The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They understand how to staff out their organization. They understand the intricacies of compliance. They understand what it takes to reduce risk. Yet one question comes up again and again in our conversations with these security leaders: how do I make the impact of risk clear to business decision-makers? Boards want to hear how risk affects revenue, governance, and growth. They have a limited attention span for lists of vulnerabilities or technical details. When the story gets too technical, even urgent initiatives lose traction and fail to get funded. CISOs need to translate technical issues into terms the board understands. Doing so builds trust, garners support and shows how security decisions connect directly to long-term growth. It was the urgent need to bridge the CISO-Board communication gap that led us to create a new paradigm in CISO continu...

Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data. The malvertising campaign, per Bitdefender , is designed to push fake " Meta Verified " browser extensions named SocialMetrics Pro that claim to unlock the blue check badge for Facebook and Instagram profiles. At least 37 malicious ads have been observed serving the extension in question. "The malicious ads are bundled with a video tutorial that guides viewers through the process of downloading and installing a so-called browser extension, which claims to unlock the blue verification tick on Facebook or other special features," the Romanian cybersecurity vendor said. But, in reality, the extension – which is hosted on a legitimate cloud service called Box -- is capable of collecting session cookies from Facebook and sending them to a Telegram bot controlled by the attackers. It's also equipped to ...

Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management (RMM) software, to deliver a fleshless loader that drops a remote access trojan (RAT) called AsyncRAT to steal sensitive data from compromised hosts. "The attacker used ScreenConnect to gain remote access, then executed a layered VBScript and PowerShell loader that fetched and ran obfuscated components from external URLs," LevelBlue said in a report shared with The Hacker News. "These components included encoded .NET assemblies ultimately unpacking into AsyncRAT while maintaining persistence via a fake 'Skype Updater' scheduled task." In the infection chain documented by the cybersecurity company, the threat actors have been found to leverage a ScreenConnect deployment to initiate a remote session and launch a Visual Basic Script payload via hands-on-keyboard activity. "We saw trojanized ScreenC...

An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme . "This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads," Bitdefender researcher Bogdan Zavadovschi said in a report shared with The Hacker News. "The core component, EggStremeAgent, is a full-featured backdoor that enables extensive system reconnaissance, lateral movement, and data theft via an injected keylogger." The targeting of the Philippines is something of a recurring pattern for Chinese state-sponsored hacking groups, particularly in light of geopolitical tensions fueled by territorial disputes in the South China Sea between China, Vietnam, the Philippines, Taiwan, Malaysia, and Brunei. That said, the latest activity has not been a...

Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems. According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures. CHILLYHELL is the name assigned to a malware that's attributed to an uncategorized threat cluster dubbed UNC4487. The hacking group is assessed to have been active since at least October 2022. According to threat intelligence shared by Google Mandiant, UNC4487 is a suspected espionage actor that has been observed compromising the websites of Ukrainian government entities to redirect and socially engineer targets to execute Matanbuchus or CHILLYHELL malware. The Apple device management company said it discovered a new CHILLYHELL sample uploaded to the VirusTotal malware scanning platform on May 2, 2025. The artifact, notarized ...

Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month , 38 of the disclosed flaws are related to privilege escalation, followed by remote code execution (22), information disclosure (14), and denial-of-service (3). "For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws," Satnam Narang, senior staff research engineer at Tenable, said. "Nearly 50% (47.5%) of all bugs this month are privilege escalation vulnerabilities." The patches are in addition to 12 vulnerabilities addressed in Microsoft's Chromium-based Edge browser since the release of August 2025's Patch Tuesday update, including a securit...

Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the tech giant, offers "always-on memory safety protection" across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and A19 Pro chips keeping this aspect in mind. "Memory Integrity Enforcement is built on the robust foundation provided by our secure memory allocators, coupled with Enhanced Memory Tagging Extension (EMTE) in synchronous mode, and supported by extensive Tag Confidentiality Enforcement policies," the company noted . The effort is an aim to improve memory safety and prevent bad actors, specifically those leveraging mercenary spyware , from weaponizing such flaws in the first place to break into devices as part of highly-targeted attacks. The technology that underpins MIE...

Introduction Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the need to work efficiently, deliver consistent results, and scale their offerings. Yet, many service providers still rely on manual processes that slow down delivery, make it harder to maintain consistency across clients, and limit the time teams have to focus on more strategic initiatives. Even experienced service providers can find themselves stretched thin as they try to meet rising client expectations while managing operational complexity. In this environment, automation offers an opportunity to work more effectively and deliver greater value. By streamlining repetitive tasks, improving con...

Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA , a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses.  Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at risk by targeting industries from finance to energy. Its multi-stage execution chain, evasive infrastructure, and ability to intercept credentials and 2FA codes make it one of the most dangerous PhaaS frameworks seen this year. Why Salty2FA Raises the Stakes for Enterprises Salty2FA’s ability to bypass push, SMS, and voice-based 2FA means stolen credentials can lead directly to account takeover. Already aimed at finance, energy, and telecom sectors, the kit turns common phishing emails into high-impact breaches.  Who is Being Targeted? ANY.RUN analysts mapped Salty2FA campaigns and fo...

