Collecting Cyber-News from over 60 sources

Tag: hacker

CISA warns of Chinese “BrickStorm” malware attacks on VMware servers

Dec 4, 2025 7:33 PM

Tags: attack, china, cisa, cybersecurity, hacker, infrastructure, malware, network, vmware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-chinese-brickstorm-malware-attacks-on-vmware-servers/
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

Dec 4, 2025 6:32 PM

Tags: breach, cctv, data, data-breach, hacker, leak, phone, ransomware

ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm. ASUS says a third-party breach exposed data after Everest ransomware leaked samples, claiming they have hacked ASUS, ArcSoft, and Qualcomm. ASUS says a supplier breach exposed some phone camera source code but did not affect products, internal systems, or…
Lawmakers question White House on strategy for countering AI-fueled hacks

Dec 4, 2025 5:37 PM

Tags: ai, hacker, strategy

The Trump administration has said little about how it will prevent hackers from abusing AI. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-anthropic-cyberattack-senate-letter-white-house/807044/
Critical React, Next.js flaw lets hackers execute code on servers

Dec 4, 2025 4:32 PM

Tags: authentication, flaw, hacker, remote-code-execution, vulnerability

A maximum severity vulnerability, dubbed ‘React2Shell’, in the React Server Components (RSC) ‘Flight’ protocol allows remote code execution without authentication in React and Next.js applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-react2shell-flaw-in-react-nextjs-lets-hackers-run-javascript-code/
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts”, and 15 More Stories

Dec 4, 2025 2:32 PM

Tags: cyber, exploit, finance, government, hacker, phishing, theft, tool, wifi, worm

Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds Critical…
Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment

Dec 4, 2025 1:32 PM

Tags: access, control, cyber, exploit, hacker, incident response, infrastructure, open-source, ransomware, threat, tool, vulnerability

Threat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. Huntress analysts have documented multiple incidents spanning September through November 2025 where attackers exploited critical vulnerabilities to gain initial access before deploying Velociraptor for persistent remote access and lateral movement.…
Hackers Weaponize Velociraptor DFIR for Stealthy C2 and Ransomware Deployment

Dec 4, 2025 1:32 PM

Tags: access, control, cyber, exploit, hacker, incident response, infrastructure, open-source, ransomware, threat, tool, vulnerability

Threat actors are increasingly weaponizing Velociraptor, a legitimate open-source digital forensics and incident response (DFIR) tool, to establish command-and-control (C2) infrastructure and facilitate ransomware attacks. Huntress analysts have documented multiple incidents spanning September through November 2025 where attackers exploited critical vulnerabilities to gain initial access before deploying Velociraptor for persistent remote access and lateral movement.…
‘MuddyWater’ Hackers Target Israeli Orgs With Retro Game Tactic

Dec 4, 2025 8:32 AM

Tags: apt, attack, hacker, iran, mobile, tactics

Iran’s top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/muddywater-hackers-israeli-orgs-retro-game
Hacker tarnen Schadsoftware als Kultspiel >>Snake<<

Dec 4, 2025 7:32 AM

Tags: hacker

Forscher des europäischen Sicherheitsanbieters ESET haben eine komplexe Cyberkampagne der iranischen Gruppe MuddyWater untersucht. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hacker-schadsoftware-snake
Hackers Actively Exploit New Windows LNK 0-Day Vulnerability

Dec 4, 2025 7:32 AM

Tags: cyber, exploit, flaw, hacker, malicious, vulnerability, windows, zero-day

A newly discovered security flaw in Windows shortcut files is being actively used by hackers to target diplomatic organisations. The vulnerability allows attackers to conceal malicious commands within shortcut files (.lnk), making them invisible to users. The Discovery and Initial Rejection The issue was first highlighted in March 2025 by researchers at Trend Micro. They…
Wie Unternehmen sich gegen neue KI-Gefahren wappnen

