The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve efficiency across tasks, they also present new data leak prevention for generative AI challenges. Sensitive information may be shared through chat prompts, files uploaded for AI-driven summarization, or browser plugins that bypass familiar security controls. Standard DLP products often fail to register these events. Solutions such as Fidelis Network ® Detection and Response (NDR) introduce network-based data loss prevention that brings AI activity under control. This allows teams to monitor, enforce policies, and audit GenAI use as part of a broader data loss prevention strategy. Why Data Loss Prevention Must Evolve for GenAI Data loss prevention for generative AI requires shifting focus from endpoints and siloed channels to visibility across the entire traffic path. Unlike earlier tools that rely on scanning emails or storage shares, NDR technol...

Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass vulnerability in its software. The high-severity issue , which is yet to be assigned a CVE identifier, has been addressed in Passwordstate 9.9 (Build 9972), released August 28, 2025. The Australian company said it fixed a "potential Authentication Bypass when using a carefully crafted URL against the core Passwordstate Products' Emergency Access page." Also included in the latest version are improved protections to safeguard against potential clickjacking attacks aimed at its browser extension, should users end up visiting compromised sites. The safeguards are likely in response to findings from security researcher Marek Tóth, who, earlier this month, detailed a technique called Document Object Model (DOM)-based extension clickjacking that several password manager browser add-ons have been found vul...

The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet. FreePBX is an open-source private branch exchange (PBX) platform widely used by businesses, call centers, and service providers to manage voice communications. It's built on top of Asterisk , an open-source communication server. The vulnerability, assigned the CVE identifier CVE-2025-57819 , carries a CVSS score of 10.0, indicating maximum severity. "Insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator, leading to arbitrary database manipulation and remote code execution," the project maintainers said in an advisory. The issue impacts the following versions - FreePBX 15 prior to 15.0.66 FreePBX 16 prior to 16.0.89, and FreePBX 17 prior to 17.0.3 Sangoma said an unauthorized user began accessing mult...

Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent identity documents to cybercriminals across the world. To that end, two marketplace domains (verif[.]tools and veriftools[.]net) and one blog have been taken down, redirecting site visitors to a splash page stating the action was undertaken by the U.S. Federal Bureau of Investigation (FBI) pursuant to a warrant issued by a United States District Court. The servers were seized in Amsterdam. However, a Telegram message posted by operators on August 28, 2025, shows that they have already launched the service on the domain "veriftools[.]com." The domain was created on December 10, 2018, per DomainTools . It's currently not known who the administrators of the platform are. "The operators of VerifTools produced and sold counterfeit driver's licenses, passports, and other identification documents that could be use...

Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it impacts all integrations. "We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised," Google Threat Intelligence Group (GTIG) and Mandiant said in an updated advisory. The tech giant said the attackers also used stolen OAuth tokens to access email from a small number of Google Workspace email accounts on August 9, 2025, after compromising the OAuth tokens for the "Drift Email" integration. It's worth noting that this is not a compromise of Google Workspace or Alphabet itself. "The only accounts that were potentially accessed were those that had been specifically configured to integrate with Salesloft; the actor would not have been able to access any other accounts on a customer's Worksp...

Cybersecurity researchers have discovered a cybercrime campaign that's using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef . "The objective is to lure victims into downloading and installing a trojanized PDF editor, which includes an information-stealing malware dubbed TamperedChef," Truesec researchers Mattias Wåhlén, Nicklas Keijser, and Oscar Lejerbäck Wolf said in a report published Wednesday. "The malware is designed to harvest sensitive data, including credentials and web cookies." At the heart of the campaign is the use of several bogus sites to promote an installer for a free PDF editor called AppSuite PDF Editor that, once installed and launched, displays to the user a prompt to agree to the software's terms of service and privacy policy. In the background, however, the setup program makes covert requests to an external server to drop the PDF editor program, while also setting...

Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions. Software supply chain security outfit ReversingLabs said it made the discovery after it identified a malicious extension named "ahbanC.shiba" that functioned similarly to two other extensions – ahban.shiba and ahban.cychelloworld – that were flagged earlier this March. All three libraries are designed to act as a downloader to retrieve a PowerShell payload from an external server that encrypts files in a folder called "testShiba" on the victim's Windows desktop and demands a Shiba Inu token by instructing the victim to deposit the assets to an unspecified wallet. These efforts suggest ongoing development attempts by the threat actor. The company said it decided to dig deeper because of the fact that the name of the new extension ("ahbanC.shiba") was virtually the same as one of the t...

The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors. "While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised devices and trusted connections to pivot into other networks," according to a joint cybersecurity advisory published Wednesday. "These actors often modify routers to maintain persistent, long-term access to networks." The bulletin , courtesy of authorities from 13 countries, said the malicious activity has been linked to three Chinese entities, Sichuan Juxinhe Network Technology Co., Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd. These companies,...

Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when that trust is broken? According to a recent report by Statista, the average cost of a data breach worldwide was about $4.88 million. Also, in 2024, the private data of over 15 million Trello user profiles was shared on a popular hacker forum. Yet, most organizations and project managers still assume that their platform's built-in backups are enough until they are not. The next few paragraphs will expose some risks of relying on these platform tools alone and how to better protect yourself and your organization from data loss with cloud backup and recovery . Why are project management tools becoming a prime target for data loss? More than 95% of businesses today rely heavily on project management tools like Trello and Asana to organize tasks, collaborate with teams, and track project milestones. However, as project managers become mor...

The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other auxiliary plugins with data-gathering capabilities. "Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under the user's accounts," the maintainers said in an advisory published Wednesday. Nx is an open-source, technology-agnostic build platform that's designed to manage codebases. It's advertised as an "AI-first build platform that connects everything from your editor to CI [continuous integration]." The npm package has over 3.5 million weekly downloads. The list of affected packages and versions is below. These versions have since been removed from the npm registry. The compromise of the nx package took place on August 26, 20...

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two entities for their role in the North Korean remote information technology (IT) worker scheme to generate illicit revenue for the regime's weapons of mass destruction and ballistic missile programs. "The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom," said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. "Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable." The key players targeted include Vitaliy Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology Co., Ltd, and Korea Sinjin Trading Corporation. The latest effort expands the scope of sanctions imposed against Chinyong Informat...

The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments. "Unlike traditional on-premises ransomware, where the threat actor typically deploys malware to encrypt critical files across endpoints within the compromised network and then negotiates for a decryption key, cloud-based ransomware introduces a fundamental shift," the Microsoft Threat Intelligence team said in a report shared with The Hacker News. "Leveraging cloud-native capabilities, Storm-0501 rapidly exfiltrates large volumes of data, destroys data and backups within the victim environment, and demands ransom -- all without relying on traditional malware deployment." Storm-0501 was first documented by Microsoft almost a year ago, detailing its hybrid cloud ransomware attacks targeting government, manufacturing, transportation, and law enforcement sectors in the U.S., with the thr...