The Hacker News

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

Google links Turla to STOCKSTAY, a new .NET backdoor used in phishing attacks against Ukraine government and military targets ...
The Hacker News

Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff

Citizen Lab says Russian authorities used Cellebrite UFED on Andrey Pivovarov’s seized iPhone after Cellebrite’s 2021 Russia ...
The Hacker News

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...
The Hacker News

Surviving the Mythos Era: Richard Bejtlich on the Case for NDR

Corelight’s NDR Essentials explains how network evidence helps analysts validate alerts, hunt threats, and disrupt attacks.
The Hacker News

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

Mandiant says CVE-2026-20245 was exploited as a Cisco SD-WAN zero-day to escalate admin access to root on a provider network.
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
The Hacker News

DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering

DoJ seized HuiOne cloud infrastructure as Treasury sanctioned Prince Group-linked entities over crypto fraud and money ...
The Hacker News

New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

Symantec and Carbon Black link Mistic backdoor attacks to KongTuke, using ClickFix lures and in-memory execution for stealthy ...
The Hacker News

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
The Hacker News

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

Law enforcement dismantled 326 servers and 142 domains tied to Amadey and StealC, recovering 27 million stolen credentials.
The Hacker News

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...