The Hacker News

The Hacker News (THN) is widely regarded as a top source for Information Security news, boasting over 5 million readers and followers each month. THN delivers up-to-date Cyber Security News and provides thorough insights into current and emerging trends in Information Technology, exploring their impact on the cyber landscape. The platform is backed by a community of security professionals, hackers, administrators, and members from various underground hacking groups around the globe.

International

English

Blog

Outlet metrics

Domain Authority

Ranking

Global

#55011

United States

#25037

Computers Electronics and Technology/Computer Security

#74

Traffic sources

Monthly visitors

Articles

Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI

1 day ago | thehackernews.com | Ravie Lakshmanan

Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential vulnerability.
Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

2 days ago | thehackernews.com | Ravie Lakshmanan

Google has disclosed details of a financially motivated threat cluster that it said "specialises" in voice phishing (aka vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align with threat groups with ties to an online cybercrime collective known as The Com.
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

2 days ago | thehackernews.com | Ravie Lakshmanan

Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems. According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments.
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

2 days ago | thehackernews.com | Ravie Lakshmanan

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx, ReversingLabs, Safety, and Socket in recent weeks.
Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

3 days ago | thehackernews.com | Ravie Lakshmanan

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified "malicious multi-stage downloader Powershell scripts" hosted on lure websites that masquerade as Gitcode and DocuSign.
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

3 days ago | thehackernews.com | Ravie Lakshmanan

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case of post-authenticated remote code execution via PHP object deserialization.
Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

3 days ago | thehackernews.com | Ravie Lakshmanan

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim's contacts list.
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

3 days ago | thehackernews.com | Ravie Lakshmanan

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year."The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137.
Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion

3 days ago | thehackernews.com | Ravie Lakshmanan

Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at Microsoft Security, said.
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

3 days ago | thehackernews.com | Ravie Lakshmanan

Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.

The Hacker News journalists

Mohit Kumar

Ravie Lakshmanan

Swati Khandelwal

Contact details

Address

123 Example Street

City, Country 12345

Socials

Try JournoFinder For Free

Search and contact over 1M+ journalist profiles, browse 100M+ articles, and unlock powerful PR tools.

Start Your 7-Day Free Trial →

Outlet metrics

Articles

Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI

Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

The Hacker News journalists

Contact details

Address

Email

Email Patterns

Website

Socials

Traffic locations

Related outlets