The Hacker News

ToddyCat's New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

ToddyCat upgrades tools like TCSectorCopy and TomBerBil to steal corporate email and browser data, targeting Outlook and ...
The Hacker News

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users

U.S. CISA exposes how commercial spyware and RATs hijack Signal, WhatsApp and Android devices to spy on high-ranking ...
The Hacker News

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

ClickFix has become hugely successful as it relies on a simple yet effective method, which is to entice a user into infecting ...
The Hacker News

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

Researchers uncovered 5GB of leaked credentials from JSONFormatter and CodeBeautify, exposing sensitive data across critical ...
The Hacker News

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Malicious CGTrader .blend files abuse Blender Auto Run to install StealC V2, raiding browsers, plugins, and crypto wallets.
The Hacker News

Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs

CrowdStrike shows Chinese AI DeepSeek-R1 quietly weakens code security when prompts mention Tibet, Uyghurs, or Falun Gong.
The Hacker News

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing ...
The Hacker News

Smarter Access, Better Protected Data, Faster Audits: Enhancing Your Insider Threat Defense

Real-time masking, agentless access, and full-motion monitoring enhance insider threat defense and audit readiness without IT ...
The Hacker News

New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions

Fluent Bit, deployed in billions of containers, has five new flaws enabling log tampering, remote code execution, and cloud ...
The Hacker News

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

ShadowPad malware is being delivered through an actively exploited WSUS vulnerability, granting attackers full system access.
The Hacker News

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

APT24 and Autumn Dragon launch multi-year espionage campaigns using BADAUDIO, supply chain attacks, and new CVE-2025-8088 ...
The Hacker News

Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet

Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service (DDoS) attack ...