News

The Hacker News1h
Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool
Custom malware hidden in UyghurEdit++ targeted WUC leaders since May 2024, exposing Uyghur diaspora surveillance links to ...
The Hacker News3h
CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting ...
The Hacker News22h
Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools
Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken ...
The Hacker News20h
How Breaches Start: Breaking Down 5 Real Vulns
Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses ...
The Hacker News19h
⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
Companies need to rethink how they protect their private and public use of AI and how they defend against AI-powered attacks.
The Hacker News23h
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
Cybercriminals are targeting WooCommerce users with fake patch emails that use IDN homograph spoofing to deliver backdoor malware.
The Hacker News1d
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Threat actors exploited Craft CMS zero-days CVE-2025-32432 and CVE-2024-58136, compromising 300 of 13,000 vulnerable servers.
The Hacker News2d
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud ...
The Hacker News1d
It's Time To Rethink Your Security for the AI Era
I'd buttoned things up pretty nicely from a security standpoint, but even so, it would only have taken a vulnerability in an ...
The Hacker News2d
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
ToyMaker deploys LAGTOY malware to steal credentials and sell access to CACTUS ransomware groups for double extortion.
The Hacker News3d
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully ...
The Hacker News5d
Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp
Messaging apps such as Signal and WhatsApp are used to contact targets, inviting them to join a video call or register for ...