-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Search results for "dump-process" powershell | Breaking Cybersecurity News | The Hacker News

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

May 29, 2025 Malware / Windows Security
Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet. The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file , providing information about the executable. While the DOS header makes the executable file backward compatible with MS-DOS and allows it to be recognized as a valid executable by the operating system, the PE header contains the metadata and information necessary for Windows to load and execute the program. "We discovered malware that had been running on a compromised machine for several weeks," researchers Xiaopeng Zhang and John Simmons from the FortiGuard Incident Response Team said in a report shared with The Hacker News. "The threat actor had executed a batch of scripts and PowerShell to run the malware in a Windows process." Fortinet said while it was unable to extract th...
5 Must-Have Tools for Effective Dynamic Malware Analysis

5 Must-Have Tools for Effective Dynamic Malware Analysis

Oct 02, 2024 Malware Analysis / Threat Detection
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five tools will help you achieve it with ease. 1. Interactivity Having the ability to interact with the malware and the system in real-time is a great advantage when it comes to dynamic analysis. This way, you can not only observe its execution but also see how it responds to your inputs and triggers specific behaviors.  Plus, it saves time by allowing you to download samples hosted on file-sharing websites or open those packed inside an archive, which is a common way to deliver payloads to victims. The initial phishing email containing the malicious pdf and password for the archive Check out this sandbox session in the ANY.RUN sandbox that shows how interactivity is used for analyzing th...
Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Dec 11, 2017
Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. Moscow-based security firm Group-IB published a 36-page report on Monday, providing details about the newly-disclosed hacking group, dubbed MoneyTaker , which has been operating since at least May 2016. In the past 18 months, the hacking group is believed to have conducted more than 20 attacks against various financial organisations—stolen more than $11 Million and sensitive documents that could be used for next attacks. According to the security firm, the group has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and SWIFT international bank messaging service (United States). " Criminals stole documentation for OceanSystems’ FedLink card processing system, which is used by 200 banks in Latin America...
cyber security

The Systems That Power America Are Under Threat. Is Your ICS/OT Program Ready?

websiteSANS InstituteCritical infrastructure / Webinar
Discover where federal ICS programs are most exposed and what closing the skills gap requires in practice.
cyber security

Inside Device Code Phishing: Live Demos, Real Kits, and What's Next

websitePush SecurityPhishing Attack / Webinar
Device code attacks are up 37x this year, with 18+ kits in the wild. Now available on-demand.
New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

May 30, 2025 Browser Security / Malware
A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as credentials, browser information, and cryptocurrency wallet details," Elastic Security Labs researcher Jia Yu Chan said in an analysis. The attack chains begin with threat actors compromising legitimate websites with malicious JavaScript payloads that serve bogus CAPTCHA check pages, which prompt site visitors to "prove you are not [a] robot" by following a three-step process, a prevalent tactic called ClickFix . This involves instructing the potential victim to open the Windows Run dialog prompt, paste an already copied command into the "verification window"...
ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

Nov 25, 2025 Malware / Vulnerability
The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target companies, including using a custom tool dubbed TCSectorCopy. "This attack allows them to obtain tokens for the OAuth 2.0 authorization protocol using the user's browser, which can be used outside the perimeter of the compromised infrastructure to access corporate mail," Kaspersky said in a technical breakdown. ToddyCat, assessed to be active since 2020, has a track record of targeting various organizations in Europe and Asia with various tools, Samurai and TomBerBil to retain access and steal cookies and credentials from web browsers like Google Chrome and Microsoft Edge. Earlier this April, the hacking group was attributed to the exploitation of a security flaw in ESET Command Line Scanner (CVE-2024-11859, CVSS score: 6.8) to deliver a previously undocumented malware codenamed TCESB.  Kaspersky said it detected in attacks that ...
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

Oct 31, 2025 Malware / Browser Security
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's tracking the cluster under the moniker CL-STA-1009 , where "CL" stands for cluster and "STA" refers to state-backed motivation. "Airstalk misuses the AirWatch API for mobile device management (MDM), which is now called Workspace ONE Unified Endpoint Management," security researchers Kristopher Russo and Chema Garcia said in an analysis. "It uses the API to establish a covert command-and-control (C2) channel, primarily through the AirWatch feature to manage custom device attributes and file uploads." The malware, which appears in PowerShell and .NET variants, makes use of a multi-threaded command-and-control (C2) communication protocol and is capable of capturing screenshots and harvesting cookies, browser history, bookmarks, and screenshots from web browse...
New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks

