The Hacker News

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

To safeguard against this line of attack, organizations are recommended to restrict B2B collaboration settings to only allow ...
The Hacker News

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

Bloody Wolf targets Kyrgyzstan and Uzbekistan with Java-based loaders delivering NetSupport RAT in sector-wide phishing ...
The Hacker News

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection ...
The Hacker News

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

According to information from Salesforce, reconnaissance efforts against customers with compromised Gainsight access tokens ...
The Hacker News

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist

Qilin has emerged as one of the most active ransomware operations this year, with the RaaS crew exhibiting "explosive growth" ...
The Hacker News

FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

FBI flags $262M in account-takeover losses while researchers track AI-boosted phishing, fake stores, and holiday scam domains ...
The Hacker News

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

RomCom just hit a US engineering firm via SocGholish for the first time, deploying Mythic Agent before defenders cut the ...
The Hacker News

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

ClickFix has become hugely successful as it relies on a simple yet effective method, which is to entice a user into infecting ...
The Hacker News

Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets

"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...
The Hacker News

Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps

"Behind the interface, the extension injects an extra transfer into every Solana swap, siphoning a minimum of 0.0013 SOL or 0 ...
The Hacker News

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

Free webinar explains risks in community-run tools like Chocolatey and Winget and shows practical ways to secure updates.
The Hacker News

Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware

Malicious CGTrader .blend files abuse Blender Auto Run to install StealC V2, raiding browsers, plugins, and crypto wallets.