Tag: hacker
-
Water Saci Hackers Use WhatsApp to Deploy Persistent SORVEPOTEL Malware
Trend Micro Research has identified a significant evolution in the aggressive Water Saci malware campaign, revealing a new infection chain that abandons traditional .NET-based delivery methods in favor of sophisticated script-driven techniques. On October 8, 2025, researchers discovered file downloads originating from WhatsApp Web sessions that utilize Visual Basic Script downloaders and PowerShell scripts to…
-
Critical Dell Storage Bugs Open Door to Remote Attacks
Severe bugs in Dell Storage Manager let hackers bypass authentication and gain remote access. Patch now to secure enterprise storage systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/dell-storage-vulnerabilities/
-
Ransomware profits drop as victims stop paying hackers
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers’ demands. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-profits-drop-as-victims-stop-paying-hackers/
-
Chrome 0-Day Exploited by Mem3nt0 Mori in Espionage Attacks
Hackers exploit a Chrome 0-day to deploy spyware in attacks tied to Mem3nt0 Mori. Google patches CVE-2025-2783; users urged to update fast. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/chrome-zero-day-exploit-spyware/
-
Hackers Target 81% of Routers with Default Admin Passwords
The latest 2025 Broadband Genie router security survey reveals alarming trends in network security awareness among internet users. This year’s results, while showing marginal improvements in some areas, underscore the persistent gap between knowing how to secure a network and actually taking action. The research team conducted their fourth comprehensive router security survey to compare…
-
Critical Chrome 0-Day Under Attack: Mem3nt0 Mori Hackers Actively Exploiting Vulnerability
In March 2025, security researchers at Kaspersky detected a sophisticated campaign exploiting a previously unknown Chrome vulnerability to deliver advanced spyware to high-profile targets. The attack, dubbed Operation ForumTroll, leveraged personalized phishing links to compromise organizations across Russia, including media outlets, universities, research centers, government agencies, and financial institutions. A single click on a malicious…
-
Bionic Hackbots Rise, Powerful Partners to Humans
The rapid rise of AI and automation has helped create a new breed of researcher, the bionic hacker. Think of a Steve Austen-type researcher, only instead of body parts replaced by machines, human creativity is being augmented by automation. These bionic hackers use “AI as a catalyst, accelerating recon, triage, scaling pattern recognition, and.. First…
-
Bionic Hackbots Rise, Powerful Partners to Humans
The rapid rise of AI and automation has helped create a new breed of researcher, the bionic hacker. Think of a Steve Austen-type researcher, only instead of body parts replaced by machines, human creativity is being augmented by automation. These bionic hackers use “AI as a catalyst, accelerating recon, triage, scaling pattern recognition, and.. First…
-
Dringend patchen: Hacker attackieren Windows-Server über kritische WSUS-Lücke
Angreifer können unter anderem manipulierte Windows-Updates einschleusen und diese an Clients verteilen lassen. Admins sollten schnell handeln. First seen on golem.de Jump to article: www.golem.de/news/dringend-patchen-windows-server-werden-ueber-wsus-luecke-attackiert-2510-201545.html
-
Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws
Hackers exploited old RCE flaws in WordPress GutenKit and Hunk Companion plugins. Wordfence firm blocked 8.7M attacks in two days. In September and October 2024, submissions revealed Arbitrary Plugin Installation vulnerabilities in GutenKit and Hunk Companion WordPress plugins, with 40,000 and 8,000+ installs, respectively. These flaws allow unauthenticated attackers to install plugins and achieve RCE.…
-
Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws
Hackers exploited old RCE flaws in WordPress GutenKit and Hunk Companion plugins. Wordfence firm blocked 8.7M attacks in two days. In September and October 2024, submissions revealed Arbitrary Plugin Installation vulnerabilities in GutenKit and Hunk Companion WordPress plugins, with 40,000 and 8,000+ installs, respectively. These flaws allow unauthenticated attackers to install plugins and achieve RCE.…
-
Hackers steal Discord accounts with RedTiger-based infostealer
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-steal-discord-accounts-with-redtiger-based-infostealer/
-
Hackers steal Discord accounts with RedTiger-based infostealer
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-steal-discord-accounts-with-redtiger-based-infostealer/
-
The 10 biggest issues CISOs and cyber teams face today
Tags: ai, attack, awareness, breach, business, ceo, ciso, computing, crime, cyber, cyberattack, cybersecurity, data, deep-fake, defense, email, encryption, exploit, finance, fraud, governance, group, hacker, international, mitigation, organized, phishing, ransom, risk, scam, service, strategy, supply-chain, technology, threat, tool, training, usa, vulnerability2. Escalating, and accelerating, AI-enabled attacks: A 2025 survey from Boston Consulting Group found that 80% of CISOs worldwide cited AI-powered cyberattacks as their top concern, a 19-point increase from the previous year. A 2025 survey from Darktrace, a security technology firm, found that 78% of CISOs reported a significant impact from AI-driven threats, up…
-
Hackers Exploit WordPress Arbitrary Installation Vulnerabilities in the Wild
Tags: control, cyber, cybersecurity, exploit, flaw, hacker, malicious, software, vulnerability, wordpressCybersecurity firm Wordfence has uncovered a renewed wave of mass exploitation targeting critical vulnerabilities in two popular WordPress plugins, allowing unauthenticated attackers to install malicious software and potentially seize control of websites. The flaws, first disclosed in late 2024, affect GutenKit and Hunk Companion plugins, which boast over 40,000 and 8,000 active installations respectively. Despite…
-
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, hacker, microsoft, rce, remote-code-execution, service, update, vulnerability, windowsCybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, allows unauthenticated attackers to run arbitrary code on vulnerable servers, and evidence suggests that these attacks are being carried out manually, a technique…
-
Pwn2Own Ireland 2025: The Hacks, The Winners, and The Big Payouts
Hackers earned over $1 million at Pwn2Own Ireland 2025 in Cork, breaching printers, routers, NAS devices, and more as Summoning Team claimed Master of Pwn. First seen on hackread.com Jump to article: hackread.com/pwn2own-ireland-2025-hacks-winners-payouts/
-
Top 10 Best Bug Bounty Platforms in 2025
As digital attack surfaces expand with rapid innovation in cloud, AI, and Web3 technologies, organizations increasingly rely on the collective intelligence of ethical hackers to identify vulnerabilities before malicious actors can exploit them. These platforms facilitate a structured, incentivized approach to security testing, offering unparalleled scalability, diversity of expertise, and cost-effectiveness compared to traditional security…
-
Hackers exploiting critical vulnerability in Windows Server Update Service
Microsoft has issued an out-of-band update and is urging users to immediately apply the patch. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hackers-exploiting-critical-vulnerability-windows-server-update-service/803810/
-
Hackers launch mass attacks exploiting outdated WordPress plugins
A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-launch-mass-attacks-exploiting-outdated-wordpress-plugins/
-
Insider Threat Prevention
Introduction: The Hidden Risk Inside Every Organization Cybersecurity often focuses on external threats”, hackers, malware, phishing, and ransomware. But one of the most dangerous and underestimated risks often lies within the organization: the insider threat. Whether it’s a disgruntled employee, an unaware user, or a compromised contractor, insider threats have the potential to bypass even…
-
Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems
Tags: access, ai, attack, authentication, awareness, best-practice, breach, business, chatgpt, china, ciso, cloud, computing, container, control, credentials, crime, cve, cyber, cyberattack, cybersecurity, data, defense, detection, email, exploit, extortion, finance, flaw, framework, fraud, google, governance, government, group, guide, hacker, hacking, healthcare, iam, identity, incident response, intelligence, LLM, malicious, malware, mitigation, monitoring, network, open-source, openai, organized, phishing, ransom, risk, risk-management, russia, sans, scam, service, skills, soc, strategy, supply-chain, technology, theft, threat, tool, training, vulnerability, zero-trustAs organizations eagerly adopt AI, cybersecurity teams are racing to protect these new systems. In this special edition of the Cybersecurity Snapshot, we round up some of the best recent guidance on how to fend off AI attacks, and on how to safeguard your AI systems. Key takeaways Developers are getting new playbooks from groups…
-
‘Jingle Thief’ Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards
Tags: cloud, credentials, cybercrime, cybersecurity, exploit, group, hacker, infrastructure, network, phishing, service, smishingCybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud.”Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards,” Palo Alto Networks Unit 42 researchers…
-
Pwn2Own Irland: Hacker knacken Samsung Galaxy S25 und mehr
Attackiert wurden unter anderem Drucker, NAS-Systeme, Smartphones und Lautsprecher. Hersteller müssen insgesamt 73 neue Zero-Day-Lücken patchen. First seen on golem.de Jump to article: www.golem.de/news/pwn2own-irland-hacker-knacken-samsung-galaxy-s25-und-mehr-2510-201512.html
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom
China-based threat actors exploited ToolShell SharePoint flaw CVE-2025-53770 soon after its July patch. China-linked threat actors exploited the ToolShell SharePoint flaw vulnerability, tracked as CVE-2025-53770, to breach a telecommunications company in the Middle East after it was addressed by Microsoft in July 2025. >>China-based attackers used the ToolShell vulnerability (CVE-2025-53770) to compromise a telecoms company in…
-
Formel 1 betroffen: Cyberattacke auf Fahrer-Portal
Cyberkriminelle hatten Zugriff auf die Daten eines Formel 1-Fahrers.Hacker haben im Sommer unerlaubten Zugriff auf ein Fahrerportal des Internationalen Automobilverbandes (FIA) und damit auch auf Daten von Formel-1-Piloten gehabt. Das bestätigte ein Verbandssprecher am Rande des Großen Preises von Mexiko. Zuvor hatten die Hacker in sozialen Netzwerken selbst darüber berichtet. Sie gaben auch an, keine bösen…
-
Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland
The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-earn-1-024-750-for-73-zero-days-at-pwn2own-ireland/

