The Hacker News
Open in Telegram
β Official THN Telegram Channel β A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking. π¨ Contact: admin@thehackernews.com π Website: https://thehackernews.com
Show more153 016
Subscribers
+4024 hours
+2957 days
+1 39130 days
Data loading in progress...
Similar Channels
Tags Cloud
Incoming and Outgoing Mentions
---
---
---
---
---
---
Attracting Subscribers
December '25
December '25
+939
in 0 channels
November '25
+1 640
in 0 channels
Get PRO
October '25
+1 409
in 0 channels
Get PRO
September '25
+1 022
in 0 channels
Get PRO
August '25
+1 035
in 0 channels
Get PRO
July '25
+1 349
in 0 channels
Get PRO
June '25
+2 009
in 0 channels
Get PRO
May '25
+5 311
in 0 channels
Get PRO
April '250
in 0 channels
Get PRO
March '250
in 0 channels
Get PRO
February '250
in 0 channels
Get PRO
January '25
+1 463
in 1 channels
Get PRO
December '24
+2 825
in 0 channels
Get PRO
November '24
+3 404
in 0 channels
Get PRO
October '24
+3 585
in 0 channels
Get PRO
September '24
+2 646
in 0 channels
Get PRO
August '24
+1 954
in 0 channels
Get PRO
July '24
+1 464
in 0 channels
Get PRO
June '24
+1 046
in 0 channels
Get PRO
May '24
+1 069
in 0 channels
Get PRO
April '24
+1 427
in 0 channels
Get PRO
March '24
+998
in 1 channels
Get PRO
February '24
+414
in 0 channels
Get PRO
January '24
+921
in 0 channels
Get PRO
December '23
+866
in 0 channels
Get PRO
November '23
+1 395
in 0 channels
Get PRO
October '23
+3 518
in 0 channels
Get PRO
September '23
+3 163
in 0 channels
Get PRO
August '23
+3 392
in 0 channels
Get PRO
July '23
+4 604
in 0 channels
Get PRO
June '23
+40
in 0 channels
Get PRO
May '23
+2 413
in 0 channels
Get PRO
April '23
+2 841
in 0 channels
Get PRO
March '23
+1 817
in 0 channels
Get PRO
February '23
+10 998
in 0 channels
Get PRO
January '230
in 0 channels
Get PRO
December '220
in 0 channels
Get PRO
November '220
in 0 channels
Get PRO
October '22
+677
in 0 channels
Get PRO
September '22
+3 968
in 0 channels
Get PRO
August '22
+2 400
in 0 channels
Get PRO
July '22
+2 590
in 0 channels
Get PRO
June '22
+2 628
in 0 channels
Get PRO
May '22
+3 981
in 0 channels
Get PRO
April '22
+4 170
in 0 channels
Get PRO
March '22
+5 400
in 0 channels
Get PRO
February '22
+4 542
in 0 channels
Get PRO
January '22
+63 832
in 0 channels
| Date | Subscriber Growth | Mentions | Channels | |
| 16 December | +63 | |||
| 15 December | +54 | |||
| 14 December | +58 | |||
| 13 December | +73 | |||
| 12 December | +50 | |||
| 11 December | +58 | |||
| 10 December | +46 | |||
| 09 December | +47 | |||
| 08 December | +77 | |||
| 07 December | +47 | |||
| 06 December | +39 | |||
| 05 December | +66 | |||
| 04 December | +107 | |||
| 03 December | +77 | |||
| 02 December | +40 | |||
| 01 December | +37 |
Channel Posts
π Amazon flagged a new AWS crypto-mining campaign using custom persistence techniques.
Attackers validate permissions with DryRun, deploy miners across ECS and EC2, then enable instance termination protection to block cleanup.
π Learn more: https://thehackernews.com/2025/12/compromised-iam-credentials-power-large.html
3 143180
| 2 |  π° A fake NuGet package stole crypto wallets for more than five years.
It copied a popular .NET tracing library and hid as a normal dependency. One extra letter in the author name led to about 2,000 downloads since 2020.
It exfiltrated Stratis wallet JSON files and passwords to a Russian IP.
π Read: https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html | 3 529 |
| 3 |  β‘ Amazon confirms a Russian GRU unit hacked Western energy and infrastructure networks for years.
The threat wasnβt malware, it was silent credential theft from live traffic.
From 2021β2025, APT44 relied less on zero-days and more on exposed routers and VPN gateways.
π Read β https://thehackernews.com/2025/12/amazon-exposes-years-long-gru-cyber.html | 4 629 |
| 4 |  β οΈ Most privacy risks aren't malicious.
Itβs accidental.
A log statement. A helper function. An AI SDK someone added on Friday.
If you only look in production, youβre blind by design.
Read more β https://thehackernews.com/2025/12/why-data-security-and-privacy-need-to.html | 4 439 |
| 5 |  π¨ Fortinet FortiGate devices are under active attack via SSO authentication bypass flaws.
CVE-2025-59718 and CVE-2025-59719 both have CVSS scores of 9.8 and exploit the FortiCloud SSO feature.
Disable FortiCloud SSO until systems are fully updated.
π Details β https://thehackernews.com/2025/12/fortinet-fortigate-under-active-attack.html | 4 813 |
| 6 |  Attackers are abusing React2Shell to plant Linux backdoors like KSwapDoor and ZnDoor.
This hits orgs that left React and Next.js servers unpatched.
Microsoft saw reverse shells, Cobalt Strike, and stolen cloud tokens tied to CVE-2025-55182, and Shadowserver tracks over 111,000 exposed IPs.
