The Hacker News | #1 Trusted Source for Cybersecurity News

Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group's Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely actively collaborating with Gamaredon to gain access to specific machines in Ukraine and deliver the Kazuar backdoor.  "PteroGraphin was used to restart the Kazuar v3 backdoor, possibly after it crashed or was not launched automatically," ESET said in a report shared with The Hacker News. "Thus, PteroGraphin was probably used as a recovery method by Turla." In a separate instance in April and June 2025, ESET said it also detected the deployment of Kazuar v2 through two other Gamaredon malware families tracked as PteroOdd and PteroPaste. Both Gamaredon (aka Aqua B...

Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city's public transportation agency. Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, from East London and Owen Flowers, 18, from Walsall, West Midlands were arrested at their home addresses on Tuesday, the National Crime Agency (NCA) said. They are 19 and 18, respectively. It's worth noting that Flowers was initially arrested for his alleged involvement in the TfL attack in September 2024, but was subsequently released on bail. The agency said it found evidence of Flowers targeting U.S. healthcare companies, and that he has also been charged with conspiring with others to infiltrate and damage the networks of SSM Health Care Corporation and Sutter Health. Jubair has also been charged under the Regulation of Investigatory Powers...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization's network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile (EPMM). "Each set contains loaders for malicious listeners that enable cyber threat actors to run arbitrary code on the compromised server," CISA said in an alert. The vulnerabilities that were exploited in the attack include CVE-2025-4427 and CVE-2025-4428 , both of which have been abused as zero-days prior to them being addressed by Ivanti in May 2025. While CVE-2025-4427 concerns an authentication bypass that allows attackers to access protected resources, CVE-2025-4428 enables remote code execution. As a result, the two flaws could be chained to execute arbitrary code on a vulnerable device without authentication. According to CISA, the threat actors gained access to server running EPMM by combing the two vulner...

SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The company said it recently detected suspicious activity targeting the cloud backup service for firewalls, and that unknown threat actors accessed backup firewall preference files stored in the cloud for less than 5% of its customers. "While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially exploit the related firewall," the company said . The network security company said it's not aware of any of these files being leaked online by the threat actors, adding it was not a ransomware event targeting its network. "Rather this was a series of brute-force attacks aimed at gaining access to the preference files stored in backup for potential further use by threat actors," it noted. It's currently not known who is...

Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2 , and a remote access trojan known as PureHVNC RAT. "CountLoader is being used either as part of an Initial Access Broker's (IAB) toolset or by a ransomware affiliate with ties to the LockBit, Black Basta, and Qilin ransomware groups," Silent Push said in an analysis. Appearing in three different versions – .NET, PowerShell, and JavaScript – the emerging threat has been observed in a campaign targeting individuals in Ukraine using PDF-based phishing lures and impersonating the National Police of Ukraine. Silent Push told The Hacker News that it does not have any insight into the nature of malware that was dropped using CountLoader. It's worth noting that the PowerShell version of the malware was previously flagged by Kaspersky as being distributed using DeepSe...

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. "SilentSync is capable of remote command execution, file exfiltration, and screen capturing," Zscaler ThreatLabz's Manisha Ramcharan Prajapati and Satyam Singh said . "SilentSync also extracts web browser data, including credentials, history, autofill data, and cookies from web browsers like Chrome, Brave, Edge, and Firefox." The packages, now no longer available for download from PyPI, are listed below. They were both uploaded by a user named "CondeTGAPIS." sisaws (201 Downloads) secmeasure (627 Downloads) Zscaler said the package sisaws mimics the behavior of the legitimate Python package sisa, which is associated with Argentina's national health information system, Sistema Integrado de Información Sanitaria Argentino (SISA). However, ...

AI's growing role in enterprise environments has heightened the urgency for Chief Information Security Officers (CISOs) to drive effective AI governance. When it comes to any emerging technology, governance is hard – but effective governance is even harder. The first instinct for most organizations is to respond with rigid policies. Write a policy document, circulate a set of restrictions, and hope the risk is contained. However, effective governance doesn't work that way. It must be a living system that shapes how AI is used every day, guiding organizations through safe transformative change without slowing down the pace of innovation.  For CISOs, finding that balance between security and speed is critical in the age of AI. This technology simultaneously represents the greatest opportunity and greatest risk enterprises have faced since the dawn of the internet. Move too fast without guardrails, and sensitive data leaks into prompts, shadow AI proliferates, or regulatory gaps bec...

Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in question is CVE-2025-10585 , which has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine. Type confusion vulnerabilities can have severe consequences as they can be weaponized by bad actors to trigger unexpected software behavior, resulting in the execution of arbitrary code and program crashes. Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on September 16, 2025. As is typically the case, the company did not share any additional specifics about how the vulnerability is being abused in real-world attacks, by whom, or the scale of such efforts. This is done to prevent other threat actors from exploiting the issue before users can apply a fix. "Google is aware that an exploit for CVE-2025-10585 exis...

The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets. Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluster it tracks as RevengeHotels. "The threat actors continue to employ phishing emails with invoice themes to deliver Venom RAT implants via JavaScript loaders and PowerShell downloaders," the company said . "A significant portion of the initial infector and downloader code in this campaign appears to be generated by large language model (LLM) agents." The findings demonstrate a new trend among cybercriminal groups to leverage artificial intelligence (AI) to bolster their tradecraft. Known to be active since at least 2015, RevengeHotels has a history of hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised syste...

A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China economic-themed lures. "In this activity, the group masqueraded as the current Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party (CCP), as well as the U.S.-China Business Council, to target a range of individuals and organizations predominantly focused on U.S.-China relations, trade, and economic policy," Proofpoint said in an analysis. The enterprise security company said the activity, observed throughout July and August 2025, is likely an effort on part of Chinese state-sponsored threat actors to facilitate intelligence gathering amid ongoing U.S.-China trade talks, adding the hacking group shares overlaps with a threat cluster tracked broadly under the names APT41 and Brass Typhoon (formerly Barium). The findings come days...

Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than ever before. But, imagine the flip side, waking up to news that hackers have used a quantum computer to crack your company's encryption overnight, exposing your most sensitive data, rendering much of it untrustworthy. And with your sensitive data exposed, where does that leave trust from your customers? And the cost to mitigate - if that is even possible with your outdated pre-quantum systems? According to IBM, cyber breaches are already hitting businesses with an average of $4.44 million per incident, and as high as $10.22 million in the US, but with quantum and AI working simultaneously, experts warn it could go much higher. In 2025, nearly two-thirds of organizations see quantum computing as the biggest cybersecurity threat looming in the next 3-5 years, while 93% of security leaders are prepping for daily AI-driven a...

Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model (LLM) platforms, employees now rely on these tools to code, analyze, draft, and decide. But for CISOs and security architects, the very speed of adoption has created a paradox: the more powerful the tools, the more porous the enterprise boundary becomes. And here's the counterintuitive part: the biggest risk isn't that employees are careless with prompts. It's that organizations are applying the wrong mental model when evaluating solutions, trying to retrofit legacy controls for a risk surface they were never designed to cover. A new guide ( download here ) tries to bridge that gap. The Hidden Challenge in Today's Vendor Landscape The AI data security market is already crowded. Every vendor, from traditional DLP to next-gen SSE platforms, is rebranding around "AI security." On paper, this seems to of...