The Hacker News

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Malicious PyPI package soopsocks downloaded 2,653 times before takedown, exfiltrating Windows data to Discord.
The Hacker News

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

From unpatched cars to hijacked clouds, this week's Threatsday headlines remind us of one thing — no corner of technology is ...
The Hacker News

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware

Google Mandiant tracks FIN11’s high-volume extortion emails exploiting Oracle E-Business Suite, possibly linked to Cl0p.
The Hacker News

Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro

The ProSpy campaign, discovered in June 2025, is believed to have been ongoing since 2024, leveraging deceptive websites ...
The Hacker News

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

Confucius hackers target Pakistan with WooperStealer and Anondoor malware using phishing and DLL side-loading.
The Hacker News

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact

Automated workflows accelerate pentest delivery, cut delays, and ensure real-time vulnerability remediation visibility.
The Hacker News

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign ...
The Hacker News

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

CVE-2025-59363 "allowed attackers with valid API credentials to enumerate and retrieve client secrets for all OIDC ...
The Hacker News

New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer

SGX is designed as a hardware feature in Intel server processors that allows applications to be run in a Trusted Execution ...
The Hacker News

Learn How Leading Security Teams Blend AI + Human Workflows (Free Webinar)

AI-only workflows risk fragility and compliance issues—learn secure, explainable automation in this Tines webinar.
The Hacker News

New $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections

Battering RAM compromises Intel's Software Guard Extensions ( SGX) and AMD's Secure Encrypted Virtualization with Secure ...
The Hacker News

Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware

Phantom Taurus' modus operandi also stands out due to the use of custom-developed tools and techniques rarely observed in the ...