News

The Hacker News2h
38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
The scale of the campaign is reflected in the fact that over 38,000 distinct FreeDrain sub-domains hosting lure pages have ...
The Hacker News3h
Qilin Ransomware Ranked Highest in April 2025 with Over 45 Data Leak Disclosures
"From July 2024 to January 2025, Qilin's affiliates did not disclose more than 23 companies per month," the Singaporean ...
The Hacker News3h
SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
CVE-2025-32819 (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user ...
The Hacker News7h
MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware
MirrorFace deployed ROAMINGMOUSE and updated ANEL malware in March 2025 to target Japan and Taiwan's government systems ...
The Hacker News6h
Security Tools Alone Don't Protect You — Control Effectiveness Does
Security has never been about simply having the right tools. It is about understanding whether those tools are ready for the ...
The Hacker News10h
Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware
The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an ...
The Hacker News12h
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco fixes CVE-2025-20188, a 10.0 CVSS flaw tied to hardcoded JWT in wireless controllers, preventing root-level remote ...
The Hacker News12h
Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks
Europol dismantled six DDoS-for-hire services, arrested four, seized nine domains—disrupting attacks since 2022.
The Hacker News13h
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) ...
The Hacker News1d
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
The exploitation of CVE-2025-29824 also points to the trend of ransomware actors using zero-days to infiltrate targets. Last ...
The Hacker News1d
Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection
A new report Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection analyzing gaps in SSE implementations ...
The Hacker News1d
NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware
A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary ...