News

The Hacker News4h
Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
Adobe patched 254 flaws, mostly in Experience Manager, impacting cloud and on-prem users, preventing critical code execution ...
The Hacker News4h
Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud
Salesforce Industry Cloud has 20+ config risks exposing sensitive data; customers must fix most issues to avoid compliance ...
The Hacker News5h
FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
FIN6 uses fake resumes hosted on AWS to deliver More_eggs malware, targeting recruiters to steal credentials and card data ...
The Hacker News8h
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
The stealer, initially marketed on Telegram for free under beta in late December 2024, has since transitioned to a malware-as ...
The Hacker News11h
The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
However, NHIs introduce unique risks and management challenges that have security leaders on high alert. Forty-six percent of ...
The Hacker News14h
Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
Rare Werewolf APT uses phishing and legitimate tools to attack Russian and CIS firms, stealing credentials and deploying ...
The Hacker News17h
CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog
CISA warns of critical Erlang SSH and Roundcube vulnerabilities actively exploited, affecting servers and webmail users ...
The Hacker News6h
Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account
An attacker could also take advantage of Google's Forgot Password flow to figure out the country code associated with a victim's phone number, as well as obtain their display name by creating a Looker ...
The Hacker News1d
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
Reconnaissance and cyberattacks from July 2024 to March 2025 hit 70+ firms, including SentinelOne, linked to Chinese threat ...
The Hacker News1d
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Supply chain attack infects 16 GlueStack npm packages used by 1M weekly users, enabling malware that steals data and controls ...
The Hacker News1d
Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025
A phishing campaign infects 722 users with malicious browser extensions in Latin America to steal bank login data.
The Hacker News1d
Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise
In 2024, dormant accounts, unmanaged SaaS access, and GenAI permissions expose enterprises to data breaches and insider ...