Rethinking AI Data Security: A Buyer’s Guide – The Hacker News
Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model…
Hacker News
Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims – The Hacker News
Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going “dark.”…
DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM – The Hacker News
The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and…
RaccoonO365 Phishing Network Shut Down After Microsoft and Cloudflare Disrupt 338 Domains – The Hacker News
Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service…
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover – The Hacker News
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. “Attackers need only minimal in-cluster network access…
SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids – The Hacker News
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. “These apps deliver their…
New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site – The Hacker News
Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. “The observed campaign uses a…
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack – The Hacker News
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds…
Securing the Agentic Era: Introducing Astrix’s AI Agent Control Plane – The Hacker News
AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to…
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds – The Hacker News
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor…
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials – The Hacker News
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. “The compromised versions include…
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs – The Hacker News
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. “The worm…
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now – The Hacker News
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving…
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More – The Hacker News
In a world where threats are persistent, the modern CISO’s real job isn’t just to secure technology—it’s to preserve institutional trust and ensure business continuity. This week, we saw a…
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns – The Hacker News
A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could…