The Hacker News

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow fixed CVE-2025-12420, a critical flaw that let unauthenticated attackers impersonate users on its AI Platform.
The Hacker News

New Advanced Linux VoidLink Malware Targets Cloud and container Environments

Check Point reveals VoidLink, a China-linked Linux malware built for cloud environments with modular plugins, rootkit ...
The Hacker News

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

SHADOW#REACTOR is a malware campaign using VBS, PowerShell, and MSBuild to stealthily deploy Remcos RAT with persistent ...
Opinion
The Hacker NewsOpinion

What Should We Learn From How Attackers Leveraged AI in 2025?

Attackers in 2025 scale proven tactics like supply chain attacks, phishing, and store malware using automation and AI.
The Hacker News

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

CISA warns that hackers are actively exploiting a high-severity flaw in Gogs that can lead to remote code execution; no patch ...
The Hacker News

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...
The Hacker News

Anthropic Launches Claude AI for Healthcare with Secure Health Record Access

Anthropic launches Claude for Healthcare, enabling U.S. users to securely link lab results and health records for clear ...
The Hacker News

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

GoBruteforcer malware uses weak passwords and exposed services to build a botnet targeting crypto projects, Linux servers, ...
The Hacker News

Why Ad-Hoc OSINT Doesn't Scale: From analyst workflows to institutional intelligence

Standardized OSINT reduces operational risk, prevents duplicated effort, preserves evidence, and turns individual ...
The Hacker News

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

MuddyWater launched RustyWater, a Rust-based RAT, via spear-phishing Word macros targeting Middle East organizations.
The Hacker News

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Researchers found Chinese-linked attackers abused SonicWall VPN access and VMware ESXi zero-day flaws to escape VMs and gain ...
The Hacker News

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian-linked APT28 ran credential-harvesting attacks in 2025 using fake Microsoft, Google, and VPN login pages, PDF lures, ...