Security News

The Hacker News

Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp

November 7, 2025

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East. The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the "libimagecodec.quram.so" component that could allow remote attackers to execute arbitrary

SecurityWeek

In Other News: Controversial Ransomware Report, Gootloader Returns, More AN0M Arrests

November 7, 2025

Other noteworthy stories that might have slipped under the radar: rogue ransomware negotiators charged, F5 hack prompts OT security guidance, Germany targets Huawei tech. The post In Other News: Controversial Ransomware Report, Gootloader Returns, More AN0M Arrests appeared first on SecurityWeek .

The Hacker News

From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools

November 7, 2025

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues. The organization, according to a report from Broadcom's Symantec and Carbon Black teams, is "active in attempting to influence U.S. government

SecurityWeek

Landfall Android Spyware Targeted Samsung Phones via Zero-Day

November 7, 2025

Threat actors exploited CVE-2025-21042 to deliver malware via specially crafted images to users in the Middle East. The post Landfall Android Spyware Targeted Samsung Phones via Zero-Day appeared first on SecurityWeek .

SecurityWeek

Radical Empowerment From Your Leadership: Understood by Few, Essential for All

November 7, 2025

When leaders redefine power as trust instead of control, teams unlock their potential — and organizations find their edge. The post Radical Empowerment From Your Leadership: Understood by Few, Essential for All appeared first on SecurityWeek .

SecurityWeek

Data Exposure Vulnerability Found in Deep Learning Tool Keras

November 7, 2025

The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks. The post Data Exposure Vulnerability Found in Deep Learning Tool Keras appeared first on SecurityWeek .

SecurityWeek

ClickFix Attacks Against macOS Users Evolving

November 7, 2025

ClickFix prompts typically contain instructions for Windows users, but now they are tailored for macOS and they are getting increasingly convincing. The post ClickFix Attacks Against macOS Users Evolving appeared first on SecurityWeek .

The Hacker News

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

November 7, 2025

A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named "shanhai666" and are designed to run malicious code after specific trigger dates in August 2027 and

SecurityWeek

DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz

November 7, 2025

Google’s acquisition of Wiz is expected to close in 2026, but there are other reviews that need to be cleared. The post DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz appeared first on SecurityWeek .

SecurityWeek

The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures

November 7, 2025

The Congressional Budget Office confirmed it had been hacked, potentially disclosing important government data to malicious actors. The post The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures appeared first on SecurityWeek .

SecurityWeek

Chrome 142 Update Patches High-Severity Flaws

November 7, 2025

An out-of-bounds write flaw in WebGPU tracked as CVE-2025-12725 could be exploited for remote code execution. The post Chrome 142 Update Patches High-Severity Flaws appeared first on SecurityWeek .

The Hacker News

Enterprise Credentials at Risk – Same Old, Same Old?

November 7, 2025

Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she’s just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web

SecurityWeek

Destructive Russian Cyberattacks on Ukraine Expand to Grain Sector

November 7, 2025

Multiple state-sponsored Russian groups are targeting Ukrainian entities and European countries linked to Ukraine. The post Destructive Russian Cyberattacks on Ukraine Expand to Grain Sector appeared first on SecurityWeek .

The Hacker News

Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts

November 7, 2025

Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments. The approach is designed to tackle a common practice called review bombing, where online users intentionally post negative user reviews in an

SecurityWeek

18 Arrested in Crackdown on Credit Card Fraud Rings

November 7, 2025

Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million). The post 18 Arrested in Crackdown on Credit Card Fraud Rings appeared first on SecurityWeek .

The Hacker News

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

November 7, 2025

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension "susvsex," said it does not attempt to hide its malicious functionality. The extension was uploaded on

The Hacker News

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine

November 6, 2025

A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned. "InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link

The Hacker News

Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362

November 6, 2025

Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. "This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service

The Hacker News

From Tabletop to Turnkey: Building Cyber Resilience in Financial Services

November 6, 2025

Introduction Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in

The Hacker News

ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More

November 6, 2025

Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political leverage.