Dec 4, 2025 5:32 AM

Tags: ai, china, cyberattack, cyersecurity, hacker, hacking, injection, iran, ml, penetration-testing, phishing, risk, tool, vulnerability

KI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden.In der Welt der Cybersicherheit gibt es ein grundlegendes Prinzip, das auf den ersten Blick widersprüchlich klingen mag: ‘Wir hacken, bevor Cyberkriminelle die Gelegenheit dazu bekommen.” Um dies umzusetzen und Produktionsstraßen oder Maschinen zu schützen, setzen Unternehmen wie Siemens auf zwei…
Smashing Security podcast #446: A hacker doxxes himself, and social engineering-as-a-service

Dec 4, 2025 5:32 AM

Tags: breach, cybercrime, data, hacker, service, social-engineering

A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer… and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime and how next year could be even nastier than 2025. First seen…
Wie Unternehmen sich gegen neue KI-Gefahren wappnen

Dec 4, 2025 5:32 AM

Tags: ai, china, cyberattack, cyersecurity, hacker, hacking, injection, iran, ml, penetration-testing, phishing, risk, tool, vulnerability

KI ist nicht nur ein Tool für Hacker, sondern kann auch selbst zur Gefahr werden.In der Welt der Cybersicherheit gibt es ein grundlegendes Prinzip, das auf den ersten Blick widersprüchlich klingen mag: ‘Wir hacken, bevor Cyberkriminelle die Gelegenheit dazu bekommen.” Um dies umzusetzen und Produktionsstraßen oder Maschinen zu schützen, setzen Unternehmen wie Siemens auf zwei…
King Addons flaw lets anyone become WordPress admin

Dec 4, 2025 12:32 AM

Tags: cve, exploit, flaw, hacker, vulnerability, wordpress

Hackers are exploiting a King Addons flaw (CVE-2025-8489) that lets anyone register and instantly gain admin privileges on WordPress sites. Hackers are exploiting a critical vulnerability, tracked as CVE-2025-8489 (CVSS score of 9.8), in the WordPress plugin King Addons for Elementor that allows unauthenticated users to create admin accounts via a registration privilege bug. King…
‘ShadyPanda’ Hackers Weaponize Millions of Browsers

Dec 4, 2025 12:32 AM

Tags: browser, china, chrome, cyber, google, group, hacker, malicious, marketplace, microsoft, spy, threat

The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/shadypanda-hackers-weaponize-browsers
The Congressional remedy for Salt Typhoon? More information sharing with industry

Dec 2, 2025 8:49 PM

Tags: china, hacker, network

A year after Chinese hackers were found in U.S. telecom networks, Congress and federal agencies have taken few concrete actions to stop the next hack. First seen on cyberscoop.com Jump to article: cyberscoop.com/salt-typhoon-senate-commerce-hearing-fcc-telecom-cybersecurity/
Iran-linked hackers target Israeli, Egyptian critical infrastructure through phishing campaign

Dec 2, 2025 7:50 PM

Tags: government, hacker, infrastructure, iran, phishing, technology

Active between September 2024 and March 2025, the operation primarily targeted organizations in Israel’s technology, engineering, local government, educational and manufacturing sectors. First seen on therecord.media Jump to article: therecord.media/iran-linked-hackers-target-israel-egypt-phishing
How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers

Dec 2, 2025 6:49 PM

Tags: attack, cyber, cybersecurity, finance, hacker, ransomware, threat

As we look at the remainder of 2025 and beyond, the pace and sophistication of cyber attacks targeting the financial sector show no signs of slowing. In fact, based on research from Check Point’s Q2 Ransomware Report, the financial cybersecurity threat landscape is only intensifying. Gone are the days when the average hacker was a..…
How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers

