News

The Hacker News3h
Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore
Iranian hacker pleads guilty to Robbinhood ransomware attacks causing $19M+ in losses, crippling U.S. cities via BYOVD and ...
The Hacker News3h
Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack
In March 2024, the DoJ indicted seven hackers associated with APT31, accusing them of engaging in sweeping cyber espionage ...
The Hacker News7h
Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File
Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited ...
The Hacker News11h
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
Amazon-hosted IPs scanned 75 tech targets on May 8 in a one-day exploit surge, showing orchestrated cloud-based recon.
The Hacker News8h
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
PumaBot hijacks Linux IoT devices via SSH brute-force, fakes Redis services, and mines crypto using stealthy rootkits.
The Hacker News14h
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more ...
The Hacker News9h
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
Mimo exploits CVE-2025-32432 in Craft CMS days after disclosure, deploying cryptominer and proxyware for monetization.
The Hacker News11h
How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds
The attack works by targeting session tokens. This enables the attackers to subvert even multi-factor authentication (MFA); ...
The Hacker News1d
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
Mobile-focused phishing using SEO poisoning and fake portals hit payroll systems in May 2025, rerouting salaries and evading ...
The Hacker News1d
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Void Blizzard targeted over 20 NGOs using credential phishing via fake Entra logins, exfiltrating sensitive cloud data.
The Hacker News1d
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a ...
The Hacker News1d
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign
Luna Moth uses spoofed IT domains and callback phishing to access law firm data, bypassing detection with legitimate tools.