Jul 07, 2025The Hacker NewsIoT Security / Cyber Resilience If you didn’t hear about Iranian hackers breaching US water facilities, it’s because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn’t… Read More "Why Default Passwords Must Go"
Jul 07, 2025Ravie LakshmananCybersecurity / Hacking Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms—they sneak in through… Read More "Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More"
A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) called DRAT. The activity has been attributed by Recorded Future’s Insikt Group to a threat… Read More "TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors"
Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts. “The attacker used a modified version of XMRig with a hard-“coded configuration, allowing them to avoid suspicious… Read More "Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS"
Jul 05, 2025Ravie LakshmananNational Security / Privacy Taiwan’s National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China.… Read More "Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties"
Jul 04, 2025Ravie LakshmananZero-Day / Cyber Espionage Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to… Read More "NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors"
Jul 04, 2025Ravie LakshmananVulnerability / Linux Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief… Read More "Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros"
Jul 04, 2025The Hacker NewsAI Security / Enterprise Security Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive… Read More "Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It"
Jul 04, 2025Ravie LakshmananMobile Security / Privacy Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users’ cellular data when they were idle to passively… Read More "Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission"
A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user’s screen and hide their icons… Read More "Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams"
