The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a vulnerable device without requiring any authentication. They were addressed by Ivanti last week. Now, according to a report from EclecticIQ, the vulnerability chain has been abused by UNC5221 , a Chinese cyber espionage group known for its targeting of edge network appliances since at least 2023. Most recently, the hacking crew was also attributed to exploitation efforts targeting SAP NetWeaver instances susceptible to CVE-2025-31324. The Dutch cybersecurity company said the earliest exploitation activity dates back to May 15, 2025, with the attacks targeting healthcare, telecommunications, avia...

It's not enough to be secure. In today's legal climate, you need to prove it. Whether you're protecting a small company or managing compliance across a global enterprise, one thing is clear: cybersecurity can no longer be left to guesswork, vague frameworks, or best-effort intentions. Regulators and courts are now holding organizations accountable for how "reasonable" their security programs are—and that's not just a buzzword anymore. But what does " reasonable" even mean in cybersecurity? That's exactly what this free webinar  we hosted with the experts from Center for Internet Security (CIS) will help you answer. New privacy laws, ransomware lawsuits, and regulatory investigations are raising the bar for cybersecurity expectations. If your defense program can't show structure, strategy, and measurable maturity, you're not just at risk—you're already falling behind. This isn't about hype. It's about legal risk, operational readiness, and your reputation. In this...

For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality: too much still depends on people—not systems—to function. In fact, fewer than 4% of security teams have fully automated their core identity workflows . Core workflows, like enrolling in Multi Factor Authentication (MFA), keeping credentials secure and up to date, and revoking access the moment someone leaves—are often manual, inconsistent, and vulnerable to error. And when security execution relies on memory or follow-up, gaps appear fast. Human error remains one of the biggest threats to enterprise security. Verizon's 2025 Data Breach report found that the human element was involved in 60% of breaches. The same manual missteps that led to breaches a decade ago still expose identity systems today. Cerby's 2025 Identity Automation Gap research report shows just how wi...

Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances. It's worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues following the end of the 90-day deadline. "These vulnerabilities, when chained together, could allow an attacker to fully compromise both the application and the underlying host system," ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra said in a report shared with The Hacker News. The security defects are listed below - CVE-2025-34025 (CVSS score: 8.6) - A privilege escalation and Docker container escape vulnerability that's caused by unsafe default mounting of host binary paths and could be exploited to gain code execution on the underlying host m...

A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma (aka LummaC or LummaC2), seizing 2,300 domains that acted as the command-and-control (C2) backbone to commandeer infected Windows systems. "Malware like LummaC2 is deployed to steal sensitive information such as user login credentials from millions of victims in order to facilitate a host of crimes, including fraudulent bank transfers and cryptocurrency theft," the U.S. Department of Justice (DoJ) said in a statement. The confiscated infrastructure has been used to target millions across the world through affiliates and other cyber criminals. Lumma Stealer, active since late 2022, is estimated to have been used in at least 1.7 million instances to steal information, such as browser data, autofill information, login credentials, and cryptocurrency seed phrases. Th...

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165. Targets of the campaign include companies involved in the coordination, transport, and delivery of foreign assistance to Ukraine, according to a joint advisory released by agencies from Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the bulletin said...

Russian organizations have become the target of a phishing campaign that distributes malware called PureRAT, according to new findings from Kaspersky. "The campaign aimed at Russian business began back in March 2023, but in the first third of 2025 the number of attacks quadrupled compared to the same period in 2024," the cybersecurity vendor said . The attack chains, which have not been attributed to any specific threat actor, commence with a phishing email that contains a RAR file attachment or a link to the archive that masquerades as a Microsoft Word or a PDF document by making use of double extensions ("doc_054_[redacted].pdf.rar"). Present within the archive file is an executable that, when launched, copies itself to the "%AppData%" location of the compromised Windows machine under the name "task.exe" and creates a Visual Basic Script called "Task.vbs" in the Startup VBS folder. The executable then proceeds to unpack another ...

Counterfeit Facebook pages and sponsored ads on the social media platform are being employed to direct users to fake websites masquerading as Kling AI with the goal of tricking victims into downloading malware. Kling AI is an artificial intelligence (AI)-powered platform to synthesize images and videos from text and image prompts. Launched in June 2024, it's developed by Kuaishou Technology, which is headquartered in Beijing, China. As of April 2025, the service has a user base of more than 22 million, per data from the company. "The attack used fake Facebook pages and ads to distribute a malicious file which ultimately led to the execution of a remote access Trojan (RAT), granting attackers remote control of the victim's system and the ability to steal sensitive data," Check Point said . First detected in early 2025, the campaign leads unsuspecting users to a spoofed website such as klingaimedia[.]com or klingaistudio[.]com, where they are asked to create AI-genera...

Continuous Integration and Continuous Delivery/Deployment (CI/CD) refers to practices that automate how code is developed and released to different environments. CI/CD pipelines are fundamental in modern software development, ensuring code is consistently tested, built, and deployed quickly and efficiently. While CI/CD automation accelerates software delivery, it can also introduce security risks. Without proper security measures, CI/CD workflows can be vulnerable to supply chain attacks, insecure dependencies, and insider threats. To mitigate these risks, organizations must integrate measures for continuous monitoring and enforcing security best practices at every pipeline stage. Securing CI/CD workflows preserves the software delivery process's confidentiality, integrity, and availability. Security challenges and risks in CI/CD workflows While CI/CD workflows offer benefits in terms of automation and speed, they also bring unique security challenges that must be addressed to ...

It takes just one email to compromise an entire system. A single well-crafted message can bypass filters, trick employees, and give attackers the access they need. Left undetected, these threats can lead to credential theft, unauthorized access, and even full-scale breaches. As phishing techniques become more evasive, they can no longer be reliably caught by automated solutions alone. Let's take a closer look at how SOC teams can ensure fast, accurate detection of even the most evasive phishing attacks, using the example of Tycoon2FA, the number one phishing threat in the corporate environment today. Step 1: Upload a suspicious file or URL to the sandbox Let's consider a typical situation: a suspicious email gets flagged by your detection system, but it's unclear whether it's indeed malicious. The fastest way to check it is to run a quick analysis inside a malware sandbox. A sandbox is an isolated virtual machine where you can safely open files, click links, and observe behavior ...

Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App (PWA) scam. "While the payload itself is nothing new (yet another adult gambling scam), the delivery method stands out," c/side researcher Himanshu Anand said in a Tuesday analysis. "The malicious landing page is a full-blown Progressive Web App ( PWA ), likely aiming to retain users longer and bypass basic browser protections." The campaign is designed to explicitly filter out desktop users, primarily focusing on mobile users. The activity has been described as a client-side attack that uses third-party JavaScript and only triggers on mobile devices. The use of PWAs, a type of application built using web technologies that provide a user experience similar to that of a native app built for a specific platform like Windows, Linux, macOS, Android, or iOS, is seen as an at...

Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user's password when it detects the credentials to be compromised. "When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically," Google's Ashima Arora, Chirag Desai, and Eiji Kitamura said . "On supported websites, Chrome can generate a strong replacement and update the password for the user automatically." The feature builds upon Password Manager 's existing capabilities to generate strong passwords during sign-up and flag credentials that have been detected in a data breach. Google told The Hacker News the feature hasn't been formally launched for end users, and that it's mainly geared towards developers so they can optimize their websites for once the feature launches. With the automated password change, Google said the idea is to reduce fric...