News

The Hacker News9h
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web ...
The Hacker News11h
Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, ...
The Hacker News14h
The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats
Government agencies are continuously targeted by advanced persistent threats (APTs) from nation-state adversaries, requiring ...
The Hacker News10h
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and ...
The Hacker News19h
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called ...
The Hacker News16h
Identity-First Security: A Multilayered Approach to Reducing Identity Attack Risk
Identities are today’s top attack vector. Here's how to build a layered security approach that reduces privilege risk across ...
The Hacker News3d
U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud
The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based ...
The Hacker News2d
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation
To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the ...
The Hacker News5d
How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds
The attack works by targeting session tokens. This enables the attackers to subvert even multi-factor authentication (MFA); ...
The Hacker News3d
New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data
New Rust-based EDDIESTEALER spreads via fake CAPTCHA pages, stealing credentials and bypassing Chrome encryption.
The Hacker News3d
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
ConnectWise breached by suspected nation-state actor in May 2025; Google Mandiant leads probe; flaw CVE-2025-3935 patched ...
The Hacker News4d
DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints
DragonForce exploited three SimpleHelp CVEs to hijack an MSP’s RMM tool, steal data, and deploy ransomware on customer ...