The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

In today's security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real challenge. Yet lean security models are not only possible - they can be highly effective. River Island, one of the UK's leading fashion retailers, offers a powerful case study on how to do more with less. As River Island's InfoSec Officer, Sunil Patel and his small team of three are responsible for securing over 200 stores, an e-commerce platform, a major distribution center, and head offices. With no headcount growth on the horizon, Sunil had to rethink how security could scale effectively. By adopting a lean security model, powered by Intruder's exposure management platform , the team was able to improve visibility, respond faster to threats, and empower others across the business to fix what matters most. Here are five key lessons from thei...

Microsoft has released patches to fix 67 security flaws , including one zero-day bug in Web Distributed Authoring and Versioning (WebDAV) that it said has come under active exploitation in the wild. Of the 67 vulnerabilities, 11 are rated Critical and 56 are rated Important in severity. This includes 26 remote code execution flaws, 17 information disclosure flaws, and 14 privilege escalation flaws. The patches are in addition to 13 shortcomings addressed by the company in its Chromium-based Edge browser since the release of last month's Patch Tuesday update . The vulnerability that has been weaponized in real-world attacks concerns a remote code execution in WebDAV ( CVE-2025-33053 , CVSS score: 8.8) that can be triggered by deceiving users into clicking on a specially crafted URL. The tech giant credited Check Point researchers Alexandra Gofman and David Driker for discovering and reporting the bug. It's worth mentioning that CVE-2025-33053 is the first zero-day vulnerab...

Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager (AEM). Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in AEM Cloud Service Release 2025.5 and version 6.5.23. "Successful exploitation of these vulnerabilities could result in arbitrary code execution, privilege escalation, and security feature bypass," Adobe said in an advisory. Almost all the 225 vulnerabilities have been classified as cross-site scripting (XSS) vulnerabilities, specifically a mix of stored XSS and DOM-based XSS, that could be exploited to achieve arbitrary code execution. Adobe has credited security researchers Jim Green (green-jam), Akshay Sharma (anonymous_blackzero), and lpi for discovering and reporting the XSS flaws. The most severe of the flaws patched by the company as part of ...

Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries ), exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions. "Low-code platforms such as Salesforce Industry Cloud make building applications easier, but that convenience can come at a cost if security isn't prioritized," Aaron Costello, chief of SaaS Security Research at AppOmni, said in a statement shared with The Hacker News. These misconfigurations, if left unaddressed, could allow cybercriminals and unauthorized to access encrypted confidential data on employees and customers, session data detailing how users have interacted with Salesforce Industry Cloud, credentials for Salesforce and other company systems, and business logic. Following responsible discl...

The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a malware family called More_eggs. "By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before delivering phishing messages that lead to malware," the DomainTools Investigations (DTI) team said in a report shared with The Hacker News. More_eggs is the work of another cybercrime group called Golden Chickens (aka Venom Spider), which was most recently attributed to new malware families like TerraStealerV2 and TerraLogger. A JavaScript-based backdoor, it's capable of enabling credential theft, system access, and follow-on attacks, including ransomware. One of the malware's known customers is FIN6 (aka Camouflage Tempest, Gold Franklin, ITG08, Skeleton Spider, and TA4557), an e-crime crew that originally targeted point-of-s...

Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that's being propagated via fraudulent gaming websites. "Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background," Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan Ambasankar, and Adarsh S said in an analysis. The stealer, initially marketed on Telegram for free under beta in late December 2024, has since transitioned to a malware-as-a-service (MaaS) model. It's equipped to steal passwords, cookies, and autofill information from both Chromium- and Gecko-based browsers, such as Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi, and Mozilla Firefox. The operators of the malware have been found maintaining a number of Telegram channels to advertise the sale of compromised accounts as well as provide testimonials of their service. The...

Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — have exploded in recent years, thanks to an ever-expanding array of apps and services that must work together and identify one another on the fly. In some enterprises, NHIs now outnumber human identities by as much as 50-to-1 .  However, NHIs introduce unique risks and management challenges that have security leaders on high alert. Forty-six percent of organizations have experienced compromises of NHI accounts or credentials over the past year, and another 26% suspect they have, according to a recent report from Enterprise Strategy Group .  It's no wonder NHIs — and the difficulties they present with oversight, risk reduction, and gove...

Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher "brutecat," leverages an issue in the company's account recovery feature. That said, exploiting the vulnerability hinges on several moving parts, specifically targeting a now-deprecated JavaScript-disabled version of the Google username recovery form ("accounts.google[.]com/signin/usernamerecovery") that lacked anti-abuse protections designed to prevent spammy requests. The page in question is designed to help users check if a recovery email or phone number is associated with a specific display name (e.g., "John Smith"). But circumventing the CAPTCHA-based rate limit ultimately made it possible to try out all permutations of a Google account's phone number in a short space of time and arrive at t...

The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries. "A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries," Kaspersky said . "The malicious functionality of the campaign described in this article is implemented through command files and PowerShell scripts." The intent of the attacks is to establish remote access to compromised hosts, and siphon credentials, and deploy the XMRig cryptocurrency miner. The activity impacted hundreds of Russian users spanning industrial enterprises and engineering schools, with a smaller number of infections also recorded in Belarus and Kazakhstan. Rare Werewolf , also known by the names Librarian Ghouls and Rezet, is the moniker assigned to an advanced persistent threat (APT) group that has a track record of...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-32433 (CVSS score: 10.0) - A missing authentication for a critical function vulnerability in the Erlang/OTP SSH server that could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution. (Fixed in April 2025 in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20) CVE-2024-42009 (CVSS score: 9.3) - A cross-site scripting (XSS) vulnerability in RoundCube Webmail that could allow a remote attacker to steal and send emails of a victim via a crafted email message by taking advantage of a desanitization issue in program/actions/mail/show.php. (Fixed in August 2024 in versions 1.6...

The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. "The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors," SentinelOne security researchers Aleksandar Milenkoski and Tom Hegel said in a report published today. Some of the targeted sectors include manufacturing, government, finance, telecommunications, and research. Also present among the victims was an IT services and logistics company that was managing hardware logistics for SentinelOne employees at the time of the breach in early 2025. The malicious activity has been attributed with high confidence to China-nexus threat actors, with some of the attacks tied to a threat cluster dubbed PurpleHaze , which, in turn, overlaps with Chinese cyber espionage groups publicly reported as APT15...

A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that allows for remote code execution on Wazuh servers. The security defect , which affects all versions of the server software including and above 4.4.0, was addressed in February 2025 with the release of 4.9.1. A proof-of-concept (PoC) exploit was publicly disclosed around the same time the patches were released. The problem is rooted in the Wazuh API, where parameters in the DistributedAPI are serialized as JSON and deserialized using "as_wazuh_object" in the framework/wazuh/core/cluster/common.py file. A threat actor could weaponize the vulnerability by injecting malicious JSON...