News

The Hacker News2h
âš¡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
Companies need to rethink how they protect their private and public use of AI and how they defend against AI-powered attacks.
The Hacker News3h
How Breaches Start: Breaking Down 5 Real Vulns
Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses ...
The Hacker News5h
Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools
Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken ...
The Hacker News7h
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Threat actors exploited Craft CMS zero-days CVE-2025-32432 and CVE-2024-58136, compromising 300 of 13,000 vulnerable servers.
The Hacker News9h
It's Time To Rethink Your Security for the AI Era
I'd buttoned things up pretty nicely from a security standpoint, but even so, it would only have taken a vulnerability in an ...
The Hacker News6h
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
Cybercriminals are targeting WooCommerce users with fake patch emails that use IDN homograph spoofing to deliver backdoor malware.
The Hacker News1d
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud ...
The Hacker News2d
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
ToyMaker deploys LAGTOY malware to steal credentials and sell access to CACTUS ransomware groups for double extortion.
The Hacker News4d
Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware
Lotus Panda breached 6 Southeast Asian organizations using custom tools, browser stealers, and sideloaded malware.
The Hacker News3d
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully ...
The Hacker News3d
Why NHIs Are Security's Most Dangerous Blind Spot
Non-Human Identities, for the most part, authenticate using secrets: API keys, tokens, certificates, and other credentials ...
The Hacker News4d
Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign
The solution provides 99% discovery and visibility of all users, workloads, and devices across IT, IoT, OT, and IoMT ...