News

The Hacker News1h
Security Tools Alone Don't Protect You — Control Effectiveness Does
Security has never been about simply having the right tools. It is about understanding whether those tools are ready for the ...
The Hacker News1h
MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware
MirrorFace deployed ROAMINGMOUSE and updated ANEL malware in March 2025 to target Japan and Taiwan's government systems ...
The Hacker News5h
Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware
The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an ...
The Hacker News7h
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco fixes CVE-2025-20188, a 10.0 CVSS flaw tied to hardcoded JWT in wireless controllers, preventing root-level remote ...
The Hacker News6h
Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks
Europol dismantled six DDoS-for-hire services, arrested four, seized nine domains—disrupting attacks since 2022.
The Hacker News22h
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
CVE-2025-27007 exploited in OttoKit WordPress plugin before v1.0.83 enables admin creation without authentication.
The Hacker News1d
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
The exploitation of CVE-2025-29824 also points to the trend of ransomware actors using zero-days to infiltrate targets. Last ...
The Hacker News1d
Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection
A new report Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection analyzing gaps in SSE implementations ...
The Hacker News1d
NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware
A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary ...
The Hacker News1d
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
All four vulnerabilities have been rectified by SysAid with the release of on-premise version 24.4.60 b16 in early March 2025 ...
The Hacker News1d
Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added CVE-2025-27363 to its Known Exploited ...
The Hacker News1d
Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
PyPI package 'discordpydebug' hides a RAT, downloaded 11,574 times, using stealthy HTTP polling to bypass defenses.