News

The Hacker News3h

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

Commvault patched four flaws before 11.36.60, including CVE-2025-57790 (8.7 CVSS), preventing remote code execution.
The Hacker News3h

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

ClickFix attacks deliver CORNFLAKE.V3 backdoor via fake CAPTCHAs, enabling multi-payload delivery and persistence since Sept ...
The Hacker News9h

Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025

Password cracking succeeded in 46% of environments in 2025, leaving valid accounts exploited in 98% of attacks.
The Hacker News8h

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via ...
The Hacker News13h

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in ...
The Hacker News1d

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

Russian hackers exploit Cisco CVE-2018-0171 since 2022, breaching global networks and targeting U.S. infrastructure.
The Hacker News1d

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

North Korean Hackers Used GitHub and Cloud Services in Espionage Campaign Against Diplomats, While IT Workers Exploited AI to ...
The Hacker News1d

Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts

Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative ...
The Hacker News1d

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft | Read more hacking news on ...
The Hacker News2d

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Attackers exploit CVE-2023-46604 in Apache ActiveMQ, deploy DripDropper malware, then patch flaw to secure persistence.
The Hacker News1d

From Impact to Action: Turning BIA Insights Into Resilient Recovery

Discover how a business impact analysis lays the groundwork for faster recovery in today’s threat-filled business landscape.
The Hacker News1d

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

Foltz and his co-conspirators have been accused of monetizing RapperBot by providing paying customers access to a powerful ...