-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods

Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods

Jul 10, 2025 Cybercrime / Ransomware
The U.K. National Crime Agency (NCA) on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks & Spencer, Co-op, and Harrods. The arrested individuals include two men aged 19, a third aged 17, and a 20-year-old woman. They were apprehended in the West Midlands and London on suspicion of Computer Misuse Act offenses, blackmail, money laundering, and participating in the activities of an organized crime group. All four suspects were arrested from their homes and their electronic devices have been seized for further forensic analysis. Their names were not disclosed. "Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency's highest priorities," Deputy Director Paul Foster, head of the NCA's National Cyber Crime Unit, said in a statement. "Today's arrests are a significant step in that investigation ...
What Security Leaders Need to Know About AI Governance for SaaS

What Security Leaders Need to Know About AI Governance for SaaS

Jul 10, 2025 SaaS Security / Compliance
Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting summaries, and office suites such as Microsoft 365 contain AI assistance in writing and analysis. This trend of AI usage implies that the majority of businesses are awakening to a new reality: AI capabilities have spread across their SaaS stack overnight, with no centralized control. A recent survey found 95% of U.S. companies are now using generative AI, up massively in just one year. Yet this unprecedented usage comes tempered by growing anxiety. Business leaders have begun to worry about where all this unseen AI activity might lead. Data security and privacy have quickly emerged as top concerns, with many fearing that sensitive information could le...
New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App

New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App

Jul 10, 2025 Endpoint Security / Vulnerability
Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the cross‑platform SSH client and server‑management tool Termius in late May 2025. "ZuRu malware continues to prey on macOS users seeking legitimate business tools, adapting its loader and C2 techniques to backdoor its targets," researchers Phil Stokes and Dinesh Devadoss said . ZuRu was first documented in September 2021 by a user on Chinese question-and-answer website Zhihu as part of a malicious campaign that hijacked searches for iTerm2, a legitimate macOS Terminal app, to direct users to fake sites that tricked unsuspecting users into downloading the malware. Then in January 2024, Jamf Threat Labs said it discovered a piece of malware distributed via pirated macOS apps that s...
cyber security

The Systems That Power America Are Under Threat. Is Your ICS/OT Program Ready?

websiteSANS InstituteCritical infrastructure / Webinar
Discover where federal ICS programs are most exposed and what closing the skills gap requires in practice.
cyber security

Inside Device Code Phishing: Live Demos, Real Kits, and What's Next

websitePush SecurityPhishing Attack / Webinar
Device code attacks are up 37x this year, with 18+ kits in the wild. Now available on-demand.
AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs

AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs

Jul 10, 2025 Vulnerability / Hardware Security
Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The flaws, collectively called Transient Scheduler Attacks (TSA), manifest in the form of a speculative side channel in its CPUs that leverage execution timing of instructions under specific microarchitectural conditions. "In some cases, an attacker may be able to use this timing information to infer data from other contexts, resulting in information leakage," AMD said in an advisory. The company said issues were uncovered as part of a study published by Microsoft and ETH Zurich researchers about testing modern CPUs against speculative execution attacks like Meltdown and Foreshadow by stress testing isolation between security domains such as virtual machines, kernel, and processes. Following responsible disclosure in June 2024, the issues have been assigned the below CVE identifiers - CVE-2024-36350 (CVSS score: 5.6) ...
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

Jul 10, 2025 Kerberos / Active Directory
A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike . "A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization," ServiceNow said in a bulletin. "Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer instance data that is not intended to be accessible to them." Cybersecurity company Varonis, which discovered and reported the flaw in February 2024, said it could have been exploited by malicious actors to obtain unauthorized access to sensitive information, inclu...
Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

Jul 09, 2025 Cyber Threat / Malware
The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045 , where "TGR" stands for "temporary group" and "CRI" refers to "criminal motivation." The hacking group is also known as Prophet Spider and UNC961 , with one of its tools also used by an initial access broker called ToyMaker . "The group seems to follow an opportunistic approach but has attacked organizations in Europe and the U.S. in the following industries: financial services, manufacturing, wholesale and retail, high technology, and transportation and logistics," researchers Tom Marsden and Chema Garcia said . The abuse of ASP.NET machine keys in the wild was first documented by Microsoft in February 2025, with the c...
DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware

DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware

Jul 09, 2025 Malware / Cyber Espionage
A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts. The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat (APT) group called DoNot Team , which is also known as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and Viceroy Tiger. It's been assessed to be active since 2016. "DoNot APT is known for using custom-built Windows malware, including backdoors like YTY and GEdit, often delivered through spear-phishing emails or malicious documents," Trellix researchers Aniket Choukde, Aparna Aripirala, Alisha Kadam, Akhil Reddy, Pham Duy Phuc, and Alex Lanstein said . "This threat group typically targets government entities, foreign ministries, defense organizations, and NGOs especially those in South Asia and Europe." The attack chain commences with phishing emails that aim to trick rec...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources