Hackers are breaking into Linux cloud servers using a 2-year-old bug in Apache ActiveMQ.

The twist? After sneaking in, they patch the flaw themselves—locking out rivals and hiding from defenders.

Full story here → https://thehackernews.com/2025/08/apache-activemq-flaw-exploited-to.html

🚨 New RAT alert: Hackers are hitting trading firms with GodRAT—a backdoor hidden inside fake financial docs sent over Skype.

It steals files, passwords, and even drops more malware.

Built on 20-year-old Gh0st RAT code, but deadlier.

Full details → https://thehackernews.com/2025/08/new-godrat-trojan-targets-trading-firms.html

🚨 60% of breaches in 2024 came from one source: people.

Not because employees are careless—because security is confusing, complex, and built for auditors, not humans. Until culture is fixed, tech alone won’t save you.

Here’s how to change that ↓ https://thehackernews.com/2025/08/why-your-security-culture-is-critical.html

🚨 Hackers are chaining two SAP flaws (CVSS 10.0 + 9.1) to bypass login and fully take over systems.

Ransomware crews + China-linked spies are already using it in the wild.

SAP patched in April/May—but attackers were exploiting since March.

Details here → https://thehackernews.com/2025/08/public-exploit-for-chained-sap-flaws.html

The U.K. just dropped its demand that Apple build a backdoor into iCloud.

That order would’ve opened Americans’ encrypted data to governments—and hackers.

The plan’s dead. But the fight over encryption isn’t.

Here’s what happened → https://thehackernews.com/2025/08/uk-government-drops-apple-encryption.html

Russia’s Secret Blizzard just did something scarier than phishing → They hacked the root of trust—bypassing MFA and silently stealing “secure” traffic.

When TLS itself is broken, FIDO and MFA collapse.

How to defend against state-level attacks ↓ https://thehackernews.com/expert-insights/2025/08/how-to-defend-against-root-of-trust.html

⚡ PyPI just killed a major supply chain threat.

Over 1,800 email addresses tied to expired domains have been unverified—closing a loophole attackers used to hijack Python packages.

It’s a win, but not a cure-all.

👉 Full story ↓ https://thehackernews.com/2025/08/pypi-blocks-1800-expired-domain-emails.html

⚡ Microsoft warns: PipeMagic isn’t malware—it’s a framework for stealth attacks. Storm-2460 is hitting IT, finance & real estate worldwide.

Details → https://thehackernews.com/2025/08/microsoft-windows-vulnerability.html

That copyright email in your inbox? It might not be legal trouble—it might be malware.

The “Noodlophile” attack hides in fake copyright notices, abuses Telegram, and slips past security tools.

If your brand lives on social media—you’re a target.

Here’s how it works ↓ https://thehackernews.com/2025/08/noodlophile-malware-campaign-expands.html

⚠️ Hackers just weaponized a new Windows flaw (CVE-2025-29824) to drop the PipeMagic backdoor—fueling RansomExx attacks.

The bait? Fake ChatGPT apps and Chrome updates.
Still active. Still evolving.

Details here → https://thehackernews.com/2025/08/microsoft-windows-vulnerability.html

⚡ Cybersecurity isn’t failing in one big breach—it’s leaking everywhere.

This week’s signals show just how fast cracks turn into collapse:

– NFC trojan stealing cards via “tap-to-pay” 🎴
– Active exploits in N-able N-central
– Espionage ops in Georgia & Moldova
– Docker Hub images still hiding the XZ backdoor
– U.S. expands crypto sanctions
– Hackers rushing to weaponize new CVEs

Each story points to one truth: hesitation = risk.

Read full RECAP → https://thehackernews.com/2025/08/weekly-recap-nfc-fraud-curly-comrades-n.html

46% of security leaders lose sleep over growing regulatory complexity.

Move beyond checkbox compliance and turn GRC into a strategic advantage with this new Tines guide.

What's in the guide:
🔸 Common challenges for security and compliance teams today
🔸 Four areas where GRC teams can leverage workflow orchestration and automation for immediate impact
🔸 Case study stories from Druva, Path AI, and more

Get the full guide here: https://thn.news/automating-grc-guide

🚨 Compliance isn’t optional. Fail GDPR, HIPAA, or PCI DSS → massive fines, lawsuits, even shutdowns.

The scary part? Most don’t even know where they’re failing.

Here’s how Wazuh helps fix it:
✅ Real-time alerts
✅ Compliance dashboards
✅ Active response

Read this now → https://thehackernews.com/2025/08/wazuh-for-regulatory-compliance.html

🚨 New supply-chain attacks hit open-source repos.

• PyPI: termncolor & colorinal delivered multi-stage malware with Windows & Linux backdoors.