The House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the People's Republic of China (PRC) amid contentious U.S.–China trade talks. "These campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business organizations, D.C. law firms and think tanks, and at least one foreign government," the committee said . The committee noted that suspected threat actors from China impersonated Republican Party Congressman John Robert Moolenaar in phishing emails sent to trusted counterparts with an aim to deceive them and trick them into opening files and links that would grant them unauthorized access to their systems and sensitive information without their knowledge. The end goal of the attacks was to steal valuable data by abusing software and cloud services to cover up traces...

Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it's not aware of any exploits in the wild. "A potential attacker could take over customer accounts in Adobe Commerce through the Commerce REST API," Adobe said in an advisory issued today. The issue impacts the following products and versions - Adobe Commerce (all deployment methods): 2.4.9-alpha2 and earlier 2.4.8-p2 and earlier 2.4.7-p7 and earlier 2.4.6-p12 and earlier 2.4.5-p14 and earlier 2.4.4-p15 and earlier Adobe Commerce B2B: 1.5.3-alpha2 and earlier 1.5.2-p2 and earlier 1.4.2-p7 and earlier 1.3.4-p14 and earlier 1.3.3-p15 and earlier Magento Open Source: 2.4.9-al...

SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below - CVE-2025-42944 (CVSS score: 10.0) - A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious payload to an open port through the RMI-P4 module , resulting in operating system command execution CVE-2025-42922 (CVSS score: 9.9) - An insecure file operations vulnerability in SAP NetWeaver AS Java that could allow an attacker authenticated as a non-administrative user to upload an arbitrary file CVE-2025-42958 (CVSS score: 9.1) - A missing authentication check vulnerability in the SAP NetWeaver application on IBM i-series that could allow highly privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionaliti...

Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns, according to new findings from ReliaQuest. "Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined," the cybersecurity company said in a report shared with The Hacker News. "Out of 32 flagged user agents observed in this timeframe, Axios accounted for 24.44% of all activity." The abuse of Axios was previously flagged by Proofpoint in January 2025, detailing campaigns utilizing HTTP clients to send HTTP requests and receive HTTP responses from web servers to conduct account takeover (ATO) attacks on Microsoft 365 environments. ReliaQuest told The Hacker News that there is no evidence to suggest these activities are related, adding that the tool is regularly exploited alongside popular phishin...

A new Android malware called RatOn  has evolved from a basic tool capable of conducting Near Field Communication ( NFC ) relay attacks to a sophisticated remote access trojan with Automated Transfer System ( ATS ) capabilities to conduct device fraud. "RatOn merges traditional overlay attacks with automatic money transfers and NFC relay functionality – making it a uniquely powerful threat," the Dutch mobile security company said in a report published today. The banking trojan comes fitted with account takeover functions targeting cryptocurrency wallet applications like MetaMask, Trust, Blockchain.com, and Phantom, while also capable of carrying out automated money transfers abusing George Česko, a bank application used in the Czech Republic. Furthermore, it can perform ransomware-like attacks using custom overlay pages and device locking. It's worth noting that a variant of the HOOK Android trojan was also observed incorporating ransomware-style overlay screens to d...

⚠️ One click is all it takes. An engineer spins up an “experimental” AI Agent to test a workflow. A business unit connects to automate reporting. A cloud platform quietly enables a new agent behind the scenes. Individually, they look harmless. But together, they form an invisible swarm of Shadow AI Agents—operating outside security’s line of sight, tied to identities you don’t even know exist. And here’s the uncomfortable truth: every one of them carries infinite risk. Agents impersonating trusted users. Non-human identities with access you didn’t approve. Data leaking across boundaries you thought were locked down. This isn’t a futuristic threat. It’s happening today, across enterprises everywhere. And they’re multiplying faster than your governance can catch up. That’s why you can’t miss our upcoming panel: Shadow AI Agents Exposed. Secure your seat now - Register Here . Why Shadow AI is Exploding From identity providers to PaaS platforms, it takes almost nothing to spin...

Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT . The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said. "These include the use of an Easy Programming Language ( EPL ) to develop a staged payload, concealing malicious operations and disabling security tools to prevent alert triggers, securing command-and-control (C2) communications using mutual TLS (mTLS), supporting various methods for deploying additional payloads, and even installing popular remote access tools," Yurren Wan said . EPL is an obscure visual programming language that supports traditional Chinese, simplified Chinese, English, and Japanese variants. It's chiefly meant for users who may not be proficient in English....

It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you're a CISO or security leader, you've likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they're framed in a way the board can understand and appreciate. According to a Gartner analysis , 88% of Boards see cybersecurity as a business risk, rather than an IT issue, yet many security leaders still struggle to raise the profile of cybersecurity within the organization. For security issues to resonate amongst the Board, you need to speak its language: business continuity, compliance, and cost impact. Below are some strategies to help you frame the conversation, transforming the technical and complex into clear business directives.  Recognize the High Stakes Cyber threats continue to evolve, from ransomware and supply chain attacks to...