News

The Hacker News6h
Security Tools Alone Don't Protect You — Control Effectiveness Does
Security has never been about simply having the right tools. It is about understanding whether those tools are ready for the ...
The Hacker News6h
38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
The scale of the campaign is reflected in the fact that over 38,000 distinct FreeDrain sub-domains hosting lure pages have ...
The Hacker News8h
Qilin Ransomware Ranked Highest in April 2025 with Over 45 Data Leak Disclosures
"From July 2024 to January 2025, Qilin's affiliates did not disclose more than 23 companies per month," the Singaporean ...
The Hacker News8h
SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
CVE-2025-32819 (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user ...
The Hacker News11h
MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware
MirrorFace deployed ROAMINGMOUSE and updated ANEL malware in March 2025 to target Japan and Taiwan's government systems ...
The Hacker News15h
Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware
The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an ...
The Hacker News16h
Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks
Europol dismantled six DDoS-for-hire services, arrested four, seized nine domains—disrupting attacks since 2022.
The Hacker News17h
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco fixes CVE-2025-20188, a 10.0 CVSS flaw tied to hardcoded JWT in wireless controllers, preventing root-level remote ...
The Hacker News17h
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) ...
The Hacker News1d
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
CVE-2025-27007 exploited in OttoKit WordPress plugin before v1.0.83 enables admin creation without authentication.
The Hacker News1d
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
All four vulnerabilities have been rectified by SysAid with the release of on-premise version 24.4.60 b16 in early March 2025 ...
The Hacker News1d
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
The exploitation of CVE-2025-29824 also points to the trend of ransomware actors using zero-days to infiltrate targets. Last ...