The Hacker News

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

CVE-2025-59363 "allowed attackers with valid API credentials to enumerate and retrieve client secrets for all OIDC ...
The Hacker News

Learn How Leading Security Teams Blend AI + Human Workflows (Free Webinar)

AI-only workflows risk fragility and compliance issues—learn secure, explainable automation in this Tines webinar.
The Hacker News

New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer

SGX is designed as a hardware feature in Intel server processors that allows applications to be run in a Trusted Execution Environment (TEE). It essentially isolates trusted code and resources within ...
The Hacker News

2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising

Bitdefender's 2025 Cybersecurity Assessment Report paints a sobering picture of today's cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and ...
The Hacker News

New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones

Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote ...
The Hacker News

New $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections

Described as a Spectre branch target injection (Spectre-BTI) attack targeting the cloud, it exploits isolation gaps across host and guest in user and supervisor modes to leak arbitrary memory from an ...
The Hacker News

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign ...
The Hacker News

Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover

OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments. It also facilitates data ...
The Hacker News

Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware

Phantom Taurus' modus operandi also stands out due to the use of custom-developed tools and techniques rarely observed in the threat landscape. This includes a never-before-seen bespoke malware suite ...
The Hacker News

Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT.
The Hacker News

Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits

Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed ...
The Hacker News

New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events

New Android banking trojan Datzbro targets seniors via fake Facebook groups, enabling device takeover and financial fraud.