The Hacker News

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

North Korea’s Contagious Interview spreads AkdoorTea and TsunamiKit to steal crypto and infiltrate global developers.
The Hacker News

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

Gcore Radar highlights a continued upward trajectory in DDoS activity. Compared to H2 2024, attack volumes rose 21%, while ...
The Hacker News

Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software

Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to ...
The Hacker News

Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed

The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased ...
The Hacker News

Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models

Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and ...
The Hacker News

Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike

"Between June 2024 and July 2025, RedNovember (which overlaps with Storm-2077) targeted perimeter appliances of high-profile ...
The Hacker News

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

BRICKSTORM was first documented by the tech giant last year in connection with the zero-day exploitation of Ivanti Connect ...
The Hacker News

How One Bad Password Ended a 158-Year-Old Business

Weak password let Akira ransomware destroy 158-year-old KNP Logistics, causing £5M ransom demand and 700 job losses.
The Hacker News

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery ...
The Hacker News

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Libraesva patches CVE-2025-59689 after confirmed state-sponsored exploitation; update ESG to avoid command injection.
The Hacker News

iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks

Stripe iframe skimmer hit 49 merchants in Aug 2024, bypassing CSP to steal cards, driving PCI DSS 4.0.1 updates.
The Hacker News

SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw

The vulnerability, tracked as CVE-2025-26399 (CVSS score: 9.8), has been described as an instance of deserialization of ...