hacker news

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records

Mar 27, 2025Ravie LakshmananEmail Security / Malware Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that…

Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks

Mar 27, 2025Ravie LakshmananEndpoint Security / Ransomware A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom…

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

Mar 27, 2025Ravie LakshmananMobile Security / Malware An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India’s public sector postal system as…

New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

Mar 27, 2025The Hacker NewsBrowser Security / Data Protection Whether it’s CRMs, project management tools, payment processors, or lead management tools – your workforce is using SaaS applications by the pound. Organizations often rely on…

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of…

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms

Mar 27, 2025Ravie LakshmananMalware / Website Security An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. “The threat actor…

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

Mar 27, 2025Ravie LakshmananVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog,…

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

Mar 27, 2025Ravie LakshmananVulnerability / Enterprise Security A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that’s used to manage data…

New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations

Mar 26, 2025Ravie LakshmananMalware / Vulnerability The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to…

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

Mar 26, 2025Ravie LakshmananWindows Security / Vulnerability The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and…

« Previous
1
…
123
124
125
126
127
…
333
Next »