The Hacker News

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

October 20, 2025 add comment
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command... Read more »

From Phishing to Malware: AI Becomes Russia’s New Cyber Weapon in War on Ukraine

October 18, 2025 add comment
Russian hackers’ adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country’s State Service... Read more »

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

October 17, 2025 add comment
Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data. The vulnerability,... Read more »

How Attackers Bypass Synced Passkeys

October 15, 2025 add comment
TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the... Read more »

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

October 15, 2025 add comment
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa... Read more »

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files

October 12, 2025 add comment
A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4),... Read more »

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

October 9, 2025 add comment
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active... Read more »

Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems

September 20, 2025 add comment
An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme. “This... Read more »

Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts

September 19, 2025 add comment
Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data. The malvertising campaign, per Bitdefender, is... Read more »

Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage

September 19, 2025 add comment
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the... Read more »
Subscribe to our Newsletter