Category: Hacker News

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

December 23, 2025
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks

FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks

December 23, 2025
Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

December 22, 2025
How to Browse the Web More Sustainably With a Green Browser

How to Browse the Web More Sustainably With a Green Browser

December 22, 2025
⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More

⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More

December 22, 2025
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

December 22, 2025
Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence

Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence

December 21, 2025
U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware

U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware

December 20, 2025
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

December 19, 2025
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

December 19, 2025
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

December 19, 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

December 19, 2025
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

December 19, 2025
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

December 18, 2025
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

December 18, 2025
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

December 18, 2025
The Case for Dynamic AI-SaaS Security as Copilots Scale

The Case for Dynamic AI-SaaS Security as Copilots Scale

December 18, 2025
North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

December 18, 2025
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

December 18, 2025
Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

December 18, 2025
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

December 18, 2025
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

December 17, 2025
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

December 17, 2025
APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

December 17, 2025
New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

December 17, 2025
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

December 17, 2025
Fix SOC Blind Spots: See Threats to Your Industry & Country in Real Time

Fix SOC Blind Spots: See Threats to Your Industry & Country in Real Time

December 17, 2025
GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

December 17, 2025
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

December 16, 2025
Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

December 16, 2025
Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

December 16, 2025
Why Data Security and Privacy Need to Start in Code

Why Data Security and Privacy Need to Start in Code

December 16, 2025
Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

December 16, 2025
React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

December 16, 2025
Google to Shut Down Dark Web Monitoring Tool in February 2026

Google to Shut Down Dark Web Monitoring Tool in February 2026

December 16, 2025
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats

Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats

December 15, 2025
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

December 15, 2025
⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More

⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More

December 15, 2025
A Browser Extension Risk Guide After the ShadyPanda Campaign

A Browser Extension Risk Guide After the ShadyPanda Campaign

December 15, 2025
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

December 15, 2025
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

December 15, 2025
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

December 13, 2025
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

December 13, 2025
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

December 12, 2025
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

December 12, 2025
Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work

Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work

December 12, 2025
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

December 12, 2025
New React RSC Vulnerabilities Enable DoS and Source Code Exposure

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

December 12, 2025
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

December 12, 2025
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems

NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems

December 11, 2025