-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

"Getting to Yes": An Anti-Sales Guide for MSPs

"Getting to Yes": An Anti-Sales Guide for MSPs

Dec 05, 2025 Business Continuity / Compliance
Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That’s why we created ”Getting to Yes”: An Anti-Sales Guide for MSPs . This guide helps service providers transform resistance into trust and turn sales conversations into long-term partnerships. In the guide, you’ll learn how to shift from persuasion to partnership, uncover what really drives objections, and lead with credibility as a trusted cyber advisor. Why Traditional Cybersecurity Sales Strategies Don’t Work Today’s buyers aren’t saying “no” to your services because they don’t care about security. They’re saying “no” because they don’t understand what they’re hearing. Most SMBs already know cybersecurity is important. In fact, 57% call it a top priority. However, they’re lost in complexity, jargon, and vendor noise. Wh...
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

Dec 05, 2025 Network Security / Zero-Day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems. "BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments," the agency said . "BRICKSTORM enables cyber threat actors to maintain stealthy access and provides capabilities for initiation, persistence, and secure command-and-control." Written in Golang, the custom implant essentially gives bad actors interactive shell access on the system and allows them to browse, upload, download, create, delete, and manipulate files The malware, mainly used in attacks targeting governments and information technology (IT) sectors, also supports multiple protocols, such as HTTPS, WebSockets, and nested Transport Layer Security (TLS), for command-and-control (C2), DNS-o...
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

Dec 05, 2025 Vulnerability / Network Security
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It's rooted in Array's DesktopDirect, a remote desktop access solution that allows users to securely access their work computers from any location. "Exploitation of this vulnerability could allow attackers to execute arbitrary commands," JPCERT/CC said . "This vulnerability affects systems where the 'DesktopDirect' feature, which provides remote desktop access, is enabled." The agency said it has confirmed incidents in Japan that have exploited the shortcoming after August 2025 to drop web shells on susceptible devices. The attacks have originated from the IP address " 194.233.100[.]138 ." There are currently no details available on the scale of the...
cyber security

Take the AI Sprawl CISO Survey. Get fast track to BlackHat swag

websiteRecoAI Security / SaaS Security
Answer questions on AI sprawl. First access to the peer benchmark report.
cyber security

Zscaler ThreatLabz 2026 VPN Risk Report with Cybersecurity Insiders

websiteZscalerAI Security / Network Security
VPN Risk Report reveals attackers using AI to move at machine speed, leaving legacy VPNs exposed.
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

Dec 04, 2025 Endpoint Security / Cybercrime
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos 4.0), a known malware associated with the Chinese cybercrime group. The activity has been underway since November 2025. "This campaign targets Chinese-speaking users, including those within Western organizations operating in China, using a modified 'ValleyRAT' loader containing Cyrillic elements – likely an intentional move to mislead attribution," ReliaQuest researcher Hayden Evans said in a report shared with The Hacker News. ValleyRAT, a variant of Gh0st RAT, allows threat actors to remotely control infected systems, exfiltrate sensitive data, execute arbitrary commands, and maintain long-ter...
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories

Dec 04, 2025 Cybersecurity / Hacking News
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds Critical yETH Exploit Used to Steal $9M A critical exploit targeting Yearn Finance's yETH pool on Ethereum has been exploited by unknown threat actors, resulting in the theft of approximately $9 million from the protocol. The attack is said to have abused a flaw in how the protocol manages its internal accounting, stemming from the fact that a cache containing calculated values to save on gas fees was never cleared when the pool was completely emptied. "The attacker achieved this by minting an astronomical number of tokens – 235 septillion yETH (a 41-digit number) – while depositing only 16 wei, worth approxim...
5 Threats That Reshaped Web Security This Year [2025]

5 Threats That Reshaped Web Security This Year [2025]

Dec 04, 2025 Web Security / Data Privacy
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies. Here are the five threats that reshaped web security this year, and why the lessons learned will define digital protection for years to come. 1. Vibe Coding Natural language coding, " vibe coding " , transformed from novelty to production reality in 2025, with nearly 25% of Y Combinator startups using AI to build core codebases. One developer launched a multiplayer flight simulator in under three hours, eventually scaling it to 89,000 players and generating thousands in monthly revenue. The Result Code that functions perfectly yet contains exploitable flaws, bypassing traditional security tools. AI generates what you ask for, not what you forget...
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Dec 04, 2025 Cybercrime / Mobile Security
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity , observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical report published Wednesday. Assessed to be active as far back as June 2023, GoldFactory first gained attention early last year, when the Singapore-headquartered cybersecurity company detailed the threat actor's use of custom malware families like GoldPickaxe, GoldDigger, and GoldDiggerPlus targeting both Android and iOS devices. Evidence points to GoldFactory being a well-organized Chinese-speaking cybercrime group with close connections to Gigabud , another Android malware that was spotted in mid-2023. Despite major disparities in their codebases, both GoldDigger and Gigabud have bee...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources