Tag: hacker
-
Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn
Iranian government hackers are launching disruptive cyberattacks on American energy and water infrastructure, U.S. government agencies “urgently” warned Tuesday. The hackers are taking aim at devices and systems that control industrial processes, and have harmed victims in the last month following the onset of U.S.-Israel strikes against Iran, according to the joint alert from the…
-
Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn
Iranian government hackers are launching disruptive cyberattacks on American energy and water infrastructure, U.S. government agencies “urgently” warned Tuesday. The hackers are taking aim at devices and systems that control industrial processes, and have harmed victims in the last month following the onset of U.S.-Israel strikes against Iran, according to the joint alert from the…
-
Iranian hackers launching disruptive attacks at U.S. energy, water targets, feds warn
Iranian government hackers are launching disruptive cyberattacks on American energy and water infrastructure, U.S. government agencies “urgently” warned Tuesday. The hackers are taking aim at devices and systems that control industrial processes, and have harmed victims in the last month following the onset of U.S.-Israel strikes against Iran, according to the joint alert from the…
-
Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware
REF1695 hackers spread Monero mining malware via fake non-profit installers, using stealth tactics to evade detection and hijack systems for profit. First seen on hackread.com Jump to article: hackread.com/hackers-non-profit-developers-monero-mining-malware/
-
US warns of Iranian hackers targeting critical infrastructure
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-warns-of-iranian-hackers-targeting-critical-infrastructure/
-
Russian government hackers broke into thousands of home routers to steal passwords
Fancy Bear, also known as APT28, has taken over thousands of residential home routers to steal passwords and authentication tokens in a wide-ranging espionage operation. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/07/russian-government-hackers-broke-into-thousands-of-home-routers-to-steal-passwords/
-
Max severity Flowise RCE vulnerability now exploited in attacks
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-flowise-rce-vulnerability-now-exploited-in-attacks/
-
Russian hackers hijack internet traffic using vulnerable routers
The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/07/russian-hackers-router-hijacking-dns-credential-theft/
-
Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russia-apt28-hijack-routers-uk-ncsc/
-
React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data
The stolen information could help the hackers plan follow-up attacks and breach more organizations, Cisco researchers said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/credential-harvesting-campaign-react2shell-cisco/816726/
-
Kubernetes Flaws Let Hackers Jump From Containers to Cloud Accounts
Hackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high”‘value cloud accounts, turning a single compromised pod into full cloud”‘level access. This trend is accelerating rapidly, with Kubernetes”‘related identity abuse and token-theft operations growing sharply across enterprise environments. Kubernetes now underpins many large”‘scale applications, making it a prime target for attackers who want…
-
Fake Gemini npm Package Steals AI Tool Tokens
Hackers are abusing a fake Gemini-themed npm package to steal tokens and secrets from developers using AI coding tools like Claude, Cursor, Windsurf, PearAI, and others. The README text was copied from the unrelated chai-await-async library, a mismatch that should have been a red flag for careful reviewers. Code analysis showed the package contacting a Vercel-hosted endpoint, server-check-genimi.…
-
Hackers Exploit Next.js React2Shell Vulnerability, Breach 766 Hosts in 24 Hours
Hackers are abusing a critical React2Shell vulnerability in Next.js applications to run an automated credential”‘theft operation that has already compromised at least 766 servers in under 24 hours. The threat activity is tracked as “UAT”‘10608”. It relies on a custom framework dubbed NEXUS Listener to systematically harvest and organize stolen secrets at scale. Cisco Talos describes UAT”‘10608…
-
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows
Hackers are using a deceptive technique known as “ClickFix” to deliver a sophisticated Node. js-based remote access Trojan (RAT) targeting Windows users. ClickFix, which gained popularity in early 2025, tricks users into interacting with fake CAPTCHA or verification prompts. In this latest campaign, attackers lure victims into executing malicious commands that silently install malware disguised…
-
Iran-Linked Hackers Hit M365 Tenants in Middle East Password Spray Campaign
Iran-linked threat actors have launched a coordinated password-spraying campaign targeting Microsoft 365 environments across the Middle East, according to new findings. The activity, observed throughout March 2026, unfolded in three distinct waves on March 3, March 13, and March 23. The campaign primarily targeted organizations in Israel and the United Arab Emirates, impacting more than…
-
Phishing LNK files and GitHub C2 power new DPRK cyber attacks
DPRK-linked hackers use GitHub C2s, starting attacks via phishing LNK files that drop a PDF and PowerShell script in South Korea. North Korea-linked threat actors target South Korean organizations using GitHub as C2 servers. The attack chain starts with phishing emails carrying obfuscated LNK files that drop a decoy PDF and a PowerShell script to…
-
The Value of Immutability with Object First
IT security teams today must have the feeling of a target on their back. It is not paranoia. Hackers target backup storage in nearly every single ransomware incident because they know that if they kill your safety net, you are likely to pay up. I have seen too many smart admins lose sleep wondering if..…
-
North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making
North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer’s computer in a long-running campaign. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/06/north-koreas-hijack-of-one-of-the-webs-most-used-open-source-projects-was-likely-weeks-in-the-making/
-
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
Threat actors likely associated with the Democratic People’s Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea.The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF First seen on thehackernews.com…
-
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist
Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on April 1, 2026, and is already being described as the largest decentralized finance (DeFi) hack of the year. Drift Protocol quickly…
-
Hackers threaten to leak data after cyberattack on German party Die Linke
Die Linke confirmed in late March that its IT infrastructure had been hit by what it described as a “serious cyberattack.” First seen on therecord.media Jump to article: therecord.media/hackers-threaten-to-leak-german-political-party-data
-
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
GitHub as C2: Researchers also highlighted the campaign’s use of GitHub as a C2 layer. Rather than communicating with suspicious-looking or newly registered domains, the malware interacts with GitHub repositories and APIs to receive instructions and exfiltrate data.”The fact that this shortcut file creates a chain that ultimately reaches out to a GitHub repository, and…
-
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
GitHub as C2: Researchers also highlighted the campaign’s use of GitHub as a C2 layer. Rather than communicating with suspicious-looking or newly registered domains, the malware interacts with GitHub repositories and APIs to receive instructions and exfiltrate data.”The fact that this shortcut file creates a chain that ultimately reaches out to a GitHub repository, and…
-
GitHub-Backed Malware Spread via LNK Files in South Korea
Hackers are abusing Windows shortcut files and GitHub to run a stealthy, multi”‘stage malware campaign against organizations in South Korea. The operation chains LNK files, PowerShell, and GitHub APIs to deliver surveillance tools while blending into normal enterprise traffic.The campaign begins with weaponized LNK files that contain hidden scripts instead of simple shortcuts. These older…
-
Alleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown Effort
German authorities have officially put a face to one of the most notorious names in cybercrime. The German Federal Criminal Police (BKA) recently identified 31-year-old Russian national Daniil Maksimovich Shchukin as the man behind the hacker alias >>UNKN.<< According to the BKA, Shchukin led the infamous GandCrab and REvil ransomware operations. Working alongside 43-year-old Anatoly…
-
Google’s Bug Bounty Program Hits Record $17 Million in 2025 Payouts
Google has announced a record-breaking year for its Vulnerability Reward Program (VRP). In 2025, the tech giant paid out more than $17 million to ethical hackers worldwide to help secure its platforms. This major milestone marks a massive 40% increase compared to 2024 and perfectly aligns with the program’s 15th anniversary. Over 700 security researchers…
-
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across…