News

The Hacker News7h

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

CVE-2025-7775 is the latest NetScaler ADC and Gateway vulnerability to be weaponized in real-world attacks in a short span of ...
The Hacker News8h

New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station

A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without ...
The Hacker News18h

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

"Android will require all apps to be registered by verified developers in order to be installed by users on certified Android ...
The Hacker News16h

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

HOOK Android trojan evolves with 107 commands, adding ransomware overlays and NFC scams, threatening financial security.
The Hacker News14h

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

ShadowCaptcha exploits 100+ WordPress sites since Aug 2025, spreading ransomware, stealers, and miners worldwide.
The Hacker News19h

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix ...
The Hacker News1d

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Transparent Tribe targets Indian government using weaponized .desktop files since 2022, enabling persistence and credential ...
The Hacker News1d

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

UpCrypter phishing since Aug 2025 uses fake voicemails, RAT payloads, and anti-analysis, hitting global industries.
The Hacker News1d

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker patched CVE-2025-9074 (CVSS 9.3), a flaw enabling container escape via unauthenticated API, risking host takeover.
The Hacker News2d

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

The details are transmitted to a threat actor-controlled Telegram bot named "@sshZXC_bot" (ssh_bot) via the API, which then ...
The Hacker News6d

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft | Read more hacking news on ...
The Hacker News1d

The New Mindset: Platforms Over Products

Traditional tools fail; Keeper CEO highlights zero trust, least privilege, and AI automation reshaping defense.