The Hacker News

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Iran-linked RedKitten uses malicious Excel files, AI-generated macros, and cloud services to spy on human rights NGOs and ...
The Hacker News

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

Poland linked December 2025 cyber attacks on energy and manufacturing sites to Static Tundra, involving DynoWiper and ...
The Hacker News

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Mandiant reports ShinyHunters-linked vishing attacks abusing MFA and SSO to breach SaaS apps, steal data, and extort ...
The Hacker News

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run ...
The Hacker News

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

SolarWinds fixed six Web Help Desk vulnerabilities, including four critical flaws that allow unauthenticated remote code ...
The Hacker News

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Cisco Talos links China-based UAT-8099 to IIS server attacks using BadIIS malware for regional SEO fraud, targeting Thailand ...
The Hacker News

Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup

A U.S. jury convicted a former Google engineer of stealing over 2,000 AI trade secret documents to benefit China-linked companies, DOJ says.
The Hacker News

WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware

Meta is rolling out Strict Account Settings on WhatsApp and using Rust-based media code to protect journalists and high-risk ...
The Hacker News

From Triage to Threat Hunts: How AI Accelerates SecOps

Agentic AI reshapes SOC workflows by investigating 100% of alerts, reducing noise, accelerating hunting, and delivering over ...
The Hacker News

Password Reuse in Disguise: An Often-Missed Risky Workaround

Near-identical password reuse bypasses security policies, enabling attackers to exploit predictable patterns using breached ...
The Hacker News

Google Disrupts IPIDEA — One of the World's Largest Residential Proxy Networks

Google dismantled IPIDEA, a residential proxy network used by 550+ threat groups to hijack millions of consumer devices for ...
The Hacker News

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote ...