Search results for sns | Breaking Cybersecurity News | The Hacker News

A malicious Python script known as  SNS Sender  is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service ( SNS ). The SMS phishing messages are designed to propagate malicious links that are designed to capture victims' personally identifiable information (PII) and payment card details, SentinelOne  said  in a new report, attributing it to a threat actor named ARDUINO_DAS. "The smishing scams often take the guise of a message from the United States Postal Service (USPS) regarding a missed package delivery," security researcher Alex Delamotte said. SNS Sender is also the first tool observed in the wild that leverages AWS SNS to conduct SMS spamming attacks. SentinelOne said that it identified links between ARDUINO_DAS and more than 150 phishing kits offered for sale. The malware requires a list of phishing links stored in a file named links.txt in its working directory, in addit...

In the recent months I had the opportunity to conduct an interesting study on the use of Social Media in the Military Sector, large diffusion of media platforms makes them very attractive for governments and intelligence agencies . Social media platforms reveal enormous potentiality that could be exploited also in critical sectors such as military and defense. Modern social media networks are actively used by every government, the US, China and Russia are the most active in this field, but also emerging cyber countries like Iran and North Korea demonstrates an increasing interest in the matter. The principal uses of social media for government are Psychological Operations (PsyOps) OSInt Cyber espionage Offensive purposes On May 10th the Illinois Air National Guard 183rd Fighter Wing published a notice in the monthly issue of a newsletter titled Falcon View. The notice, that seems to be authentic, dedicates a paragraph to the use of social networking sites for...

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News. Examples of the services used to facilitate the en masse distribution of SMS messages include Amazon Simple Notification Service (SNS), Nexmo, Plivo, Proovl, Send99, Telesign, Telnyx, TextBelt, Twilio. It's important to note here that the activity does not exploit any inherent weaknesses in these providers. Rather, the tool uses legitimate APIs to conduct bulk SMS spam attacks. It joins tools like SNS Sender that have increasingly become a way to send bulk smishing messages and ultimately capture sensitive information from targets. Distributed via Telegram and hacking fo...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn't the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad fraud at scale behind innocent-looking icons. Meanwhile, ransomware gangs are getting smarter—using stolen drivers to shut down defenses—and threat groups are quietly shifting from activism to profit. Even browser extensions are changing hands, turning trusted tools into silent threats. AI is adding fuel to the fire—used by both attackers and defenders—while critical bugs, cloud loopholes, and privacy shakeups are keeping teams on edge. Let's dive into the threats making noise behind the scenes. ⚡ Threat of the Week Coinbase the Initial Target of GitHub Action Supply Chain Breach — The supply chain compromise...

With countless web apps and online services launching every day, there is an increasing demand for cloud developers. This exciting niche is due to grow rapidly over the next few years, and the paycheck should follow suit. If you want to build a career in this lucrative niche, it pays to know AWS (Amazon Web Services). With the AWS Certified Architect Developer Bundle 2019 , you get seven courses and over 51 hours of video tutorials that are working towards official exams. It's worth nearly $1,000, but you can get the training now for only $35 for a limited time . According to Synergy Research , Amazon Web Services has a massive 35% share of the cloud computing market. The platform plays host to millions of clients and dozens of multinationals, including Adobe, LinkedIn, GE, and Netflix. As a certified AWS expert, you put yourself first in line for exciting opportunities at these major companies. AWS Certification Training – 7 In-Depth Online Courses If you're...

Cybersecurity leaders aren't just dealing with attacks—they're also protecting trust, keeping systems running, and maintaining their organization's reputation. This week's developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow.  Just fixing problems isn't enough anymore—resilience needs to be built into everything from the ground up. That means better systems, stronger teams, and clearer visibility across the entire organization. What's showing up now isn't just risk—it's a clear signal that acting fast and making smart decisions matters more than being perfect. Here's what surfaced—and what security teams can't afford to overlook. ⚡ Threat of the Week Microsoft Fixes 5 Actively Exploited 0-Days — Microsoft addressed a total of 78 security flaws in its Patch Tuesday update for May 2025 last week, out of which five of them have come under active exploitation in the wild. The vulnerabilities include CVE-2025-30397, CVE-2025-...