Page Inspect

The Hacker News | #1 Trusted Source for Cybersecurity News

#1 Trusted Cybersecurity News Platform

Followed by 5.20+ million** ** **

**

**

** Subscribe – Get Latest News

- ** Home
- ** Newsletter
- ** Webinars

- Home
- Data Breaches
- Cyber Attacks
- Vulnerabilities
- Webinars
- Expert Insights
- Contact

**

**



**

Resources

- Webinars
- Free eBooks

About Site

- About THN
- Jobs
- Advertise with us

Contact/Tip Us

**

Reach out to get featured—contact us to send your exclusive story idea, research, hacks, or ask us a question or leave a comment/feedback!

Follow Us On Social Media

** ** ** ** **

** RSS Feeds ** Email Alerts

# The Hacker News | #1 Trusted Source for Cybersecurity News

## Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets

**Oct 20, 2025 Threat Intelligence / Data Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities ( KEV ) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks. The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator that could allow attackers unauthorized access to critical data. "This vulnerability is remotely exploitable without authentication," CISA said. CVE-2025-61884 is the second flaw in Oracle EBS to be actively exploited along with CVE-2025-61882 (CVSS score: 9.8), a critical bug that could permit unauthenticated attackers to execute arbitrary code on susceptible instances. Earlier this month, Google Threat Intelligence Group (GTIG) and Mandiant revealed dozens of organizations may hav...

## ⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More

**Oct 20, 2025 Cybersecurity / Hacking News

It's easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn't just patching fast, but watching smarter and staying alert for what you don't expect. Here's a quick look at this week's top threats, new tactics, and security stories shaping the landscape. ⚡ Threat of the Week F5 Exposed to Nation-State Breach — F5 disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. The company said it learned of the incident on August 9, 2025, although it's believed that the attackers were in its network for at least 12 months. The attackers are said to have used a malware family called BRICKSTORM, which is attributed to a China-nexus espionage group dubbed UNC5221. GreyNoise said it observed elevat...

## Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches

**Oct 20, 2025 Browser Security / Malvertising

ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches.  ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error on a webpage.  The name is a little misleading, though — the key factor in the attack is that they trick users into running malicious commands on their device by copying malicious code from the page clipboard and running it locally. Examples of ClickFix lures used by attackers in the wild. ClickFix is known to be regularly used by the Interlock ransomware group and other prolific threat actors, including state-sponsored APTs. A number of recent public data breaches have been linked to ClickFix-style TTPs, such as Kettering Health, DaVita, City of St. Paul, Minnesota, and the Texas Tech University Health Sciences Centers (with many more breaches ...

## CISO Best Practices Cheat Sheet: Cloud Edition

WizCloud Security / Automation

Whether you're inheriting a cloud program, scaling multi-cloud or aligning with board goals, this cheat sheet helps drive measurable outcomes with proven frameworks & 90-day steps.

## 131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign

**Oct 20, 2025 Browser Security / Malware

Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users. "They are not classic malware, but they function as high-risk spam automation that abuses platform rules," security researcher Kirill Boychenko said. "The code injects directly into the WhatsApp Web page, running alongside WhatsApp's own scripts, automates bulk outreach and scheduling in ways that aim to bypass WhatsApp's anti-spam enforcement." The end goal of the campaign is to blast outbound messaging via WhatsApp in a manner that bypasses the messaging platform's rate limits and anti-spam controls. The activity is assessed to have been ongoing for at lea...

## MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems

**Oct 20, 2025 Cyber Espionage / National Security

China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a "premeditated" cyber attack targeting the National Time Service Center ( NTSC ), as it described the U.S. as a "hacker empire" and the "greatest source of chaos in cyberspace." The Ministry of State Security (MSS), in a WeChat post , said it uncovered "irrefutable evidence" of the agency's involvement in the intrusion that dated back to March 25, 2022. The attack was ultimately foiled, it added. Established in 1966 under the jurisdiction of the Chinese Academy of Sciences (CAS), NTSC is responsible for generating, maintaining, and transmitting the national standard of time (Beijing Time). "Any cyberattack damaging these facilities would jeopardize the secure and stable operation of 'Beijing Time,' triggering severe consequences such as network communication failures, financial system disruptions, power supply interruptions, transportation paraly...

## Keeper Security recognized in the 2025 Gartner® Magic Quadrant™ for PAM

Keeper SecurityPassword Security / Threat Detection

Access the full Magic Quadrant report and see how KeeperPAM compares to other leading PAM platforms.

## Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide

**Oct 19, 2025 SIM Swapping / Cryptocurrency

Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud. The coordinated law enforcement effort, dubbed Operation SIMCARTEL , saw 26 searches carried out, resulting in the arrest of seven suspects and the seizure of 1,200 SIM box devices , which contained 40,000 active SIM cards. Five of those detained are Latvian nationals. In addition, five servers were dismantled and two websites gogetsms\[.\]com and apisim\[.\]com) advertising the service was taken over on October 10, 2025, to display a seizure banner. Separately, four luxury vehicles were confiscated, and €431,000 ($502,000) in suspects' bank accounts and €266,000 ($310,000) in their cryptocurrency accounts were frozen. The countries that participated in the operation comprised authorities from Austria, Estonia, Finland, and Latvia, in collaboration ...

## New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

**Oct 18, 2025 Threat Intelligence / Cybercrime

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor . According to Seqrite Labs , the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company's analysis is based on the ZIP artifact that was uploaded to the VirusTotal platform on October 3, 2025. Present with the archive is a decoy Russian-language document that purports to be a notification related to income tax legislation and a Windows shortcut (LNK) file. The LNK file, which has the same name as the ZIP archive (i.e., "Перерасчет заработной платы 01.10.2025"), is responsible for the execution of the .NET implant ("adobe.dll") using a legitimate Microsoft binary named " rundll32.exe ," a living-off-the-land (LotL) technique known to be adopted by threat actors. The backd...

## Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT

**Oct 18, 2025 Malware / Threat Intelligence

The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). "The campaign relied on phishing emails with PDFs that contained embedded malicious links," Pei Han Liao, researcher with Fortinet's FortiGuard Labs, said in a report shared with The Hacker News. "These files masqueraded as official documents from the Ministry of Finance and included numerous links in addition to the one that delivered Winos 4.0." Winos 4.0 is a malware family that's often spread via phishing and search engine optimization (SEO) poisoning, directing unsuspecting users to fake websites masquerading as popular software like Google Chrome, Telegram, Youdao, Sogou AI, WPS Office, and DeepSeek, among others. The use of Winos 4.0 is primarily linked to an "aggressive" Chinese cybercri...

## North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

**Oct 17, 2025 Malware / Blockchain

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming closer to each other more than ever, even as the latter has been fitted with a new module for keylogging and taking screenshots.  The activity is attributed to a threat cluster that's tracked by the cybersecurity community under the monikers CL-STA-0240, DeceptiveDevelopment, DEV#POPPER, Famous Chollima, Gwisin Gang, PurpleBravo, Tenacious Pungsan, UNC5342, Void Dokkaebi, and WaterPlum. The development comes as Google Threat Intelligence Group (GTIG) and Mandiant revealed the threat actor's use of a stealthy technique known as EtherHiding to fetch next-stage payloads from the...

## Identity Security: Your First and Last Line of Defense

**Oct 17, 2025 Artificial Intelligence / Identity Security

The danger isn't that AI agents have bad days — it's that they never do. They execute faithfully, even when what they're executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless catastrophe. This isn't some dystopian fantasy—it's Tuesday at the office now. We've entered a new phase where autonomous AI agents act with serious system privileges. They execute code, handle complex tasks, and access sensitive data with unprecedented autonomy. They don't sleep, don't ask questions, and don't always wait for permission. That's powerful. That's also risky. Because today's enterprise threats go way beyond your garden-variety phishing scams and malware. The modern security perimeter? It's all about identity management. Here's the million-dollar question every CISO should be asking: Who or what has access to your critical systems, can you secure and govern that access, and can you actually prove it? Ho...

## Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices

**Oct 17, 2025 Vulnerability / VPN Security

Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4\_Update1, 12.0 up to and including 12.11.3 and 2025.1. "An out-of-bounds write vulnerability in the WatchGuard Fireware OS iked process may allow a remote unauthenticated attacker to execute arbitrary code," WatchGuard said in an advisory released last month. "This vulnerability affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer." It has been addressed in the following versions - 2025.1 - Fixed in 2025.1.1 12.x - Fixed in 12.11.4 12.3.1 (FIPS-certified release) - Fixed in 12.3.1\_Update3 (B722811) 12.5.x (T15 & T35 models) -...

## Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

**Oct 17, 2025 Malware / Cybercrime

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware," the Microsoft Threat Intelligence team said in a post shared on X. The tech giant said it disrupted the activity earlier this month after it was detected in late September 2025. In addition to revoking the certificates, its security solutions have been updated to flag the signatures associated with the fake setup files, Oyster backdoor, and Rhysida ransomware. Vanilla Tempest (formerly Storm-0832) is the name given to a financially motivated threat actor also called Vice Society and Vice Spider that's assessed to be active since at least July 2022, delivering various ransomware strains such as BlackCat, Quantum Locker, Zeppelin, and Rhysida over the year...

Next Page **

Trending News

Beware the Hidden Costs of Pen Testing

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform

ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs and More

Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets

Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in 'Zero Disco' Attacks

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

RMPocalypse: Single 8-Byte Write Shatters AMD's SEV-SNP Confidential Computing

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

Popular Resources

Meet the AI SOC Agents That Never Sleep, Forget, or Burn Out

Explore Proven Identity Strategies That Drive Real Business Value

The Holiday Security Playbook Every Online Business Needs Right Now

How Attackers Bypass FIDO: The Hidden Flaws Security Teams Keep Missing

Expert Insights Articles Videos

## Modern Browser Attacks: Why Perimeter Tools Are No Longer Enough

**October 20, 2025 Read ➝

## What Happens to MSSPs and MDRs in the Age of the AI-SOC?

**October 20, 2025 Read ➝

## Beyond Tools: Why Testing Human Readiness is the Hidden Superpower of Modern Security Validation

**October 13, 2025 Read ➝

## Exploring Agentic AI: Innovation Meets Security

**October 13, 2025 Read ➝

Cybersecurity Resources

CI/CD Pipeline Security Best Practices

This new cheat sheet walks you through the OWASP Top 10 CI/CD security risks and shares clear, actionable steps to help reduce your attack surface and strengthen your delivery processes.

See GitGuardian in action ➡️ Interactive Tour

In this self-guided tour, discover key features that security teams and IAM leaders love.

Why Security Culture Still Fails—And How to Fix It

Discover how top orgs build security culture and how you can course-correct.

Discover How to Make CTEM a Reality in 2025: Download Your Guide Now!

Ensure CTEM success! Download our ebook for practical tips on using XM Cyber to implement your exposure management strategy.

Get Latest News in Your Inbox!

Get the latest news, expert insights, exclusive resources, and strategies from industry leaders – all for free.



Email

Connect with us!

**

935,000 Followers

**

680,000 Followers

**

24,500 Subscribers

**

142,500 Followers

**

1,890,500 Followers

11,000 Followers

Company

- About THN
- Advertise with us
- Contact

Pages

- Webinars
- Privacy Policy

** RSS Feeds

** Contact Us

© The Hacker News, 2025. All Rights Reserved.