π Details β https://thehackernews.com/2025/12/react2shell-vulnerability-actively.html | 5 520 |
| 7 |  π Google is shutting down its dark web monitoring tool less than two years after launch.
Google admitted the tool surfaced breached data but didnβt give people clear next steps. Alerts without action paths donβt change outcomes.
π Read here: https://thehackernews.com/2025/12/google-to-shut-down-dark-web-monitoring.html | 6 592 |
| 8 |  π¨ WARNING: A βFeaturedβ Chrome extension was silently copying everything users typed into ChatGPT and other AI tools.
Prompts. Responses. Sent off-device by default after an auto-update.
It even warned users about sharing sensitive info, while exporting the full chats itself.
π Read: https://thehackernews.com/2025/12/featured-chrome-browser-extension.html | 7 536 |
| 9 |  FreePBXβs worst flaw isnβt a bug β itβs a legacy setting.
If AUTHTYPE is set to webserver, attackers can fake a login header and get admin access. From there, they can add their own user and run code on the system.
Default configs are safe. Old tweaks arenβt.
π Read: https://thehackernews.com/2025/12/freepbx-authentication-bypass-exposed.html | 7 467 |
| 10 |  Sensitive data is everywhere: SaaS, cloud, AI pipelines, and most teams canβt see it.
Thatβs why DSPM is becoming a top security priority for 2026.
Next-gen DSPM goes beyond visibilityβ real-time context, automation, and AI-aware protection.
Learn more: https://thn.news/dspm-top-tools | 6 926 |
| 11 |  β‘ Your SaaS wasnβt hacked. It was impersonated via the browser.
Attackers ran clean, verified Chrome and Edge extensions for years. Millions of installs. One silent update flipped them into spyware.
Not a device attack. Not a cloud breach. Both at once. The browser sat in the middle, unseen, holding the keys.
π Learn more: https://thehackernews.com/2025/12/a-browser-extension-risk-guide-after.html | 7 038 |
| 12 |  π¨ Active phishing attacks in Russia spread Phantom Stealer.
Fake bank transfer emails use ISO attachments. The malware steals browser data, crypto wallets, passwords, and files, then sends them out via Telegram or Discord.
Finance, payroll, accounting, and legal teams are the main targets.
π Read: https://thehackernews.com/2025/12/phantom-stealer-spread-by-iso-phishing.html | 7 548 |
| 13 |  π€¦ Hackers built #ransomware β then left the key behind.
CyberVolkβs new VolkLocker targets π» Windows and π§ Linux.
The flaw? the lock key is hard-coded and saved as a plain file on the system.
Files can be unlocked for free β but after 48 hours, it can wipe ποΈ personal folders.
π Read: https://thehackernews.com/2025/12/volklocker-ransomware-exposed-by-hard.html | 7 895 |
| 14 |  β οΈ Notepad++ fixes a bug that was actively abused.
Notepad++ released version 8.8.9 to patch a critical updater flaw. Attackers hijacked update traffic and tricked users into installing malware instead of real updates.
π Read: https://thehackernews.com/2025/12/threatsday-bulletin-spyware-alerts.html#update-closes-hijack-flaw | 10 491 |
| 15 |  π¨ Poland Police detained three Ukrainian nationals after finding hacking π» and spying tools in their car.
Authorities say the gear could be used to attack key IT and telecom π‘ systems tied to national defense.
Charges include fraud and computer-related crimes.
π Read: https://thehackernews.com/2025/12/threatsday-bulletin-spyware-alerts.html#vaas-crackdown-nets-193-arrests | 10 540 |
| 16 |  π₯οΈβ οΈ A six-year-old router flaw is being used right now.
U.S. cyber officials warn that hackers are actively attacking Sierra Wireless AirLink routers. The bug lets attackers upload a bad file and take full control of the device.
π Read β https://thehackernews.com/2025/12/cisa-adds-actively-exploited-sierra.html | 9 402 |
| 17 |  Apple patched two bugs hackers were already using. New updates fix active attacks across iPhone, iPad, Mac, Safari, Watch, TV, and Vision Pro.
β οΈ One bug lets attackers run code from bad web pages.
β οΈ Another breaks memory.
π All iPhone and iPad browsers were affected.
π΅οΈ Apple says the attacks were highly targeted.
This is Appleβs 9th zero-day fix in 2025.
π Update now β read here β https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html | 10 072 |
| 18 |  π₯οΈ Researchers found fake Python tools on GitHub spreading a new trojan called PyStoreRAT.
The repos look real, gain stars β, and run hidden malware using a Windows tool.
The malware can steal crypto wallet files π° and stay hidden by pretending to be an NVIDIA update.
π Read: https://thehackernews.com/2025/12/fake-osint-and-gpt-utility-github-repos.html | 10 137 |
| 19 |  π¨ Hackers are attacking CentreStack and Triofox right now using a built-in key that never changes.
It lets them break in, read the web-config file, and run code on the server.
At least 9 companies have already been hit.
π Read: https://thehackernews.com/2025/12/new-advanced-phishing-kits-use-ai-and.html | 9 243 |
| 20 |  β οΈ Your browser is now the biggest GenAI risk.
Every day, workers paste code, emails, and files into AI toolsβright inside the browser. That data can leak, get stored, or even shared outside your company.
The fix isnβt banning AI. Itβs securing how itβs usedβin the browser session itself.
π Read: https://thehackernews.com/2025/12/securing-genai-in-browser-policy.html | 9 585 |
