Search results for required urls for windows update | Breaking Cybersecurity News | The Hacker News

Behind every click, there's a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us. But security teams are fighting back. They're building faster defenses, better ways to spot attacks, and stronger systems to keep people safe. It's a constant race — every move by attackers sparks a new response from defenders. In this week's ThreatsDay Bulletin, we look at the latest moves in that race — from new malware and data leaks to AI tools, government actions, and major security updates shaping the digital world right now. U.K. moves to tighten cyber rules for key sectors U.K. Debuts Cyber Security and Resilience Bill The U.K. government has proposed a new Cyber Security and Resilience Bill that aims to strengthen national security and secure public services like healthcare, drinking wat...

This week showed just how fast things can go wrong when no one's watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms. It's not just about hacking anymore. Criminals are building systems to make money, spy, or spread malware like it's a business. And in some cases, they're using the same apps and services that businesses rely on — flipping the script without anyone noticing at first. The scary part? Some threats weren't even bugs — just clever use of features we all take for granted. And by the time people figured it out, the damage was done. Let's look at what really happened, why it matters, and what we should all be thinking about now. ⚡ Threat of the Week Silently Patched Fortinet Flaw Comes Under Attack — A vulnerability that was patched by Fortinet in FortiWeb Web Application Firewall (WAF) has been exploited in the wild since early October 2025 by threat actors to c...

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn't the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad fraud at scale behind innocent-looking icons. Meanwhile, ransomware gangs are getting smarter—using stolen drivers to shut down defenses—and threat groups are quietly shifting from activism to profit. Even browser extensions are changing hands, turning trusted tools into silent threats. AI is adding fuel to the fire—used by both attackers and defenders—while critical bugs, cloud loopholes, and privacy shakeups are keeping teams on edge. Let's dive into the threats making noise behind the scenes. ⚡ Threat of the Week Coinbase the Initial Target of GitHub Action Supply Chain Breach — The supply chain compromise...

What happens when cybercriminals no longer need deep skills to breach your defenses? Today's attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they're not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security unnoticed. This week's threats are a reminder: waiting to react is no longer an option. Every delay gives attackers more ground. ⚡ Threat of the Week Critical SAP NetWeaver Flaw Exploited as 0-Day — A critical security flaw in SAP NetWeaver (CVE-2025-31324, CVSS score: 10.0) has been exploited by unknown threat actors to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. The attacks have also been observed using the Brute Ratel C4 post-exploitation framework, as well as a well-known technique called Heaven's Gate to bypass endpoint protections. ...

Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here's how that false sense of security was broken again this week. ⚡ Threat of the Week Newly Patched Critical Microsoft WSUS Flaw Comes Under Attack — Microsoft released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability that has since come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week. According to Eye Security and Huntress, the security flaw is being weaponized to drop a .N...

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They're going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn't just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can become an entry point if it's left unpatched or overlooked. Here's a clear look at the week's biggest risks, from exploited network flaws to new global campaigns and fast-moving vulnerabilities. ⚡ Threat of the Week Flaws in Multiple Network Security Products Come Under Attack — Over the past week, Fortinet , SonicWall , Cisco , and WatchGuard said vulnerabilities in their products have been exploited by threat actors in real-world attacks. Cisco said attacks exploiting CVE-2025-20393, a critical flaw in AsyncOS, have been abused by a China-nexus advanced persistent threat (APT) actor cod...

Hackers aren't kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and "trusted" partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and servers are in play. Every story below is a reminder that your "safe" tools might be the real weak spot. ⚡ Threat of the Week Shai-Hulud Returns with More Aggression — The npm registry was targeted a second time by a self-replicating worm that went by the moniker "Sha1-Hulud: The Second Coming," affecting over 800 packages and 27,000 GitHub repositories. Like in the previous iteration, the main objective was to steal sensitive data like API keys, cloud credentials, and npm and GitHub authentication information, and facilitate deeper supply chain compromise in a worm-like fashion. Th...

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is " @vietmoney/react-big-calendar ," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on December 28, 2025, to version 0.26.2. The package has been downloaded 698 times since its initial publication. The latest version has been downloaded 197 times. Aikido, which spotted the package, said it has not spotted any major spread or infections following the release of the package. "This suggests we may have caught the attackers testing their payload," security researcher Charlie Eriksen said . "The differences in the code suggests that this was obfuscated again from the original source, not modified in place. This makes it highly unlikely to be a copy-ca...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities ( KEV ) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via system_settings.shtm. It impacts the following versions - OpenPLC ScadaBR through 1.12.4 on Windows OpenPLC ScadaBR through 0.9.1 on Linux The addition of the security defect to the KEV catalog comes a little over a month after Forescout said it caught a pro-Russian hacktivist group known as TwoNet targeting its honeypot in September 2025, mistaking it for a water treatment facility.  In the compromise aimed at the decoy plant, the threat actor is said to have moved from initial access to disruptive action in about 26 hours, using default credentials to obtain a foothold, followed by carrying...