-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

Mar 12, 2026 Malware / Cybercrime
Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem. The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian cybersecurity company ZenoX. What makes VENON notable is that it shares behaviors that are consistent with established banking trojans targeting the region, such as Grandoreiro, Mekotio, and Coyote, specifically when it comes to features like banking overlay logic, active window monitoring, and a shortcut (LNK) hijacking mechanism. The malware has not been attributed to any previously documented group or campaign. However, an earlier version of the artifact, dating back to January 2026, has been found to expose full paths from the malware author's development environment. The paths repea...
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

Mar 12, 2026 Artificial Intelligence / Malware
Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163 . "Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to take," IBM X-Force researcher Golo Mühr said in a report shared with The Hacker News. Hive0163's operations are driven by extortion through large-scale data exfiltration and ransomware. The e-crime group is primarily associated with a wide range of malicious tools, including NodeSnake, Interlock RAT, JunkFiction loader, and Interlock ransomware. In one ransomware attack observed by the company in early 2026, the threat actor was observed deploying Slopoly during the post-exploitation phase so as to maintain persistent access to the compromised server for more than a week. Slo...
How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs

How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs

Mar 12, 2026 Malware Analysis / Threat Intelligence
Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that helps the SOC uncover real risk before it becomes credential theft, business interruption, and board-level fallout. Why Scaling Phishing Detection Has Become a Priority for Modern SOCs For many security teams, phishing is no longer a single alert to investigate — it is a continuous stream of suspicious links, login attempts, and user-reported messages that must be validated quickly. The problem is that most SOC workflows were never designed to handle this volume. Each investigation still requires time, context gathering, and manual validation, while attackers operate at machine speed. When phishing ...
cyber security

The AI Security Starter Pack

websiteWizAI Security / Cloud Security
Unlock 7 of the most widely used AI security resources in one place. Each asset provides practical tools for securing AI apps, models, and agents.
cyber security

11 real-world stories proving how identity drift opens active attack paths

websiteXM CyberIdentity Security / Exposure Management
Learn how attackers leverage privilege drift to reach critical assets across 11 architectural teardowns.
ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More

ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More

Mar 12, 2026 Cybersecurity / Hacking News
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how flimsy certain assumptions really are. A couple of things that make you stop mid-scroll and think, “wait… people are actually pulling this off?” There’s also the usual mix of strange corners of the ecosystem doing strange things — infrastructure behaving a little too professionally for comfort, tools showing up where they absolutely shouldn’t, and a few cases where the weakest link is still just… people clicking stuff they probably shouldn’t. Anyway. If you’ve got five minutes and a mild curiosity about what attackers, researchers, and the broader internet gremlins were up to lately, this week’...
Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload

Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload

Mar 12, 2026 Artificial Intelligence / Enterprise Security
The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecurity industry has focused on the front door of phishing defense: employee training, email gateways that filter known threats, and reporting programs that encourage users to flag suspicious messages. Far less attention has been paid to what happens after a report is filed, and how attackers exploit the investigation process that follows.  Alert fatigue in Security Operations Centers isn't just an operational inconvenience . It can become an attack surface. SOC teams increasingly report phishing campaigns that appear designed not only to compromise targets but also to overwhelm the analysts responsible for investigating them.  This shifts how organizations should think about phishing d...
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Mar 12, 2026 Vulnerability / Malware
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit . The vulnerability, tracked as CVE-2023-43010 , relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was addressed with improved handling.  "This fix associated with the Coruna exploit kit was shipped in iOS 17.2 on December 11th, 2023," Apple said in an advisory. "This update brings that fix to devices that cannot update to the latest iOS version." Fixes for CVE-2023-43010 were originally released by Apple in the following versions - iOS 17.2 and iPadOS 17.2 macOS Sonoma 14.2 Safari 17.2 The latest round of fixes brings it to older versions of iOS and iPadOS - iOS 15.8.7 and iPadOS 15.8.7 - iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPa...
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Mar 12, 2026 Malware / Mobile Security
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution , TaxiSpy RAT , BeatBanker , Mirax , and Oblivion RAT to full-fledged remote administration tools such as SURXRAT . PixRevolution, according to Zimperium, targets Brazil's Pix instant payment platform , hijacking victims' money transfers in real-time to route them to the threat actors instead of the intended payee. "This new strain of malware operates stealthily within the device until the moment the victim initiates a Pix transfer," security researcher Aazim Yaswant said . "What distinguishes this threat from conventional banking trojans is its fundamental design: a human or AI agent operator is actively engaged on the remote end, observing the victim's phone screen instantaneously, poised to act at ...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources