-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Nov 27, 2025 Web Security / Zero Trust
Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at "login.microsoftonline[.]com" by only letting scripts from trusted Microsoft domains run. "This update strengthens security and adds an extra layer of protection by allowing only scripts from trusted Microsoft domains to run during authentication, blocking unauthorized or injected code from executing during the sign-in experience," the Windows maker said . Specifically, it only allows script downloads from Microsoft trusted CDN domains and inline script execution from a Microsoft trusted source. The updated policy is limited to browser-based sign-in experiences for URLs beginning with login.microsoftonline.com. Microsoft Entra External ID will not be affected. The change, which has been described as a proacti...
Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

Nov 27, 2025 Software Security / Patch Management
If you're using community tools like Chocolatey or Winget to keep systems updated, you're not alone. These platforms are fast, flexible, and easy to work with—making them favorites for IT teams. But there’s a catch... The very tools that make your job easier might also be the reason your systems are at risk. These tools are run by the community. That means anyone can add or update packages. Some packages may be old, missing safety checks, or changed by mistake or on purpose. Hackers look for these weak spots. This has already happened in places like NPM and PyPI. The same risks can happen with Windows tools too. To help you patch safely without slowing down, there’s a free webinar coming up . It’s led by Gene Moody, Field CTO at Action1 . He’ll walk through how these tools work, where the risks are, and how to protect your systems while keeping updates on track. In this session, he’ll test how safe these tools really are. You’ll get practical steps you can use right away—n...
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

Nov 27, 2025 Cybersecurity / Hacking News
Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and security teams are fighting back, shutting down fake networks, banning risky projects, and tightening digital defenses. Here’s a quick look at what’s making waves this week — the biggest hacks, the new threats, and the wins worth knowing about. Mirai-based malware resurfaces with new IoT campaign ShadowV2 Botnet Continues to Target IoT Devices The threat actors behind the Mirai-based ShadowV2 botnet have been observed infecting IoT devices across industries and continents. The campaign is said to have been active only during the Amazon Web Services (AWS) outage in late October 2025. It's assessed ...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Gainsight Expands Impacted Customer List Following Salesforce Security Alert

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

Nov 27, 2025 Ransomware / Cloud Security
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought. The company said Salesforce initially provided a list of 3 impacted customers and that it has "expanded to a larger list" as of November 21, 2025. It did not reveal the exact number of customers who were impacted, but its CEO, Chuck Ganapathi, said "we presently know of only a handful of customers who had their data affected." The development comes as Salesforce warned of detected "unusual activity" related to Gainsight-published applications connected to the platform, prompting the company to revoke all access and refresh tokens associated with them. The breach has been claimed by a notorious cybercrime group known as ShinyHunters (aka Bling Libra). A number of other precautionary steps have been enacted to contain the incident. This includes Zendesk, Gong.io, and HubSpot temporarily suspending their Gainsight...
Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets

Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets

Nov 26, 2025 Supply Chain / Malware
The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." The company told The Hacker News that org.mvnpm:posthog-node:4.18.1 was the only Java package identified so far. "This means the PostHog project has compromised releases in both the JavaScript/npm and Java/Maven ecosystems, driven by the same Shai Hulud v2 payload," the cybersecurity company said in a Tuesday update. It's worth noting that the Maven Central package is not published by PostHog itself. Rather, the "org.mvnpm" coordinates are generated via an automated mvnpm process that rebuilds npm packages as Maven artifacts. The Maven Central said...
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

Nov 26, 2025 Ransomware / Data Breach
South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. "This operation combined the capabilities of a major Ransomware-as-a-Service (RaaS) group, Qilin, with potential involvement from North Korean state-affiliated actors (Moonstone Sleet), leveraging Managed Service Provider (MSP) compromise as the initial access vector," Bitdefender said in a report shared with The Hacker News. Qilin has emerged as one of the most active ransomware operations this year, with the RaaS crew exhibiting "explosive growth" in the month of October 2025 by claiming over 180 victims . The group is responsible for 29% of all ransomware attacks, per data from NCC Group . The Romanian cybersecurity company said it decided to dig deeper after uncovering an unusual spike in ransomware victims from South Korea in September 2025, when it became the second-most affected countr...
When Your $2M Security Detection Fails: Can your SOC Save You?

When Your $2M Security Detection Fails: Can your SOC Save You?

Nov 26, 2025 AI Security / Enterprise Security
Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating resources further down the alert lifecycle to their superiors. As a result, most organizations' security investments are asymmetrical, robust detection tools paired with an under-resourced SOC, their last line of defense. A recent case study demonstrates how companies with a standardized SOC prevented a sophisticated phishing attack that bypassed leading email security tools. In this case study, a cross-company phishing campaign targeted C-suite executives at multiple enterprises. Eight different email security tools across these organizations failed to detect the attack, and phishing emails reached executive inboxes. However, each organization's SOC team detected the attack immediately after employees reported the suspicious emails. Why did all eight detection tools identica...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources