A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy… Read More "From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools"
Nov 07, 2025Ravie LakshmananMobile Security / Vulnerability A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East. The activity involved the… Read More "Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp"
Nov 07, 2025Ravie LakshmananSupply Chain Attack / Malware A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company… Read More "Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation"
Nov 07, 2025The Hacker NewsData Protection / Cloud Security Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to… Read More "Enterprise Credentials at Risk – Same Old, Same Old?"
Nov 07, 2025Ravie LakshmananData Protection / Malware Google on Thursday said it’s rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform… Read More "Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts"
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the… Read More "Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities"
Nov 06, 2025The Hacker NewsUnited States Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion. According to Gartner, more than… Read More "Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response"
Nov 06, 2025Ravie LakshmananZero-Day / Vulnerability Cisco on Wednesday disclosed that it became aware of a new attack variant that’s designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD)… Read More "Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362"
Nov 06, 2025Ravie LakshmananMalware / Vulnerability A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities. The campaign, detected in May 2025, is tracked by the security outfit… Read More "Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine"
Nov 06, 2025Ravie LakshmananCybersecurity / Hacking News Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even… Read More "AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More"