• npm: fake packages posed as dev tools & job tests, stealing iCloud Keychain, browser data, wallets.

Details → https://thehackernews.com/2025/08/malicious-pypi-and-npm-packages.html

20% of breaches in 2025 started with unpatched software.

And patch management? It’s broken.

With SaaS sprawl + BYOD, IT teams can’t keep up. Shadow apps and personal devices are a hacker’s dream.

Here’s what needs to change ↓ https://thehackernews.com/expert-insights/2025/08/why-traditional-approaches-to-patch.html

🚨 The ERMAC V3.0 Android banking trojan just had its entire source code leaked—backend, panels, builder, exfil servers.

It still targets 700+ apps, from banking to crypto, and even ships with default creds.

Read ↓ https://thehackernews.com/2025/08/ermac-v30-banking-trojan-source-code.html

👨‍💻 Hackers are abusing a Windows flaw (CVE-2025-26633) to drop malware—masquerading as IT staff on Microsoft Teams and tricking users with rogue MSC files.

The group? EncryptHub, a Russian crew blending social engineering with zero-days.

Details → https://thehackernews.com/2025/08/russian-group-encrypthub-exploits-msc.html

🚨 New HTTP/2 flaw can crash major servers.

“MadeYouReset” bypasses Rapid Reset protections—letting attackers flood Apache Tomcat, F5 BIG-IP & more with thousands of requests, taking sites offline.

Here’s how it works → https://thehackernews.com/2025/08/new-http2-madeyoureset-vulnerability.html

🔥🏚 That “test server” you forgot about?

It’s still online. And waving at attackers 👋

EASM finds those ghost assets. DRP catches your name on the dark web.

Together, they’re the digital “Did I leave the oven on?” check—before the house burns down.

🛡 Read before something starts smoking → https://thehackernews.com/2025/08/have-you-turned-off-your-virtual-oven.html

⚡ Japan’s cyber watchdog caught hackers using CrossC2—a Cobalt Strike spin-off that hijacks Linux, macOS, and Windows—to breach networks across multiple countries.

They loaded custom malware entirely in memory—and may be tied to Black Basta ransomware crews.

Details → https://thehackernews.com/2025/08/researchers-warn-crossc2-expands-cobalt.html

The City of Hamilton’s multi-million dollar cybersecurity insurance claim was recently denied following a ransomware attack in 2024. Why? Because MFA wasn’t fully implemented at the time of the attack.

Find and fix MFA gaps with Push Security to avoid claim denial 👉 https://thn.news/stop-identity-attacks-others

🔒🚫 Stop hackers before they even knock.

Turn on MFA everywhere. Block every unknown app. Lock risky tools in a digital cage.

This “security by default” playbook slams the door on ransomware & phishing.

See how it works → https://thehackernews.com/2025/08/simple-steps-for-attack-surface.html

🛑 Your bank card. Your calls. Your phone — all in a cybercriminals' hands.

💳 PhantomCard – NFC trojan that clones your bank card & spends like it’s theirs.
📞 SpyBanker – Steals banking data & hijacks calls in India.
⚙️ KernelSU exploits – Full control of rooted Android devices.

How they work & how to stop them → https://thehackernews.com/2025/08/new-android-malware-wave-hits-banking.html

Google now requires crypto app developers in the US, UK, EU & 12 more regions to get official licenses before hitting Play Store.

Non-compliance? Apps pulled.

Learn more about this crackdown → https://thehackernews.com/2025/08/google-requires-crypto-app-licenses-in.html

🚨 CISA warns: Hackers are actively exploiting 2 new flaws in N-able’s N-central — the RMM tool used by countless MSPs to control client systems.

Both bugs allow command execution if exploited. Patch by Aug 20 or risk takeover.

Full story → https://thehackernews.com/2025/08/cisa-adds-two-n-able-n-central-flaws-to.html

🚨 Over a year after the XZ Utils backdoor was exposed, 35 infected Docker images are still live on Docker Hub — some built on top of each other, quietly spreading the malware.

They can let attackers bypass SSH auth & run root commands.

Full story → https://thehackernews.com/2025/08/researchers-spot-xz-utils-backdoor-in.html

🚨 780+ malicious IPs just launched a coordinated brute-force attack on Fortinet SSL VPNs — shifting mid-campaign to hit FortiManager.

Researchers warn this pattern often precedes a new CVE disclosure within weeks.

Read → https://thehackernews.com/2025/08/fortinet-ssl-vpns-hit-by-global-brute.html

⚠️ Two of the most dangerous hacker groups — ShinyHunters & Scattered Spider — are joining forces.

They’ve hit Salesforce users worldwide, and signs show their next big target: banks & financial firms.

