News

The Hacker News53m
From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign
Session hijacking now drives enterprise breaches—88% involve stolen credentials, often exploited within hours.
The Hacker News1h
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
Mimo exploits CVE-2025-32432 in Craft CMS days after disclosure, deploying cryptominer and proxyware for monetization.
The Hacker News2h
How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds
The attack works by targeting session tokens. This enables the attackers to subvert even multi-factor authentication (MFA); ...
The Hacker News2h
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
Amazon-hosted IPs scanned 75 tech targets on May 8 in a one-day exploit surge, showing orchestrated cloud-based recon.
The Hacker News6h
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more ...
The Hacker News19h
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a ...
The Hacker News20h
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Void Blizzard targeted over 20 NGOs using credential phishing via fake Entra logins, exfiltrating sensitive cloud data.