The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary files as system authority," according to an advisory for the flaw. It's worth noting that CVE-2025-4632 is a patch bypass for CVE-2024-7399, another path traversal flaw in the same product that was remediated by Samsung in August 2024. CVE-2025-4632 has since been exploited in the wild shortly after the release of a proof-of-concept (PoC) by SSD Disclosure on April 30, 2025, in some instances to even deploy the Mirai botnet. While it was initially assumed that the attacks were targeting CVE-2024-7399, cybersecurity company Huntress first revealed the exist...

At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver tracked as CVE-2025-31324 , indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the RansomExx ransomware family, which is traced by Microsoft under the moniker Storm-2460. BianLian is assessed to be involved in at least one incident based on infrastructure links to IP addresses previously identified as attributed to the e-crime group. "We identified a server at 184[.]174[.]96[.]74 hosting reverse proxy services initiated by the rs64.exe executable," the company said. "This server is related to another IP, 184[.]174[.]96[.]70, operated by the same hosting provider. The second IP had previously been flagged as a command-and-control (C2) server associat...

A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee . According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering services. "The USDT stablecoin is the primary payment method, with the market having received $8.4 billion in transactions to date," the company said . "Some transactions can be linked to funds stolen by North Korea." Xinbi, like HuiOne, has offered its services to scammers in Southeast Asia, including those responsible for so-called romance baiting schemes (formerly referred to as "pig butchering"), which has become one of the most lucrative forms of cybercrime in recent years. What's notable about these criminal bazaars is that they are entirely run on Tele...

A new global phishing threat called " Meta Mirage " has been uncovered, targeting businesses using Meta's Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing over sensitive details like passwords and security codes (OTP). The scale of this operation is alarming. Researchers have already identified over 14,000 malicious URLs , a concerning majority of which —nearly 78%— were not blocked by browsers at the time the report was published. Cybercriminals cleverly hosted fake pages leveraging trusted cloud platforms like GitHub, Firebase, and Vercel, making it harder to spot the scams. This method aligns closely with recent findings from Microsoft, which highlighted similar abuse of cloud hosting services to compromise Kubernetes appli...

A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers, while the second wave, referred to as TIDRONE, singled out the military industry. Earth Ammit is assessed to be connected to Chinese-speaking nation-state groups. "In its VENOM campaign, Earth Ammit's approach involved penetrating the upstream segment of the drone supply chain," security researchers Pierre Lee, Vickie Su, and Philip Chen said . "Earth Ammit's long-term goal is to compromise trusted networks via supply chain attacks, allowing them to target high-value entities downstream and amplify their reach." The TIDRONE campaign was first exposed by Trend Micro la...

Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%.  As attacks rise in volume and impact, many organizations turn to security tools and compliance standards as their first line of defense. While both are important and necessary components to mitigating cyber risk, they alone are not a silver bullet solution. Effective security requires people, process, and technology, but people must serve as the primary drivers. Your tools and checklists are only as strong as the practitioners implementing them at scale.  This heightens the importance of investing in offensive operations training across every role in the security function. Too often, offensive operation...

Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina. The campaign is "using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email credentials, harvest contact lists, and install banking trojans," Fortinet FortiGuard Labs researcher Cara Lin said . The activity, observed by the network security company in April 2025, has primarily singled out Spanish-speaking users. The attacks have also been found to send phishing messages from victims' mailboxes using Outlook COM automation, effectively propagating the malware laterally within corporate or personal networks. In addition, the threat actors behind the campaign execute various VBScript, AutoIt, and PowerShell scripts to conduct system reconnaissance, stea...