The Hacker News12h
Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform
On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted ...
The Hacker News17h
New Case Study: Global Retailer Overshares CSRF Tokens with Facebook
Facebook Pixel exposed CSRF tokens at major retailer; Reflectiz detected breach early, preventing €20M GDPR fines.
The Hacker News13h
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using ...
The Hacker News16h
Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices
The development comes as the tech giant released iOS 18.4 and iPadOS 18.4 to remedy 62 flaws, macOS Sequoia 15.4 to plug 131 ...
The Hacker News16h
Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign
IPs scanned Palo Alto GlobalProtect portals in late March, signaling systemic recon before potential exploits.
The Hacker News22h
Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices
Apple has been hit with a fine of €150 million ($162 million) by France's competition watchdog over the implementation of its ...
The Hacker News22h
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
"The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme ...
The Hacker News16h
China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions
Earth Alux used VARGEIT and MASQLOADER in APAC and LATAM cyberattacks, bypassing defenses via stealth techniques.
The Hacker News22h
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
"wp-content/mu-plugins/custom-js-loader.php," which injects unwanted spam onto the infected website, likely with an intent to ...
The Hacker News22h
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Water Gamayun has been linked to the active exploitation of CVE-2025-26633 (aka MSC EvilTwin), a vulnerability in the ...
The Hacker News1d
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been ...
The Hacker News1d
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Google Patches Actively Exploited Chrome 0-Day — Google has addressed a high-severity security flaw in its Chrome browser for ...