-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

Nov 22, 2025 Cyber Espionage / Cloud Security
The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between 2024 and 2025 while staying undetected for extended periods of time. "In the period from 2024 to 2025, the Russian IT sector, especially companies working as contractors and integrators of solutions for government agencies, faced a series of targeted computer attacks," Positive Technologies researchers Daniil Grigoryan and Varvara Koloskova said in a technical report. APT31, also known as Altaire, Bronze Vinewood, Judgement Panda, PerplexedGoblin, RedBravo, Red Keres, and Violet Typhoon (formerly Zirconium), is assessed to be active since at least 2010. It has a track record of striking a wide range of sectors, including governments, financial, and aerospace and defense, high tech, construction and engineering, telecommunications, media, and insurance. The cyber espionage group is primarily focused ...
Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Nov 22, 2025 Browser Security / Cybercrime
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. "This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems," Blackfog researcher Brenda Robb said in a Thursday report. In these attacks, prospective targets are tricked into allowing browser notifications through social engineering on malicious or legitimate-but-compromised websites. Once a user agrees to receive notifications from the site, the attackers take advantage of the web push notification mechanism built into the web browser to send alerts that look like they have been sent by the operating system or the browser itself, leveraging trusted branding, familiar logos, and convincing language to maintain the ruse. These include alerts about, say, suspicious logins or browser updates, along with ...
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

Nov 22, 2025 Zero-Day / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated remote code execution. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.1.0. It was addressed by Oracle as part of its quarterly updates released last month. "Oracle Fusion Middleware contains a missing authentication for a critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager," CISA said. Searchlight Cyber researchers Adam Kues and Shubham Shah, who discovered the flaw, said it can permit an attacker to access API endpoints that, in turn, can allow them "to manipulate authentication flows, escalate privileges, and ...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Nov 21, 2025 Vulnerability / Threat Mitigation
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115 , carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management ( SCIM ) component that allows automated user provisioning and management. First introduced in April 2025, it's currently in public preview. "In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow for overriding internal user IDs and lead to impersonation or privilege escalation," Grafana's Vardan Torosyan said . That said, successful exploitation hinges on both conditions being met - enableSCIM feature flag is set to true user_sync_enabled config option in the [auth.scim] bl...
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Nov 21, 2025 Data Protection / Technology
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple's equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices. The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad, and macOS devices, with plans to expand to additional Android devices in the future. In order to transfer a file from a Pixel 10 phone over AirDrop, the only caveat is that the owner of the Apple device is required to make sure their iPhone (or iPad or Mac) is discoverable to anyone – which can be enabled for 10 minutes. Likewise, to receive content from an Apple device, Android device users will need to adjust their Quick Share visibility settings to Everyone for 10 minutes or be in Receive mode on the Quick Share page, according to a support document published by Google. "We built Quick Share's interoperability...
Why IT Admins Choose Samsung for Mobile Security

Why IT Admins Choose Samsung for Mobile Security

Nov 21, 2025 Mobile Security / Data Protection
Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have. Mobile devices are essential for modern work—but with mobility comes risk. IT admins, like you, juggle protecting sensitive data while keeping teams productive. That’s why more enterprises are turning to Samsung for mobile security. Hey—you're busy, so here's a quick-read article on what makes Samsung Galaxy devices and Knox Suite really stand out. Security built in. Management simplified. Samsung Galaxy devices come with Samsung Knox built in at the manufacturing stage, creating a hardware foundation that extends visibility and control across your security infrastructure. Simplified management with Knox Suite: Samsung’s all-in-one package to manage and secure work devices grants centralized control without the need for extra tools or workflows (that got your attention!). Integrated security: Samsung Knox is built into both hardware and software, giving multi-la...
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

Nov 21, 2025 Malware / Threat Intelligence
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign. "While earlier operations relied on broad strategic web compromises to compromise legitimate websites, APT24 has recently pivoted to using more sophisticated vectors targeting organizations in Taiwan," Google Threat Intelligence Group (GTIG) researchers Harsh Parashar, Tierra Duncan, and Dan Perez said . "This includes the repeated compromise of a regional digital marketing firm to execute supply chain attacks and the use of targeted phishing campaigns." APT24, also called Pitty Tiger, is the moniker assigned to a suspected Chinese hacking group that has targeted government, healthcare, construction and engineering, mining, non-profit, and telecommunications sectors in the U.S. and Taiwan. The group is also known to engage in cyber operations wh...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources