The Hacker News

The Hacker News (THN) is widely regarded as a top source for Information Security news, boasting over 5 million readers and followers each month. THN delivers up-to-date Cyber Security News and provides thorough insights into current and emerging trends in Information Technology, exploring their impact on the cyber landscape. The platform is backed by a community of security professionals, hackers, administrators, and members from various underground hacking groups around the globe.

International

English

Blog

Outlet metrics

Domain Authority

Ranking

Global

#55011

United States

#25037

Computers Electronics and Technology/Computer Security

#74

Traffic sources

Monthly visitors

Articles

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

6 days ago | thehackernews.com | Ravie Lakshmanan

Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan Raghuprasad, and Joey Chen assessed with moderate confidence.
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

6 days ago | thehackernews.com | Ravie Lakshmanan

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign.
Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

6 days ago | thehackernews.com | Ravie Lakshmanan

Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.
CVE-2025-24054 Under Active Attack-Steals NTLM Credentials on File Download

6 days ago | thehackernews.com | Ravie Lakshmanan

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure spoofing bug that was patched by Microsoft last month as part of its Patch Tuesday updates.
Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

1 week ago | thehackernews.com | Ravie Lakshmanan

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or TradingView.
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

1 week ago | thehackernews.com | Ravie Lakshmanan

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions.
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

1 week ago | thehackernews.com | Ravie Lakshmanan

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection that could result in code execution.
Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

1 week ago | thehackernews.com | Ravie Lakshmanan

Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler

1 week ago | thehackernews.com | Ravie Lakshmanan

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named "schtasks.exe," which enables an administrator to create, delete, query, change, run, and end scheduled tasks on a local or remote computer.
Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

1 week ago | thehackernews.com | Ravie Lakshmanan

Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages last year. It also suspended over 5 million accounts for scam-related violations.