s the full report→ https://thehackernews.com/2025/09/chinese-ta415-uses-vs-code-remote.html
They posed as the House China Committee chair & the U.S.-China Business Council, luring trade experts—then slipped in a Visual Studio Code backdoor.
Here’s the full report→ https://thehackernews.com/2025/09/chinese-ta415-uses-vs-code-remote.html
😁7😱3🤯1
⚠️ Quantum hackers could shatter today’s encryption overnight.
🤖 AI attacks already trick 60%—breaches cost $10M+.
The cyber storm is here. Join our next expert WEBINAR to learn how to lock down your data before Q-day.
👉 Save your seat now ↓ https://thehackernews.com/2025/09/from-quantum-hacks-to-ai-defenses.html
🤖 AI attacks already trick 60%—breaches cost $10M+.
The cyber storm is here. Join our next expert WEBINAR to learn how to lock down your data before Q-day.
👉 Save your seat now ↓ https://thehackernews.com/2025/09/from-quantum-hacks-to-ai-defenses.html
😁7👍3⚡2
🛡️ No more guessing on container security. Securing the Stack breaks down what really works—from busting myths and risks, to building trusted images, to securing your full CI/CD pipeline.
Get the expert blueprint your team needs to lock down vulnerabilities and ship software with confidence.
➡️ Join the 20-min webinar to learn why simply containerizing your applications does not make them safe: https://thn.news/stack-security-webinar
Get the expert blueprint your team needs to lock down vulnerabilities and ship software with confidence.
➡️ Join the 20-min webinar to learn why simply containerizing your applications does not make them safe: https://thn.news/stack-security-webinar
🔥11
🚨 AI-powered hotel hack on the rise:
Cyber gang TA558 (RevengeHotels) is using LLM-generated phishing emails in Portuguese & Spanish to drop Venom RAT—a $650 malware that steals guest credit-card data, kills Microsoft Defender & spreads via USB 🏨💳
Full report → https://thehackernews.com/2025/09/ta558-uses-ai-generated-scripts-to.html
Cyber gang TA558 (RevengeHotels) is using LLM-generated phishing emails in Portuguese & Spanish to drop Venom RAT—a $650 malware that steals guest credit-card data, kills Microsoft Defender & spreads via USB 🏨💳
Full report → https://thehackernews.com/2025/09/ta558-uses-ai-generated-scripts-to.html
⚡11
🚨 UPDATE: New intel on Russia’s APT28 attack...
Sekoia says Operation Phantom Net Voxel used Signal to send booby-trapped Word docs, dropping COVENANT & BEARDSHELL malware.
Full update → https://thehackernews.com/2025/06/apt28-uses-signal-chat-to-deploy.html
Sekoia says Operation Phantom Net Voxel used Signal to send booby-trapped Word docs, dropping COVENANT & BEARDSHELL malware.
Full update → https://thehackernews.com/2025/06/apt28-uses-signal-chat-to-deploy.html
😁8🔥5
🚨 Chrome users: a new zero-day is under active attack.
CVE-2025-10585 targets Chrome’s V8 engine—Chrome’s 6th zero-day of 2025.
Details → https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
⚡ Update now: 140.0.7339.185/.186 (Win/macOS), 140.0.7339.185 (Linux).
If you use Edge/Brave/Opera/Vivaldi, patch too.
CVE-2025-10585 targets Chrome’s V8 engine—Chrome’s 6th zero-day of 2025.
Details → https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
⚡ Update now: 140.0.7339.185/.186 (Win/macOS), 140.0.7339.185 (Linux).
If you use Edge/Brave/Opera/Vivaldi, patch too.
😁19🔥4👍2😱2⚡1
🕵️♀️ Two fake Python packages just dropped a powerful RAT on Windows.
“sisaws” & “secmeasure” secretly install SilentSync — capable of stealing browser passwords, files, and screenshots.
Full story → https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html
“sisaws” & “secmeasure” secretly install SilentSync — capable of stealing browser passwords, files, and screenshots.
Full story → https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html
😱11👍1
🔥 AI is now the biggest career risk for CISOs—bigger than any breach.
⚡Move too fast → data leaks & shadow AI spread.
🐢Move too slow → rivals race ahead.
How to stay secure and competitive ↓ https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html
⚡Move too fast → data leaks & shadow AI spread.
🐢Move too slow → rivals race ahead.
How to stay secure and competitive ↓ https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html
⚡5👍4
🚨Lazarus escalated activities in 2025 with companies already suffering billions in losses.
This APT’s attacks are evolving and getting harder to detect.
Read actionable report on its current campaigns to be ready for the next attack ⬇️ https://thn.news/lazarus-attacks-2025
This APT’s attacks are evolving and getting harder to detect.
Read actionable report on its current campaigns to be ready for the next attack ⬇️ https://thn.news/lazarus-attacks-2025
👍8
⚠️ ‘CountLoader’ is arming Russian ransomware (LockBit, Black Basta, Qilin)—dropping Cobalt Strike, AdaptixC2 & PureHVNC.
It spreads via fake Ukrainian police PDFs & DeepSeek lures, hijacks browsers, hides as “Google Update,” and abuses certutil/bitsadmin.
Details → https://thehackernews.com/2025/09/countloader-broadens-russian-ransomware.html
It spreads via fake Ukrainian police PDFs & DeepSeek lures, hijacks browsers, hides as “Google Update,” and abuses certutil/bitsadmin.
Details → https://thehackernews.com/2025/09/countloader-broadens-russian-ransomware.html
😁8🤯4👍1