The Hacker News

🔥 Fake Python packages. AI-powered scams. Stolen logins. Cyberattacks are evolving faster than your defenses—and they're targeting your apps, your users, and your code. 3 new expert #cybersecurity webinars break down how to fight back →

🚨 China-linked threat group hacked Southeast Asia telecoms — no data stolen, just full remote access to critical networks for 9 months. They used stealth malware, tunneled through mobile operators, and wiped their tracks. Here’s what we know ↓ https://lnkd.in/gk6XVWHB

🚨 A new Linux backdoor named Plague hid in plain sight for a year—undetected by every antivirus. It hacks PAM to silently hijack SSH logins and wipe all traces. The worst part? No antivirus flagged it. Not one. How it works ↓ https://lnkd.in/g4bDhquZ

🚨 Apple just patched a zero-day used in the wild — tied to a Chrome exploit. The bug let attackers break out of the browser sandbox using a malicious web page. iPhones, Macs, iPads, and more were at risk. Update now. Details here → https://lnkd.in/gyqgDTaZ

Scattered Spider is now hijacking VMware ESXi hypervisors—not with malware, but fake help desk calls. They impersonate admins, reset passwords, and deploy ransomware directly from the hypervisor. Google says it's fast, stealthy, and crippling. Full story → https://lnkd.in/gzE6GzqM

🚨 Akira ransomware is hitting SonicWall SSL VPNs—some fully patched. Researchers suspect a zero-day or credential abuse. Attacks surged in late July. Org? Disable SSL VPN until further notice. Full details ↓ https://lnkd.in/grjp3T4h

⚠️ A China-linked group breached VMware ESXi & vCenter in a stealthy, years-long cyberespionage campaign. They killed logs, mimicked forensic tools—and stayed hidden for years. Most orgs still can’t detect it. Full report → https://lnkd.in/gDkAkruh

🔥 A hacker gang planted a 4G Raspberry Pi inside a bank’s ATM network—bypassing firewalls to install a rootkit called CAKETAP. It spoofed PIN checks, hid processes, and aimed to trigger fraudulent withdrawals. Details you should know ↓ https://lnkd.in/g9skr3fU

🚨 A single Slack message could hijack Cursor—AI code editor—with zero clicks. CVE-2025-54135 let attackers run remote code just by posting in a public channel. Cursor auto-executed it. No prompts. No approval. Details here → https://lnkd.in/gURPJ7aE

🚨 Hackers are using fake Microsoft OAuth apps + the Tycoon phishing kit to hijack 365 accounts They’ve spoofed 50+ brands (Adobe, DocuSign, SharePoint), bypassing MFA with adversary-in-the-middle attacks. 3,000+ users hit across 900 orgs. Details → https://lnkd.in/g3SEbjRk