The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That’s when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer experienced a security event over Easter weekend, they were forced to shut down their online operations, which account for approximately a third of the retailer's clothing and home sales. As most staff are away during off-hours and holidays, it takes time to assemble an incident response team and initiate countermeasures. This gives attackers more time to move laterally within the network and wreak havoc before the security team reacts. While not every organization may be ready to staff an in-house team around the clock, building a 24/7 SOC remains one of the most robust and proactive ways to protect against off-hours attacks. In the rest of this post, we’ll explore why 24/7 vigilance is so important, the challenges ...

Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. "Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks," Cloudflare's Omer Yoachimik said . "The 7.3 Tbps attack delivered 37.4 terabytes in 45 seconds." Earlier this January, the web infrastructure and security company said it had mitigated a 5.6 Tbps DDoS attack aimed at an unnamed internet service provider (ISP) from Eastern Asia. The attack originated from a Mirai-variant botnet in October 2024. Then in April 2025, Cloudflare revealed it defended against a massive 6.5 Tbps flood that likely emanated from Eleven11bot, a botnet comprising roughly 30,000 webcams and video recorders. The hyper-volumetric attack lasted about 49 seconds. The 7.3 Tbps...

Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead. The activity, codenamed Banana Squad by ReversingLabs, is assessed to be a continuation of a rogue Python campaign that was identified in 2023 as targeting the Python Package Index (PyPI) repository with bogus packages that were downloaded over 75,000 times and came with information-stealing capabilities on Windows systems. The findings build on a previous report from the SANS's Internet Storm Center in November 2024 that detailed a supposed "steam-account-checker" tool hosted on GitHub, which incorporated stealthy features to download additional Python payloads that can inject malicious code into the Exodus cryptocurrency wallet app and harvest sensitive data to an external server ("dieserbenni[.]ru"). Further analysis of the repository a...

Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns. "Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns," PRODAFT said in a report shared with The Hacker News. AntiDot is advertised as a "three-in-one" solution with capabilities to record the device screen by abusing Android's accessibility services, intercept SMS messages, and extract sensitive data from third-party applications. The Android botnet is suspected to be delivered via malicious advertising networks or through highly tailored phishing campaigns based on activity that indicates selective targeting of victims based on language and geographic location. AntiDot was first publicly documented in May 2024 after it was spotted being distribu...

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received a message from an external contact on Telegram. "The message requested time to speak to the employee, and the attacker sent a Calendly link to set up meeting time," security researchers Alden Schmidt, Stuart Ashenbrenner, and Jonathan Semon said . "The Calendly link was for a Google Meet event, but when clicked, the URL redirects the end user to a fake Zoom domain controlled by the threat actor." After several weeks, the employee is said to have joined a group Zoom meeting that included several deepfakes of known members of the senior leadership of their company, along with oth...

DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect test performance. A detailed analysis of secure vibe coding practices is available here . TL;DR: Secure Vibe Coding Vibe coding, using natural language to generate software with AI, is revolutionizing development in 2025. But while it accelerates prototyping and democratizes coding, it also introduces “silent killer” vulnerabilities: exploitable flaws that pass tests but evade traditional security tools. This article explores: Real-world examples of AI-generated code in production Shocking stats: 40% higher secret exposure in AI-assisted repos Why LLMs omit security unless explicitly prompted Secure prompting techniques and tool comparisons (GPT-4, Claude, Cursor, etc.) Reg...

Most cyberattacks today don’t start with loud alarms or broken firewalls. They start quietly—inside tools and websites your business already trusts. It’s called “ Living Off Trusted Sites ” (LOTS)—and it’s the new favorite strategy of modern attackers. Instead of breaking in, they blend in. Hackers are using well-known platforms like Google, Microsoft, Dropbox, and Slack as launchpads. They hide malicious code inside routine traffic, making it incredibly difficult for traditional defenses to detect them. And here’s the scary part: many security teams don’t even realize it’s happening—until it’s too late. Why You’re Not Seeing These Attacks LOTS tactics don’t look suspicious at first glance. There’s no malware signature to flag, and no unusual IP address to trace. It’s legitimate traffic—until it’s not. Attackers are exploiting: Common business tools like Teams, Zoom, and GitHub Shortened or vanity URLs to redirect users Trusted cloud services to host malicious payloads ...