Here’s why this alliance is bad news ↓ https://thehackernews.com/2025/08/cybercrime-groups-shinyhunters.html

🚨 Your browser is now your biggest insider threat.

🤖 GenAI prompts
⚠️ Risky extensions
💻 Unmanaged devices

All leaking data in-session.

🥊 Enterprise Browser vs. Secure Extension — 9 brutal rounds.

Who wins? → https://thehackernews.com/2025/08/the-ultimate-battle-enterprise-browsers.html

Identity attacks are evolving, but are your IR playbooks keeping up? Join Push Security's Josh Gideon on August 13th & 14th as he dives into the new challenges facing incident responders in the cloud. Don't miss out on a step-by-step walkthrough of how security teams are using browser telemetry to supercharge their security investigations.

Register here: https://thn.news/identity-attacks-webinar-tg

🇷🇺 New Threat: Curly COMrades hacked govt & energy networks in Georgia & Moldova — stealing credentials & hiding for months.

Their secret weapon? Hijacking Windows’ own components to run commands as SYSTEM… and no one notices.

Find details here → https://thehackernews.com/2025/08/new-curly-comrades-apt-using-ngen-com.html

New research by Pentera builds on Wiz’s IngressNightmare and reveals critical injection vulnerabilities in the widely used ingress-nginx Kubernetes controller.

Pentera’s team uncovered additional attack vectors that exploit common configuration oversights - going beyond the four originally disclosed CVEs. These newly discovered injection points can allow attackers to bypass security controls, execute arbitrary code, and pivot deeper into Kubernetes clusters.

👉 Join experts live on August 20 at 11:00 AM ET for a technical deep dive into the full scope of these vulnerabilities and their real-world impact: https://thn.news/IngressNightmare-webinar

Read the full research report 👉 https://thn.news/cyberattacks-explained

🚨 WARNING: Dutch cyber watchdog confirms: a Citrix zero-day (CVE-2025-6543) was exploited for months before disclosure—hitting critical orgs, leaving hidden web shells, and erasing traces.

Patches are out. If you run NetScaler, act now.

Full story → https://thehackernews.com/2025/08/dutch-ncsc-confirms-active-exploitation.html

Hackers can now hijack Microsoft Domain Controllers into a global DDoS botnet—no malware, no creds, no trace.

At DEF CON, researchers revealed “Win-DDoS”: a flaw that can weaponize tens of thousands of public DCs to flood targets, crash systems, or trigger BSODs—remotely.

Here’s how it works → https://thehackernews.com/2025/08/new-win-ddos-flaws-let-attackers-turn.html

🔥 Windows had a hole [CVE-2025-49760] in its core RPC system that let attackers pretend to be trusted services—like hijacking DNS, but inside your OS.

The wild part? Even Windows Defender’s ID could be spoofed.

Here’s how the EPM poisoning attack worked ↓ https://thehackernews.com/2025/08/researchers-detail-windows-epm.html

Hackers can bypass Windows login, steal cryptographic keys, and hide inside some Dell laptops even after a full OS reinstall — “ReVault” flaws hit 100+ models.

Sometimes, they don’t even need your password.

Details → https://thehackernews.com/2025/08/researchers-reveal-revault-attack.html

🚨 Brazil hit by two cyber threats:

1️⃣ Hackers using AI-built fake gov sites to steal IDs + cash via PIX.
2️⃣ Efimer Trojan spreading via fake legal emails, torrents & WordPress hacks — swapping crypto wallets + stealing funds.

How both attacks work → https://thehackernews.com/2025/08/ai-tools-fuel-brazilian-phishing-scam.html

🚨 Stolen logins are now the #1 way hackers break in — beating phishing & software flaws.

Many still work. Attackers don’t need exploits when they can just log in.

Think your passwords are safe? You might want to check.

Full report → https://thehackernews.com/2025/08/leaked-credentials-up-160-what.html

🚨 RubyGems & PyPI under attack:

🔸 60 fake RubyGems stole social media logins (275K+ downloads)
🔸 PyPI fakes hijacked crypto staking wallets

Both hide credential-stealing code in legit-looking packages.

Details → https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html

$1M in crypto gone—stolen by 150+ fake Firefox wallet extensions.

The scam: lookalike MetaMask, TronLink, Exodus add-ons that start clean… then turn malicious when no one’s watching.

Now spreading to Chrome. AI is helping them scale.

Full story → https://thehackernews.com/2025/08/greedybear-steals-1m-in-crypto-using.html

🚨 Millions duped by fake apps on Apple & Google stores.

VexTrio, a global crime ring, used bogus VPNs & cleaners to steal data, push ads, and charge hidden fees.

It’s still active.

Details here → https://thehackernews.com/2025/08/fake-vpn-and-spam-blocker-apps-tied-to.html

🚨 UPDATE: Google confirms it was hit in the Salesforce vishing attacks.

