The Hacker News

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft ...
The Hacker News

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

New hacking cluster exploits web servers and Mimikatz to infiltrate Asian infrastructure for long-term espionage in aviation, ...
The Hacker News

Can the Security Platform Finally Deliver for the Mid-Market?

Bitdefender GravityZone webinar shows how mid-market teams consolidate security tools to reduce complexity and improve ...
The Hacker News

Why CVSS Scores Don't Tell the Real Story of Risk

CVSS severity scores often mislead vulnerability prioritization when business context is ignored, leaving critical exposures ...
The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.
The Hacker News

âš¡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.
The Hacker News

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

UNC4899 breached a crypto firm via AirDrop malware and cloud exploitation in 2025, stealing millions through Kubernetes and Cloud SQL abuse.
The Hacker News

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Anthropic’s Claude Opus 4.6 AI found 22 Firefox vulnerabilities, including 14 high severity, helping Mozilla patch flaws in Firefox 148.
The Hacker News

The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity

AI-powered risk management helps MSPs automate assessments, manage compliance, and scale cybersecurity services with ...
The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...
The Hacker News

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

Researchers uncover APT28-linked phishing attacks against Ukrainian targets deploying BadPaw loader and MeowMeow backdoor for ...
The Hacker News

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

Researchers link Silver Dragon APT to APT41 after attacks on government entities using Cobalt Strike, DNS tunneling, and ...