The Hacker News

Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response

November 6, 2025

Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative

The Hacker News

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

November 6, 2025

The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to deploy a minimalistic, Alpine Linux-based virtual machine. "This hidden environment, with its lightweight

The Hacker News

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

November 6, 2025

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call," the company said in a

The Hacker News

Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly

November 5, 2025

Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion. "PROMPTFLUX is written in VB Script and interacts with Gemini's API to request specific VBScript obfuscation and

The Hacker News

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

November 5, 2025

Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without their knowledge. The seven vulnerabilities and attack techniques, according to Tenable, were found in OpenAI's GPT-4o and GPT-5 models. OpenAI has

The Hacker News

Securing the Open Android Ecosystem with Samsung Knox

November 5, 2025

Raise your hand if you’ve heard the myth, “Android isn’t secure.” Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical. However, outdated concerns can hold your business back from unlocking its full potential. The truth is, with work happening everywhere, every device connected to your

The Hacker News

Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions

November 5, 2025

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the

The Hacker News

U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud

November 5, 2025

The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program," said Under Secretary of

The Hacker News

Why SOC Burnout Can Be Avoided: Practical Steps

November 5, 2025

Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach. But this doesn’t have to be the norm. The path out isn’t through working harder, but through working smarter, together. Here are three practical steps every SOC can

The Hacker News

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

November 5, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to

The Hacker News

A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces

November 4, 2025

The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform moderation and the operators'

The Hacker News

European Authorities Dismantle €600 Million Crypto Fraud Network in Global Sweep

November 4, 2025

Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place between October 27 and 29 across Cyprus, Spain, and Germany, with the suspects arrested on charges of involvement in

The Hacker News

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

November 4, 2025

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli's

The Hacker News

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

November 4, 2025

Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications," Check Point said in a report shared with The Hacker News. Following responsible disclosure in March

The Hacker News

Ransomware Defense Using the Wazuh Open Source Platform

November 4, 2025

Ransomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and critical infrastructure worldwide. A ransomware attack typically begins when the malware infiltrates a system through various vectors such as

The Hacker News

Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

November 4, 2025

Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs obfs4 for

The Hacker News

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

November 4, 2025

Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption. The list of vulnerabilities is as follows - CVE-2025-43429 - A buffer overflow

The Hacker News

U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks

November 4, 2025

Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-Conspirator 1") based in Florida, all U.S. nationals, are said to have used the ransomware strain against a medical

The Hacker News

Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel

November 4, 2025

Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised

The Hacker News

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

November 3, 2025

Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck. According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to

The Hacker News

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

November 3, 2025

Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized crime groups to break into entities in the

The Hacker News

⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More

November 3, 2025

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test.

The Hacker News

The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations

November 3, 2025

Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the

The Hacker News

Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data

November 3, 2025

Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices. According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep analysis efforts by first checking its running within a virtualized or emulated environment

The Hacker News

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

November 3, 2025

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file ("250908_A_HK이노션

The Hacker News

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

November 1, 2025

The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create an

The Hacker News

OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically

October 31, 2025

OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code. Called Aardvark, the artificial intelligence (AI) company said the autonomous agent is designed to help developers and security teams flag and fix security vulnerabilities at

The Hacker News

Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

October 31, 2025

A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's tracking the cluster under the moniker CL-STA-1009, where "CL" stands for cluster and "STA" refers to state-backed motivation. "Airstalk misuses the AirWatch API for mobile device management (MDM), which is now

The Hacker News

China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats

October 31, 2025

A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025. The activity targeted diplomatic organizations in Hungary, Belgium, Italy, and the Netherlands, as well as government agencies in Serbia, Arctic Wolf said in a

The Hacker News

China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

October 31, 2025

The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month, said that it

The Hacker News

The MSP Cybersecurity Readiness Guide: Turning Security into Growth

October 31, 2025

MSPs are facing rising client expectations for strong cybersecurity and compliance outcomes, while threats grow more complex and regulatory demands evolve. Meanwhile, clients are increasingly seeking comprehensive protection without taking on the burden of managing security themselves. This shift represents a major growth opportunity. By delivering advanced cybersecurity and compliance

The Hacker News

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

October 31, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. "By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security

The Hacker News

Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery

October 31, 2025

Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft's VS Code Marketplace and Open VSX

The Hacker News

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

October 31, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain

The Hacker News

A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do

October 31, 2025

A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway. On another Mac in the same office, file sharing is enabled through an old protocol called SMB version one. It’s fast and

The Hacker News

Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month

October 30, 2025

Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing scams before they could even be sent. In

The Hacker News

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks

October 30, 2025

The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in C++ QT for

The Hacker News

New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

October 30, 2025

A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. "It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed," Pino said in a

The Hacker News

The Death of the Security Checkbox: BAS Is the Power Behind Real Defense

October 30, 2025

Security doesn’t fail at the point of breach. It fails at the point of impact.  That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof. When a new exploit drops, scanners scour the internet in minutes. Once attackers gain a foothold,

The Hacker News

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

October 30, 2025

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s making headlines.

