The Hacker News15h
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
The fraudulent website mimicking India Post is named "postindia [.]site." Users who land on the site from Windows systems are ...
The Hacker News21h
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
CISA adds Sitecore flaws CVE-2019-9874 and CVE-2019-9875 to KEV amid active exploitation and agency patch mandates.
The Hacker News14h
Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
RansomHub's EDRKillShifter used in 2024 ransomware by Medusa, BianLian, and Play, revealing cross-gang tool sharing.
The Hacker News11h
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records
DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the ...
The Hacker News22h
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware | Read more hacking news on The Hacker News ...
The Hacker News14h
New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
VMware Tools flaw CVE-2025-22230 enables high-privilege actions on Windows VMs + No workaround + Patch in 12.5.1.
The Hacker News22h
NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems
SnapCenter is an enterprise-focused software that's used to manage data protection across applications, databases, virtual ...
The Hacker News20h
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language ...
The Hacker News22h
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
The Russian cybersecurity vendor, in its own bulletin, characterized the zero-day exploitation of CVE-2025-2783 as a ...
The Hacker News16h
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
Traditional CASB tools miss 100% of shadow SaaS threats—browser-based security offers real-time visibility and control.
The Hacker News1d
How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More
Simple, reused, or improperly stored passwords remain a major weak link for many organizations. PAM solutions can secure ...
The Hacker News1d
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
"Atlantis AIO Multi-Checker is a cybercriminal tool designed to automate credential stuffing attacks," it said. "Capable of ...