The Hacker News

⚠️ Fortinet, Ivanti & SAP just fixed critical bugs that let attackers break in or run code remotely. ➜ Fortinet: auth bypass via fake SAML login. ➜ Ivanti: admin takeover through poisoned dashboards. ➜ SAP: code injection in Solution Manager (CVSS 9.9). 🔗Patch Now: https://thehackernews.com/2025/12/fortinet-ivanti-and-sap-issue-urgent.html

🚨 North Korean hackers are exploiting the new React2Shell bug (10.0-severity) to drop EtherRAT — malware that hides its commands inside Ethereum smart contracts. It even makes 9 blockchain nodes “vote” to pick its server, so takedowns fail. 🔗 Read now ↓ https://thehackernews.com/2025/12/north-korea-linked-actors-exploit.html

⚠️ 4 hacker groups are now using the same malware tool — CastleLoader. It’s sold as malware-for-hire by a group called GrayBravo. They’re hitting targets from logistics to IT using fake online Booking pages and software updates. Each attack links back to the same control servers — built to spread fast. 🔗 Read ↓ https://thehackernews.com/2025/12/four-threat-clusters-using-castleloader.html

GTG-1002 changed the rules. An AI-driven attack hit dozens of companies—80% run autonomously, at machine speed. The real threat? SaaS tokens that stay trusted forever after one approval. Static trust can’t defend against dynamic attackers. 🔗 Learn more: https://thehackernews.com/expert-insights/2025/12/what-gtg-1002-and-claude-style-attacks.html

🚨 Storm-0249 just changed tactics. The hacker group Microsoft flagged in 2024 is now faking Microsoft domains and abusing real security tools like SentinelOne to sneak in ransomware. They’re using PowerShell commands that never drop files—making them almost invisible. 🔗 Read ↓ https://thehackernews.com/2025/12/storm-0249-escalates-ransomware-attacks.html

💡 Most Zero Trust tools still don’t talk to each other — so access decisions lag behind real risks. A MongoDB engineer built a workflow using Tines that lets Kolide send real-time device alerts to Okta through the Shared Signals Framework. Finally, Zero Trust that actually works in sync. 🔗 Read: https://thehackernews.com/2025/12/how-to-streamline-zero-trust-using.html

🔥 You can win $20K for breaking Google’s new Chrome security feature. Google just added the “User Alignment Critic,” a safeguard that uses a second model to double-check Chrome’s AI agent and block prompt attacks or data leaks. 🔗 Read: https://thehackernews.com/2025/12/google-adds-layered-defenses-to-chrome.html

🚨 Hackers are uploading fake resumes on Indeed and JazzHR to breach Canadian companies. 80% of attacks in this campaign hit Canada. The “PDFs” actually launch QWCrypt ransomware through a tool called RedLoader. 🔗 Read: https://thehackernews.com/2025/12/stac6565-targets-canada-in-80-of.html

⚠️ Researchers found malicious packages in VS Code, Go, npm, and Rust stealing developer data. They mimicked themes, AI tools, and libraries to grab screenshots, Wi-Fi passwords, and browser cookies. 🔗 Find details here ↓ https://thehackernews.com/2025/12/researchers-find-malicious-vs-code-go.html

⚠️ Hackers are hiding malware in normal websites. A new attack called JS#SMUGGLER plants code that quietly runs PowerShell through mshta.exe to install NetSupport RAT — giving attackers full control of your computer. It even checks your device type to avoid being caught. 🔗 Read ↓ https://thehackernews.com/2025/12/experts-confirm-jssmuggler-uses.html

Catch the the latest CybersecurityRecap for: 💥 USB drives spreading crypto miners. 💰 Fake investment sites busted. 🐀 CastleRAT creeping through networks. ⚖️ Portugal shields ethical hackers. 💸 Ransomware payouts falling fast. 👉 Get the full stories, latest tools, and expert webinars in the latest recap: https://thehackernews.com/2025/12/weekly-recap-usb-malware-react2shell.html

⚠️ Holiday shopping means hacker season. Bots hit hardest around Black Friday & Christmas. Reused passwords = easy targets. Block breached logins + secure vendor accounts now. 🔗 Read ↓ https://thehackernews.com/2025/12/how-can-retailers-cyber-prepare-for.html

⚠️ Three new Android threats just dropped: • FvncBot – fake “mBank” app that logs keys, streams screens, and steals banking data. • SeedSnatcher – spreads via Telegram to steal crypto seed phrases and 2FA codes. • ClayRat – upgraded spyware faking YouTube & taxi apps for full device control. All abuse Android’s accessibility features. 🔗 Read here ↓ https://thehackernews.com/2025/12/android-malware-fvncbot-seedsnatcher.html

⚠️ Hackers are exploiting a bug in the Sneeit Framework plugin (CVE-2025-6389) to run code on servers and create admin accounts on WordPress sites. ⚠️ Separately, a flaw in ICTBroadcast (CVE-2025-2611) lets attackers use the BROADCAST cookie for unauthenticated remote shell access on exposed hosts. 🔗 Read ↓ https://thehackernews.com/2025/12/sneeit-wordpress-rce-exploited-in-wild.html

⚠️ Iran’s MuddyWater hackers are using a new backdoor called "UDPGangster" that hides in fake “election seminar” Word files. It only runs after checking if your computer is real — not a sandbox — then steals data over UDP to dodge detection. 🔗 Read → https://thehackernews.com/2025/12/muddywater-deploys-udpgangster-backdoor.html

🛑 Over 30 security flaws found in AI-powered coding tools like Copilot, Cursor, and Zed — letting hackers steal data or run malicious code without you doing a thing. Researchers are calling it “IDEsaster.” 🔗 Details here → https://thehackernews.com/2025/12/researchers-uncover-30-flaws-in-ai.html

CISA added the new 10.0-rated React RCE flaw (CVE-2025-55182) to its exploited list. 🕒 Exploited within hours by Chinese hackers. 💥 Affects Next.js, React Router, Vite, Waku & more. 💰 Some attacks dropped crypto-miners & stole AWS creds. 🔗 Read: https://thehackernews.com/2025/12/critical-react2shell-flaw-added-to-cisa.html

🚨 WARNING: A new attack can trick Perplexity’s Comet browser into deleting your Google Drive. Just one normal-looking email with hidden cleanup instructions can make the AI agent erase real files — no exploit, no warning. 🔗 Details here → https://thehackernews.com/2025/12/zero-click-agentic-browser-attack-can.html

🧩 57% of SMBs say cybersecurity is a top priority — yet they still turn down MSPs. ➡ The issue isn’t interest. It’s confusion. ➡ They’re tired of jargon, fear, and hard selling. “Getting to Yes” helps MSPs explain security in plain business terms — and win trust. 👉 See how it’s done → https://thehackernews.com/2025/12/getting-to-yes-anti-sales-guide-for-msps.html

🚨 Critical Apache Tika flaw (CVE-2025-66516) just dropped — CVSS 10.0. A single fake PDF can trigger an XXE attack, letting hackers read server files or run code. 🔗 Read ↓ https://thehackernews.com/2025/12/critical-xxe-bug-cve-2025-66516-cvss.html Update to v3.2.2 now.