News

The Hacker News9h
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
"In 2023, UNC3782 conducted phishing operations against TRON users and transferred more than $137 million USD worth of assets ...
The Hacker News14h
Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that ...
The Hacker News9h
Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp
Messaging apps such as Signal and WhatsApp are used to contact targets, inviting them to join a video call or register for ...
The Hacker News19h
Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
xrpl.js is a popular JavaScript API for interacting with the XRP Ledger blockchain, also called the Ripple Protocol, a ...
The Hacker News9h
Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware
Lotus Panda breached 6 Southeast Asian organizations using custom tools, browser stealers, and sideloaded malware.
The Hacker News21h
Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito
Google scraps new third-party cookie prompt in Chrome + boosts Incognito protections + DOJ eyes Chrome breakup.
The Hacker News21h
Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
This involves deploying a malware strain that connects to a nascent Web3 service called Teneo, a decentralized physical ...
The Hacker News21h
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
Phishers abused Google Sites and DKIM replay to send valid-signed emails, bypassing filters and stealing credentials.
The Hacker News2d
âš¡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
From zero-click iOS exploits to NTLM credential leaks and the 4Chan breach — this week’s cyber threats hit where trust runs ...
The Hacker News2d
Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
"In some systems, initial access was gained through exploiting the RDP vulnerability (BlueKeep, CVE-2019-0708)," the South ...
The Hacker News1d
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
GCP’s ConfusedComposer flaw let attackers escalate privileges via PyPI packages; patched by Google on April 13.
The Hacker News1d
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
Microsoft secures MSA and Entra ID with Azure Confidential VMs + HSM, preventing token forgery and reducing breach risks.