The Hacker News

Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike

"Between June 2024 and July 2025, RedNovember (which overlaps with Storm-2077) targeted perimeter appliances of high-profile ...
The Hacker News

UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors

BRICKSTORM was first documented by the tech giant last year in connection with the zero-day exploitation of Ivanti Connect ...
The Hacker News

Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models

Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and ...
The Hacker News

How One Bad Password Ended a 158-Year-Old Business

Weak password let Akira ransomware destroy 158-year-old KNP Logistics, causing £5M ransom demand and 700 job losses.
The Hacker News

New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus

Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share "significant" source code overlaps with IcedID and Latrodectus.
The Hacker News

iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks

Stripe iframe skimmer hit 49 merchants in Aug 2024, bypassing CSP to steal cards, driving PCI DSS 4.0.1 updates.
The Hacker News

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery ...
The Hacker News

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Libraesva patches CVE-2025-59689 after confirmed state-sponsored exploitation; update ESG to avoid command injection.