hacking news

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday.…

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in…

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into…

How to Use Ringfencing to Prevent the Weaponization of Trusted Software

The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered…

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

Nov 19, 2025Ravie LakshmananCyber Espionage / Malware The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks. EdgeStepper “redirects all DNS queries…

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

Nov 19, 2025Ravie LakshmananAI Security / SaaS Security Malicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order…

Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Nov 19, 2025Ravie LakshmananVulnerability / Network Security Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS…

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled…

Meta Expands WhatsApp Security Research with New Proxy Tool and M in Bounties This Year

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

Nov 18, 2025Ravie LakshmananBug Bounty / Data Privacy Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program…

Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale

Nov 18, 2025The Hacker NewsCloud Security / Compliance You’ve probably already moved some of your business to the cloud—or you’re planning to. That’s a smart move. It helps you work faster, serve your customers better,…

« Previous
1
…
7
8
9
10
11
…
332
Next »