Bleeping Computer

Fake Instagram hacking tool leading to scams and malware

August 10, 2020

Fake Instagram hacking tool leading to scams and malware

Bleeping Computer

Google search results redirect to a Tech Support Scam

June 7, 2019

Google search results for "Lowes" redirecting to a Tech Support Scam

Bleeping Computer

PoC of Now-Patched Google Photos Vulnerability That Let Hackers Track Your Location History

March 20, 2019

PoC from Imperva for the Now-Patched Google Photos vulnerability that let hackers track your location history.

Bleeping Computer

Fake eBay Ad in Google Search Results Leads to Tech Support Scam

March 19, 2019

An advertising campaign pretending to be eBay has been discovered in the Google search results that leads to a Tech Support Scam.

Bleeping Computer

Exploiting a Remote Desktop Connection path traversal issue in the shared RDP clipboard

February 5, 2019

A demonstration by Check Point security on exploiting a Remote Desktop Connection path traversal issue in the shared RDP clipboard. More information about this attack can be found here: https://www.bleepingcomputer.com/news/security/rdp-clients-exposed-to-reverse-rdp-attacks-by-major-protocol-issues/

Bleeping Computer

FreeRDP remote code execution attack via RDP connection

February 5, 2019

This video is a demonstration by Check Point security for a FreeRDP remote code execution attack via RDP connection. More information about this attack can be found here: https://www.bleepingcomputer.com/news/security/rdp-clients-exposed-to-reverse-rdp-attacks-by-major-protocol-issues/

Bleeping Computer

MiTM attack in APT Linux Package Manager Demo

January 22, 2019

A Man-in-the-Middle (MiTM) attack in the APT Linux package manager has been discovered that could lead to remote code execution. More info here: https://www.bleepingcomputer.com/news/security/remote-code-execution-bug-patched-in-apt-linux-package-manager/

Bleeping Computer

Moving the text cursor in iOS by holding down any key

November 19, 2018

This is a new trick for us at BleepingComputer, but we just learned today that while editing text, you can hold down any key on the iOS keyboard and use it to easily move the cursor to where you want it.

Bleeping Computer

Google's Cookies Remain After Clearing all Cookies in Chrome 69

September 25, 2018

It has been discovered that when you clear all cookies in Chrome 69, Google authentications will either not be removed or automatically recreated.

Bleeping Computer

CCleaner Forcing Updates to 5.46 Even if Automatic Updates are disabled

September 17, 2018

Over the past week, users are reporting that CCleaner has started to automatically update older version to 5.46 even when automatic updates are disabled.

Bleeping Computer

New CSS+HTML Attack Crashes and Restarts or Resprings an iPhone

September 15, 2018

A new CSS+HTML attack has been discovered that will restart or respring an iPhone simply by visiting a web page hosting the code. This same attack will cause a Mac to freeze briefly and then cause it to slow down until the Safari tab is closed.

Bleeping Computer

Windows ClipBoard Hijacker Swaps out CryptoCurrency Addresses

June 29, 2018

This malware will swap out copied cryptocurrency addresses in Windows with one under their control. This allows them to trick you into sending them money, instead of who you originally intended. More information about the All-Radio 4.27 Portable malware package that installs this: https://www.bleepingcomputer.com/news/security/all-radio-427-portable-cant-be-removed-then-your-pc-is-severely-infected/

Bleeping Computer

WinDynamicDesktop on Windows 10 Demonstration

June 22, 2018

This video shows how the WinDynamicDesktop on Windows 10. Notice how the scene's lighting changes as day progresses. More info here: https://www.bleepingcomputer.com/news/software/windynamicdesktop-brings-the-macos-dynamic-desktop-feature-to-windows-10/

Bleeping Computer

Sneaky Miner Trojan Terminates Itself if Certain Games and Tools Are Detected

June 11, 2018

A new miner trojan monitors for certain game and tool processes and terminates itself when it detects them. You can read the full article here: https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/ Hash: https://www.virustotal.com/#/file/a4a31978671830bc95aaac939e0593f6c9de7b9c28e0cc956526e6caff7b3abd/detection

Bleeping Computer

KCW Ransomware Demonstration

April 27, 2018

This video demonstrates a new ransomware from a hacking group named Kerala Cyber Warriors that is targeting web sites, encrypting their files, and then demanding a ransom payment to get the files back.