Category: Hacker News

Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

December 10, 2025
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

December 10, 2025
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

December 9, 2025
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

December 9, 2025
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

December 9, 2025
Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats

Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats

December 9, 2025
How to Streamline Zero Trust Using the Shared Signals Framework

How to Streamline Zero Trust Using the Shared Signals Framework

December 9, 2025
STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware

STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware

December 9, 2025
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

December 9, 2025
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

December 8, 2025
⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More

⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More

December 8, 2025
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

December 8, 2025
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

December 8, 2025
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

December 8, 2025
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

December 8, 2025
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

December 6, 2025
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

December 6, 2025
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

December 5, 2025
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

December 5, 2025
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

December 5, 2025
“Getting to Yes”: An Anti-Sales Guide for MSPs

“Getting to Yes”: An Anti-Sales Guide for MSPs

December 5, 2025
Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

December 5, 2025
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

December 5, 2025
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

December 5, 2025
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

December 4, 2025
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

December 4, 2025
5 Threats That Reshaped Web Security This Year [2025]

5 Threats That Reshaped Web Security This Year [2025]

December 4, 2025
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

December 4, 2025
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts

Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts

December 4, 2025
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

December 3, 2025
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

December 3, 2025
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

December 3, 2025
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

December 3, 2025
Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar

Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar

December 3, 2025
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

December 3, 2025
Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage

Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage

December 3, 2025
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

December 3, 2025
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

December 2, 2025
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

December 2, 2025
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

December 2, 2025
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

December 2, 2025
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

December 2, 2025
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

December 2, 2025
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

December 2, 2025
India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud

India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud

December 1, 2025
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

December 1, 2025
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

December 1, 2025
Webinar: The “Agentic” Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams

Webinar: The “Agentic” Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams

December 1, 2025
New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

December 1, 2025
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

December 1, 2025