News

The Hacker News12h
Google's August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild
Google fixed 6 Android flaws, including 3 exploited Qualcomm bugs, raising spyware concerns. Users urged to update.
The Hacker News9h
ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections
ClickFix is the name given to a social engineering tactic where prospective targets are deceived into infecting their own ...
The Hacker News18h
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
TikTok Shop users are targeted in a phishing and malware campaign using 15,000 fake sites. Data and crypto thefts surge.
The Hacker News21h
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported
Huntress said it detected around 20 different attacks tied to the latest attack wave starting on July 25, 2025, with ...
The Hacker News13h
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to ...
The Hacker News15h
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks
Most SaaS incidents come from misconfigurations or permission issues, not attacks—putting users at unseen risk.
The Hacker News1d
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers
NVIDIA's August bulletin for Triton Inference Server also highlights fixes for three critical bugs (CVE-2025-23310, ...
The Hacker News4d
You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them
The solution lies in fundamentally reimagining security data architecture around what AI models actually need to perform ...
The Hacker News1d
The New Face of DDoS is Impacted by AI
DDoS attacks historically relied on volume and persistence. But if AI is embedded in the attacker's toolkit, the rules change ...
The Hacker News1d
Man-in-the-Middle Attack Prevention Guide
mDNS and DNS spoofing are common tactics that trick devices into trusting malicious sources. Attackers exploit mDNS on local ...
The Hacker News4d
Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
The ongoing campaign, first detected in early 2025, is designed to use the OAuth applications as a gateway to obtain ...
The Hacker News3d
New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
"The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system ...