Dec 2, 2025 6:49 PM

Tags: attack, cyber, cybersecurity, finance, hacker, ransomware, threat

As we look at the remainder of 2025 and beyond, the pace and sophistication of cyber attacks targeting the financial sector show no signs of slowing. In fact, based on research from Check Point’s Q2 Ransomware Report, the financial cybersecurity threat landscape is only intensifying. Gone are the days when the average hacker was a..…
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
Ukrainian Hackers Target Russian Aerospace and Defense Sectors

Dec 2, 2025 4:49 PM

Tags: attack, cyber, defense, group, hacker, intelligence, military, russia, strategy, threat, ukraine, warfare

Multiple Ukrainian hacktivist groups have launched an extensive spearphishing campaign targeting Russia’s critical aerospace and defence industries, according to a new threat intelligence report by Intrinsec. The coordinated attacks between June and September 2025 represent an escalating cyber warfare strategy aimed at disrupting Russian military capabilities and civilian aviation operations.”‹ The campaign involves several prominent…
Ukrainian Hackers Target Russian Aerospace and Defense Sectors

Dec 2, 2025 4:49 PM

Tags: attack, cyber, defense, group, hacker, intelligence, military, russia, strategy, threat, ukraine, warfare

Multiple Ukrainian hacktivist groups have launched an extensive spearphishing campaign targeting Russia’s critical aerospace and defence industries, according to a new threat intelligence report by Intrinsec. The coordinated attacks between June and September 2025 represent an escalating cyber warfare strategy aimed at disrupting Russian military capabilities and civilian aviation operations.”‹ The campaign involves several prominent…
Evilginx Attack Techniques Allow Hackers to Defeat MFA Through SSO Phishing

Dec 2, 2025 4:49 PM

Tags: attack, authentication, credentials, cyber, framework, hacker, login, mfa, open-source, phishing, threat

A sophisticated threat actor has been conducting a persistent phishing campaign against United States educational institutions since April 2025, leveraging the open-source Evilginx framework to bypass multi-factor authentication (MFA). The campaign, which has targeted at least 18 universities to date, utilizes adversary-in-the-middle (AiTM) techniques to intercept login credentials and session cookies by mimicking legitimate single…
Evilginx Attack Techniques Allow Hackers to Defeat MFA Through SSO Phishing

Dec 2, 2025 4:49 PM

Tags: attack, authentication, credentials, cyber, framework, hacker, login, mfa, open-source, phishing, threat

A sophisticated threat actor has been conducting a persistent phishing campaign against United States educational institutions since April 2025, leveraging the open-source Evilginx framework to bypass multi-factor authentication (MFA). The campaign, which has targeted at least 18 universities to date, utilizes adversary-in-the-middle (AiTM) techniques to intercept login credentials and session cookies by mimicking legitimate single…
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

Dec 2, 2025 3:49 PM

Tags: attack, backdoor, government, group, hacker, hacking, iran, technology

Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper.The activity has been attributed by ESET to a hacking group known as MuddyWater (aka Mango First seen…
Add-ons für Chrome und Edge: 4,3 Millionen Geräte per Update mit Malware infiziert

Dec 2, 2025 1:50 PM

Tags: browser, chrome, exploit, hacker, malware, update

Hacker haben über mehrere Jahre hinweg zunächst harmlose Erweiterungen für Chrome und Edge veröffentlicht. Doch dann sind Updates mit Schadcode gekommen. First seen on golem.de Jump to article: www.golem.de/news/add-ons-fuer-chrome-und-edge-4-3-millionen-geraete-per-update-mit-malware-infiziert-2512-202816.html
Iran Hackers Take Inspiration From Snake Video Game

Dec 2, 2025 12:49 PM

Tags: hacker, iran, malware, mobile, phone

MuddyWater Hides Malware With Game Delay Technique. Iranian nation-state hackers took inspiration from a mobile phone time-killing mainstay, say security researchers who spotted hackers downloading malware masquerading as the Snake video game. A callback to the game isn’t nostalgia, say researchers at Eset. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iran-hackers-take-inspiration-from-snake-video-game-a-30177