News

The Hacker News5h
âš¡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
Companies need to rethink how they protect their private and public use of AI and how they defend against AI-powered attacks.
The Hacker News6h
How Breaches Start: Breaking Down 5 Real Vulns
Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses ...
The Hacker News8h
Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools
Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken ...
The Hacker News12h
It's Time To Rethink Your Security for the AI Era
I'd buttoned things up pretty nicely from a security standpoint, but even so, it would only have taken a vulnerability in an ...
The Hacker News10h
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Threat actors exploited Craft CMS zero-days CVE-2025-32432 and CVE-2024-58136, compromising 300 of 13,000 vulnerable servers.
The Hacker News9h
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
Cybercriminals are targeting WooCommerce users with fake patch emails that use IDN homograph spoofing to deliver backdoor malware.
The Hacker News1d
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud ...
The Hacker News2d
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
ToyMaker deploys LAGTOY malware to steal credentials and sell access to CACTUS ransomware groups for double extortion.
The Hacker News3d
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
The exploitation of a security flaw in Innorix Agent for lateral movement is notable for the fact that a similar approach has ...
The Hacker News4d
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 ...
The Hacker News3d
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully ...
The Hacker News5d
Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware
Lotus Panda breached 6 Southeast Asian organizations using custom tools, browser stealers, and sideloaded malware.