Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous…
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South…
FIRESTARTER: Cisco ASA Backdoor
The Advisory That Changes EverythingOn April 23, 2026, CISA and the United Kingdom National Cyber Security Centre jointly assessed that…
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains…
Hackers Exploiting Cisco Firepower Devices’ Using n-day Vulnerabilities to Gain Unauthorized Access
State-sponsored threat actors are actively targeting Cisco Firepower devices by chaining known vulnerabilities to deploy a highly customized…
Firestarter malware survives Cisco firewall updates, security patches
Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure…
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device…
Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and…
Microsoft beefs up Remote Desktop security with … hard-to-read messages
Microsoft's update to harden Remote Desktop against phishing attacks has arrived. When users open a Remote Desktop (.rdp) file, they should…
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small…
Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach
Two weeks after Anthropic announced Claude Mythos Preview (aka Claude Mythos and Mythos AI) as part of its Project Glasswing initiative, the…
MacOS Native Tools Enable Stealthy Enterprise Attacks
A growing range of native macOS features are being repurposed by attackers to execute code, move laterally and evade detection, according to…
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods…
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against…
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing…
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver…
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once.…
⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now”…
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands…
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on…
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the…
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since…
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active…
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's…
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare…
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns…
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories
Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new…
Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms
It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their…
⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More
Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems…
OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills
OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being…
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's…
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others…
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between…
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
This week's updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add…
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign…
Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites
Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that…
⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They're going after the everyday tools we trust…
Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances
Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus…
⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently…
CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS…
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that…
⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More
It's been a week of chaos in code and calm in headlines. A bug that broke the internet's favorite framework, hackers chasing AI tools, fake…