News

The Hacker News12h
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web ...
The Hacker News18h
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called ...
The Hacker News13h
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and ...
The Hacker News17h
The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats
Government agencies are continuously targeted by advanced persistent threats (APTs) from nation-state adversaries, requiring ...
The Hacker News14h
Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, ...
The Hacker News19h
Identity-First Security: A Multilayered Approach to Reducing Identity Attack Risk
Identities are today’s top attack vector. Here's how to build a layered security approach that reduces privilege risk across ...
The Hacker News3d
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
Malware with corrupted DOS and PE headers evades detection for weeks, decrypts TLS-based C2 and enables full attacker control ...
The Hacker News3d
U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud
The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based ...
The Hacker News2d
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation
To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the ...
The Hacker News4d
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
CVE-2025-47577 flaw in TI WooCommerce Wishlist lets unauthenticated attackers upload malicious files—no patch yet, 100K+ ...
The Hacker News3d
New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data
New Rust-based EDDIESTEALER spreads via fake CAPTCHA pages, stealing credentials and bypassing Chrome encryption.
The Hacker News3d
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
ConnectWise breached by suspected nation-state actor in May 2025; Google Mandiant leads probe; flaw CVE-2025-3935 patched ...