The Hacker News1h
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using ...
The Hacker News4h
Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign
IPs scanned Palo Alto GlobalProtect portals in late March, signaling systemic recon before potential exploits.
The Hacker News4h
China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions
Earth Alux used VARGEIT and MASQLOADER in APAC and LATAM cyberattacks, bypassing defenses via stealth techniques.
The Hacker News4h
Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
The development comes as the tech giant released iOS 18.4 and iPadOS 18.4 to remedy 62 flaws, macOS Sequoia 15.4 to plug 131 ...
The Hacker News4h
New Case Study: Global Retailer Overshares CSRF Tokens with Facebook
Facebook Pixel exposed CSRF tokens at major retailer; Reflectiz detected breach early, preventing €20M GDPR fines.
The Hacker News22h
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Water Gamayun has been linked to the active exploitation of CVE-2025-26633 (aka MSC EvilTwin), a vulnerability in the ...
The Hacker News9h
Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices
Apple has been hit with a fine of €150 million ($162 million) by France's competition watchdog over the implementation of its ...
The Hacker News1d
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
"The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme ...
The Hacker News1d
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been ...
The Hacker News1d
âš¡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Google Patches Actively Exploited Chrome 0-Day — Google has addressed a high-severity security flaw in its Chrome browser for ...
The Hacker News1d
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
Crocodilus is also capable of targeting cryptocurrency wallets with an overlay that, instead of serving a fake login page to ...
The Hacker News1d
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
"wp-content/mu-plugins/custom-js-loader.php," which injects unwanted spam onto the infected website, likely with an intent to ...