-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries

Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries

Sep 23, 2025 Financial Crime / Cryptocurrency
Law enforcement authorities in Europe have arrested five suspects in connection with an "elaborate" online investment fraud scheme that stole more than €100 million ($118 million) from over 100 victims in France, Germany, Italy, and Spain. According to Eurojust , the coordinated action saw searches in five places across Spain and Portugal, as well as in Italy, Romania and Bulgaria. Bank accounts and other financial assets associated with the cybercrime ring were frozen. The main perpetrator behind the operation has been accused of large-scale fraud and money laundering by running an online investment platform for several years, tricking unsuspecting individuals into parting with their funds by promising them high returns on investments in various cryptocurrencies. Once the deposits were made, the funds were transferred to bank accounts in Lithuania to launder them. Victims who attempted to withdraw their assets from the platform were asked to pay additional fees, after wh...
U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN

U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN

Sep 23, 2025 National Security / Threat Intelligence
The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security. "This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites," the Secret Service said . The devices were concentrated within a 35-mile (56 km) radius of the global meeting of the United Nations General Assembly in New York City. An investigation into the incident has been launched by the Secret Service's Advanced Threat Interdiction Unit. Aside from issuing anonymous telephonic threats, the sophisticated devices could be weaponized to conduct various attacks on the telecommunications infrastructure, including disabling cell phone towers, triggering a denial-of-service, and facilitating encrypted communication between potential threat actors and criminal...
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw

SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw

Sep 23, 2025 Vulnerability / Data Security
SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on susceptible systems. The vulnerability, tracked as CVE-2025-26399 (CVSS score: 9.8), has been described as an instance of deserialization of untrusted data that could result in code execution. It affects SolarWinds Web Help Desk 12.8.7 and all previous versions. "SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine," SolarWinds said in an advisory released on September 17, 2025. An anonymous researcher working with the Trend Micro Zero Day Initiative (ZDI) has been credited with discovering and reporting the flaw. SolarWinds said CVE-2025-26399 is a patch bypass for CVE-2024-28988 (CVSS score: 9.8), which, in turn, ...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation

Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation

Sep 23, 2025 DevOps Security / Cloud Security
Big companies are getting smaller, and their CEOs want everyone to know it . Wells Fargo has cut its workforce by 23% over five years, Bank of America has shed 88,000 employees since 2010, and Verizon's CEO recently boasted that headcount is "going down all the time." What was once a sign of corporate distress has become a badge of honor, with executives celebrating lean operations and AI-driven efficiency. But while C-suite leaders tout "doing more with less," CISOs are left with fewer resources, while every preventable security incident becomes exponentially costlier. With security teams already stretched thin and developer-to-security ratios reaching unsustainable levels, these workforce reductions push already distressed teams past their breaking point. Against this backdrop of workforce optimization, hardcoded secrets represent a particularly dangerous blind spot that can no longer be managed through manual processes and reactive firefighting. The Number...
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Sep 23, 2025 Botnet / Cloud Security
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes and co-opt them into a larger DDoS botnet. The cybersecurity company said it detected the malware targeting its honeypots on June 24, 2025. "At the center of this campaign is a Python-based command-and-control (C2) framework hosted on GitHub Codespaces," security researcher Nathaniel Bill said in a report shared with The Hacker News. "What sets this campaign apart is the sophistication of its attack toolkit. The threat actors employ advanced methods such as HTTP/2 Rapid Reset , a Cloudflare under attack mode ( UAM ) bypass, and large-scale HTTP floods, demonstrating a capabi...
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

Sep 23, 2025 Supply Chain Attack / Malware
GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack . This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA), granular tokens that will have a limited lifetime of seven days, and trusted publishing , which enables the ability to securely publish npm packages directly from CI/CD workflows using OpenID Connect (OIDC). Trusted publishing, besides eliminating the need for npm tokens, establishes cryptographic trust by authenticating each publish using short-lived, workflow-specific credentials that cannot be exfiltrated or reused. Even more significantly, the npm CLI automatically generates and publishes provenance attestations for the package. "Every package published via trusted publi...
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

Sep 23, 2025 SEO Poisoning / Malware
Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and Southeast Asia, particularly with a focus on Vietnam. The activity, dubbed Operation Rewrite , is being tracked by Palo Alto Networks Unit 42 under the moniker CL-UNK-1037, where "CL" stands for cluster and "UNK" refers to unknown motivation. The threat actor has been found to share infrastructure and architectural overlaps with an entity referred to as Group 9 by ESET and DragonRank . "To perform SEO poisoning, attackers manipulate search engine results to trick people into visiting unexpected or unwanted websites (e.g., gambling and porn websites) for financial gain," security researcher Yoav Zemah said . "This attack used a malicious native Internet Information Services ( IIS ) module called BadIIS." BadIIS is designed to i...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources