News

The Hacker News56m
CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link ...
The Hacker News41m
CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures
UAC-0099, first publicly documented by the agency in June 2023, has a history of targeting Ukrainian entities for espionage ...
The Hacker News1h
AI Is Transforming Cybersecurity Adversarial Testing - Pentera Founder's Vision
AI transforms Pentera’s testing platform, enabling real-time, intent-driven validation for 1,200+ enterprises.
The Hacker News15h
ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections
ClickFix is the name given to a social engineering tactic where prospective targets are deceived into infecting their own ...
The Hacker News17h
Google's August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild
Google fixed 6 Android flaws, including 3 exploited Qualcomm bugs, raising spyware concerns. Users urged to update.
The Hacker News19h
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to ...
The Hacker News20h
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks
Most SaaS incidents come from misconfigurations or permission issues, not attacks—putting users at unseen risk.
The Hacker News1d
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
TikTok Shop users are targeted in a phishing and malware campaign using 15,000 fake sites. Data and crypto thefts surge.
The Hacker News1d
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported
Huntress said it detected around 20 different attacks tied to the latest attack wave starting on July 25, 2025, with ...
The Hacker News1d
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally
PXA Stealer was first documented by Cisco Talos in November 2024, attributing it to attacks targeting government and ...
The Hacker News1d
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers
NVIDIA's August bulletin for Triton Inference Server also highlights fixes for three critical bugs (CVE-2025-23310, ...
The Hacker News3d
New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
"The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system ...