The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad , a malware widely shared by Chinese state-sponsored actors. "FamousSparrow deployed two previously undocumented versions of the SparrowDoor backdoor, one of them modular," ESET said in a report shared with The Hacker News. "Both versions constitute considerable progress over previous ones and implement parallelization of commands." FamousSparrow was first documented by the Slovak cybersecurity company in September 2021 in connection with a series of cyber attacks aimed at hotels, governments, engineering companies, and law firms with SparrowDoor, an implant exclusively used by the group. Since then, there have been reports of the adversarial...

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload, maintain persistence and steal sensitive data from infected systems," Trend Micro researcher Aliakbar Zahravi said in an analysis. The vulnerability in question is CVE-2025-26633 (CVSS score: 7.0), described by Microsoft as an improper neutralization vulnerability in Microsoft Management Console ( MMC ) that could allow an attacker to bypass a security feature locally. It was fixed by the company earlier this month as part of its Patch Tuesday update. Trend Micro has given the exploit the moniker MSC EvilTwin, tracking the suspected Russian activity cluster under the name Water...

The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl , also called Earth Kapre and Red Wolf, has a history of orchestrating corporate espionage attacks aimed at various entities in Canada, Germany, Norway, Russia, Slovenia, Ukraine, the United Kingdom, and the United States. It's known to be active since at least November 2018. Attack chains documented by Group-IB in 2020 entailed the use of spear-phishing emails bearing Human Resources (HR)-themed lures to activate the malware deployment process. Earlier this January, Huntress detailed attacks mounted by the threat actor targeting several organizations in Canada to deploy a loader dubbed RedLoader with "simple backdoor capabilities." Then l...

Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are ethers-provider2 and ethers-providerz , with the former downloaded 73 times to date since it was published on March 15, 2025. The second package, likely removed by the malware author themselves, did not attract any downloads. "They were simple downloaders whose malicious payload was cleverly hidden," ReversingLabs researcher Lucija Valentić said in a report shared with The Hacker News. "The interesting part lay in their second stage, which would 'patch' the legitimate npm package ethers , installed locally, with a new file containing the malicious payload. That patched file would ultimately serve a reverse shell." The development marks a new escalation of threat actors...

“A boxer derives the greatest advantage from his sparring partner…” — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn’t Blue’s first day and despite his solid defense in front of the mirror, he feels the pressure. But something changed in the ring; the variety of punches, the feints, the intensity – it’s nothing like his coach’s simulations. Is my defense strong enough to withstand this? He wonders, do I even have a defense? His coach reassures him “If it weren’t for all your practice, you wouldn’t have defended those first jabs. You’ve got a defense—now you need to calibrate it. And that happens in the ring.” Cybersecurity is no different. You can have your hands up—deploying the right architecture, policies, and security measures—but the smallest gap in your defense could let an attacker land a kn...

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783   (CVSS score: 8.3), has been described   as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). As is customary, Google did not reveal additional technical specifics about the nature of the attacks, the identity of the threat actors behind them, and who may have been targeted. The vulnerability has been plugged in Chrome version 134.0.6998.177/.178 for Windows. "Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild," the tech giant acknowledged in a terse advisory. It's worth noting that CVE-2025-2783 is the first activel...

When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon's 2024 Data Breach Investigations Report , 57% of companies experience over 20 insider-related security incidents a year, with human error involved in 68% of data breaches. With that, insider attacks result in the highest costs, averaging USD 4.99 million per attack, as per the 2024 Cost of a Data Breach Report by IBM Security.  What are insider threats? An insider threat originates from within an organization – it's the potential for anyone with authorized access to your critical systems to misuse their access, harming your organization. The worst part is that insiders are already within your IT perimeter and are familiar with your internal security prot...