Hackers accessed contact data for small biz clients in June—then vanished.

Now? They're back, threatening victims with 72-hour bitcoin extortion demands, posing as ShinyHunters.

Read ↓ https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html

📈 vCISO adoption just exploded 319% in one year.

MSPs & MSSPs are scrambling to meet SMB demand—and AI is powering the shift.

It’s not just about security. It’s driving higher margins, better upsell, and recurring revenue.

Check full report → https://thehackernews.com/2025/08/ai-slashes-workloads-for-vcisos-by-68.html

Microsoft just built an AI that reverse-engineers malware by itself.

No hints. No human help — and 90%+ accuracy.

It could change how threats are found—before they even spread.

Here’s what Project Ire can do ↓ https://thehackernews.com/2025/08/microsoft-launches-project-ire-to.html

🚨 Trend Micro flaw (CVE-2025-54948 and CVE-2025-54987) lets attackers run code before login.

Two critical bugs (CVSS 9.4) are being exploited right now in Apex One on-prem.

Admins, patch fast — remote code execution is on the table.

Here’s what you need to know ↓ https://thehackernews.com/2025/08/trend-micro-confirms-active.html

🚨 Ukraine hit by wave of cyberattacks — again.

Phishing emails posing as court summons are dropping malware that steals docs, grabs screenshots, and executes remote commands.

Here’s what’s happening ↓ https://thehackernews.com/2025/08/cert-ua-warns-of-hta-delivered-c.html

🚨 CISA just confirmed active exploits targeting 3 old D-Link camera and recorder flaws — one remains unpatched.

These vulnerabilities expose admin passwords and enable command execution.

One affected model reached end-of-life. Still using it? You're exposed.

Mitigations required by Aug 26 → https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.html

🔥 AI just changed the rules of pen testing.

Now you can say: "Check if leaked creds can access prod-finance."

And in seconds, it attacks, adapts, and reports—no scripts, no guesswork.

Vibe Red Teaming is here. Testing becomes a conversation.

→ Full vision from Pentera's CTO: https://thehackernews.com/2025/08/ai-is-transforming-cybersecurity.html

🔒 UPDATE: Akira ransomware now uses legit Windows drivers (rwdrv.sys, hlpdrv.sys) in a BYOVD attack to disable Defender and gain kernel access—even in hardened environments.

Tied to SonicWall SSL VPN zero-day—still under active investigation.

Read → https://thehackernews.com/2025/08/sonicwall-investigating-potential-ssl.html

🔥 Hackers can fully hijack NVIDIA's Triton AI servers — no login needed.

A new exploit chain gives attackers remote code execution and access to sensitive AI models.

It all starts with a single malformed request.

Full details → https://thehackernews.com/2025/08/nvidia-triton-bugs-let-unauthenticated.html

🚨 New wave of Python malware hits 4,000+ systems across 62 countries.

PXA Stealer is siphoning passwords, credit cards, and cookies—then selling them via Telegram-powered black markets.

Details here → https://thehackernews.com/2025/08/vietnamese-hackers-use-pxa-stealer-hit.html

⚡ Weekly Recap ⟶ VPN 0‑Day, Mac Stealer Backdoor, AI Malware Disguised as Dev Tools, and an APT Hiding in ISPs.

The scariest part? Most of it looked legit.

Catch up now ↓ https://thehackernews.com/2025/08/weekly-recap-vpn-0-day-encryption.html

You’re not just using SaaS. It’s using you.

AI tools, browser plugins, and apps your team installs without asking are opening hidden doors to your data.

Most IT teams have no idea.

Here’s how to take back control ↓ https://thehackernews.com/2025/08/the-wild-west-of-shadow-it.html

🚨 Over 11,000 Android phones hijacked by new PlayPraetor malware.

It fakes Google Play pages, abuses accessibility settings, and livestreams your screen—all to steal banking and crypto credentials.

And it's spreading fast.

Here’s what you need to know ↓ https://thehackernews.com/2025/08/playpraetor-android-trojan-infects.html

🚨 China-linked threat group hacked Southeast Asia telecoms — no data stolen, just full remote access to critical networks for 9 months.

They used stealth malware, tunneled through mobile operators, and wiped their tracks.

Here’s what we know ↓ https://thehackernews.com/2025/08/cl-sta-0969-installs-covert-malware-in.html

🚨 Akira ransomware is hitting SonicWall SSL VPNs—some fully patched.

Researchers suspect a zero-day or credential abuse. Attacks surged in late July.

Org? Disable SSL VPN until further notice.

Full details ↓ https://thehackernews.com/2025/08/akira-ransomware-exploits-sonicwall.html