New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks

Aug 12, 2025 Cyber Espionage / Windows Security
A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks. "They repeatedly tried to extract the NTDS database from domain controllers -- the primary repository for user password hashes and authentication data in a Windows network," Bitdefender said in a report shared with The Hacker News. "Additionally, they attempted to dump LSASS memory from specific systems to recover active user credentials, potentially plain-text passwords, from machines where users were logged on." The activity, tracked by the Romanian cybersecurity company since mid-2024, has singled out judicial and government bodies in Georgia, as well as an energy distribution company in Moldova. "Regarding the timeline, while we have been tracking the campaign since mid-2024, our analysis of the artifacts indicates that activity began e...
Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit

Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit

Nov 17, 2022
Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022. "Cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence," CISA  noted . LogShell, aka  CVE-2021-44228 , is a critical remote code execution flaw in the widely-used Apache Log4j Java-based logging library. It was addressed by the open source project maintainers in December 2021. The latest development  marks  the  continued   ab...
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now

6 Browser-Based Attacks Security Teams Need to Prepare For Right Now

Sep 15, 2025 Browser Security / Phishing
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective.  What is a browser-based attack? First, it’s important to establish what a browser-based attack is. In most scenarios, attackers don’t think of themselves as attacking your web browser. Their end-goal is to compromise your business apps and data. That means going after the third-party services that are now the backbone of business IT. The most common attack path today sees attackers log into third-party services, dump the data, and monetize it through extortion. You need only look at last year’s Snowflake customer breaches or the still-ongoing Salesforce attacks to see the impact.  The most logical way to do this is by targeting users of those apps. And because of the changes to working practices, your users are more accessible than ever to external attackers — and ex...
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

Nov 24, 2025 Cybersecurity / Hacking News
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates. Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI risks, and attacks on developers are growing. Here’s what mattered most in security this week. ⚡ Threat of the Week Fortinet Warns of Another Silently Patched and Actively Exploited FortiWeb Flaw — Fortinet has warned that a new security flaw in FortiWeb has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0. It has been addressed in version 8.0.2. "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an a...
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

May 07, 2026 Hacking News / Cybersecurity News
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a Telegram account and too much free time. The worst part is how often this stuff still works. Meanwhile, AI tools are speeding up exploit hunting, browsers are keeping passwords sitting in memory for “performance reasons,” and even ransomware crews are pushing broken builds into the wild. Everybody’s scrambling to patch faster because attackers are automating faster. Anyway. ThreatsDay’s rough this week. Let’s get into it. Credential theft campaign New MicroStealer Spotted A new stealer called MicroStealer has been observed targeting education and telecom sectors to steal sensitive data. It was first observed in the wild in...
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

Jan 08, 2026 Cybersecurity / Hacking News
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits. Honeypot Traps Hackers Hackers Fall for Resecurity's Honeypot Cybersecurity company Resecurity revealed that it deliberately lured threat actors who claimed to be associated with Scattered LAPSUS$ Hunters ( SLH ) into a trap, after the group claimed on Telegram that it had hacked the company and stolen internal and client data. The company said it set up a honeytrap account populated with fake data designed to resemble real-world business data and planted a fake account on an underground marketplace for compromised credentials after it uncovered a threat actor attempting to conduct malicious activity targeting its resou...
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

Sep 08, 2025 Cybersecurity / Hacking News
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the Salesloft–Drift breach, where attackers stole OAuth tokens and accessed Salesforce data from some of the biggest names in tech. It’s a sharp reminder of how fragile integrations can become the weak link in enterprise defenses. Alongside this, we’ll also walk through several high-risk CVEs under active exploitation, the latest moves by advanced threat actors, and fresh insights on making security workflows smarter, not noisier. Each section is designed to give you the essentials—enough to stay informed and prepared, without getting lost in the noise. ⚡ Threat of the Week Salesloft to Take Drift Of...
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

Nov 27, 2025 Cybersecurity / Hacking News
Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and security teams are fighting back, shutting down fake networks, banning risky projects, and tightening digital defenses. Here’s a quick look at what’s making waves this week — the biggest hacks, the new threats, and the wins worth knowing about. Mirai-based malware resurfaces with new IoT campaign ShadowV2 Botnet Continues to Target IoT Devices The threat actors behind the Mirai-based ShadowV2 botnet have been observed infecting IoT devices across industries and continents. The campaign is said to have been active only during the Amazon Web Services (AWS) outage in late October 2025. It's assessed ...
Expert Insights Articles Videos
Cybersecurity Resources