现已上线!2025 年 Telegram 研究 — 年度关键洞察 
The Hacker News
前往频道在 Telegram
⭐ Official THN Telegram Channel — A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking. 📨 Contact: admin@thehackernews.com 🌐 Website: https://thehackernews.com
显示更多📈 Telegram 频道 The Hacker News 的分析概览
频道 The Hacker News (@thehackernews) 英语 语言赛道中的 是活跃参与者。目前社区聚集了 161 642 名订阅者,在 技术与应用 类别中位列第 691,并在 美国 地区排名第 109 位。
📊 受众指标与增长动态
自 невідомо 创建以来,项目保持高速增长,吸引了 161 642 名订阅者。
根据 24 六月, 2026 的最新数据,频道保持稳定运转。过去 30 天订阅人数变化为 -596,过去 24 小时变化为 -13,整体触达仍然可观。
- 认证状态: 已认证(Telegram 官方确认)
- 互动率 (ER): 平均受众互动率为 4.66%。内容发布后 24 小时内通常能获得 2.96% 的反应,占订阅者总量。
- 帖子覆盖: 每篇帖子平均可获得 7 531 次浏览,首日通常累积 4 780 次浏览。
- 互动与反馈: 受众积极参与,单帖平均反应数为 17。
- 主题关注点: 内容集中在 attack, credential, cve-2026, github, backdoor 等核心主题上。
📝 描述与内容策略
作者将该频道定位为表达主观观点的平台:
“⭐ Official THN Telegram Channel — A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking.
📨 Contact: admin@thehackernews.com
🌐 Website: https://thehackernews.com”
凭借高频更新(最新数据采集于 25 六月, 2026),频道始终保持新鲜度与高覆盖。分析显示受众积极互动,使其成为 技术与应用 类别中的关键影响点。
161 642
订阅者
-1324 小时
-1287 天
-59630 天
帖子存档
161 640
🛑 Cybercrime crews just lost part of their malware supply chain.
Operation Endgame disrupted infrastructure behind Amadey and StealC — malware used to steal data and deliver additional payloads.
Authorities say the operation led to:
- 326 servers dismantled
- 142 domains taken down
- 27M stolen credentials recovered
- $47 M+ in criminal crypto assets restricted
Read: https://thehackernews.com/2026/06/amadey-and-stealc-malware-network.html
161 640
Cybersecurity is losing the time buffer it used to depend on.
Agentic AI could compress the gap between finding a weakness and weaponizing it. That puts hidden IT, IoT, and OT assets directly in the blast path.
Know what’s on your network before attacker automation does.
See why asset visibility matters now: https://thehackernews.com/2026/06/dawn-of-apex-agentic-adversary.html
161 640
Last Chance to Register for GRC Now | Get 8 Free CPEs
Join over 15K of your peers already registered for the July 8-9 GRC Now virtual event! Register and attend to explore the latest trends in GRC, cyber risk, practical strategies for AI governance, guidance for regulatory changes, and more.
✨ Bonus: You’ll earn up to 8 free CPE credits for attending.
Register now: https://thn.news/grc-now-reshape-resilience
161 640
⚡ The crackdown on HuiOne is now widening.
The DoJ seized a cloud account tied to HuiOne subsidiaries, while Treasury sanctioned 9 people and 26 entities linked to Prince Group.
The focus: crypto scam proceeds, laundering, and the networks behind Southeast Asia scam operations.
Read 🠖 https://thehackernews.com/2026/06/doj-seizes-huione-cloud-account-tied-to.html
161 640
🛑 Cisco Unified CM admins should check WebDialer now.
CVE-2026-20230 is being exploited, and vulnerable WebDialer-enabled systems can be abused by unauthenticated attackers to write files.
Cisco patched it in 14SU6 and 15SU5.
Read: https://thehackernews.com/2026/06/cisco-unified-cm-flaw-exploited-after.html
161 640
🚨 FFortiBleed went beyond FortiGate firewalls.
Researchers say a Russian-speaking IAB targeted 430,000+ FortiGate firewalls, deployed credential sniffers, and identified over 110 million credentials.
Read: https://thehackernews.com/2026/06/fortibleed-targeted-fortigate-firewalls.html
The campaign also hit other internet-facing systems.
161 640
🔥 A fake AI Agent skill reportedly reached 26,000 agents after passing security scans.
The payload was loaded later from an external link that scanners did not check, and that link could be changed after review.
Read how the blind spot worked 🠖 https://thehackernews.com/2026/06/fake-ai-agent-skill-passed-security.html
161 640
🛑 Washington is preparing for the quantum threat before it arrives.
A new Trump order gives federal agencies until 2030 to move key systems to post-quantum crypto.
Digital signatures are due by 2031.
Read - https://thehackernews.com/2026/06/trump-order-sets-2030-deadline-for.html
161 640
⚡ A risky #GitHub Actions pattern is getting blocked by default.
Starting June 18, 2026, actions/checkout v7 will refuse common fork PR checkout patterns in privileged workflows.
See how the new checkout guardrail works: https://thehackernews.com/2026/06/github-updates-actionscheckout-to-block.html
The aim: reduce “pwn request” attacks that can expose secrets or a privileged GITHUB_TOKEN.
161 640
AI is moving from writing attacks to running parts of them.
Agentic AI can help automate recon, social engineering, exploit selection, and malware work with less human input.
The risk is not just speed. It is misplaced trust.
Read why it matters: https://thehackernews.com/2026/06/agentic-ai-weapon-that-no-longer-needs.html
161 640
Running IT for a fast-growing 700-person company with a lean team sounds like a recipe for SaaS chaos. Not for the Drata team.
Nudge Security sat down with Gordon Nhieu, Senior IT Manager at Drata recently to dive into how their team got visibility into shadow SaaS, scaled governance, and kept up with a fast-moving org in the AI era.
No slides. No sales pitch. Just a candid look at how one lean IT team is making it work.
https://thn.news/saas-sprawl-nudge
161 640
⚠️ A tiny npm package can hide a full malware chain.
Researchers found malicious npm packages posing as PostCSS/build tools that deploy a Windows RAT.
The malware uses JavaScript, PowerShell, VBS, and Python to steal Chrome credentials, run commands, and move files.
Read - https://thehackernews.com/2026/06/malicious-npm-packages-pose-as-postcss.html
161 640
A breach should not spread across the whole company.
That is the point of containment.
Even if attackers get in, the goal is to stop them from moving further.
The article explains how security teams and leading vendors are approaching that problem.
Read: https://awards.thehackernews.com/blog/assume-breach-containment-strategy/
161 640
🚨 That WhatsApp file from a trusted contact may not be safe.
A new VBS malware campaign is spreading through #WhatsApp Desktop/Web and installing ManageEngine Endpoint Central for remote access on Windows PCs.
Read the details: https://thehackernews.com/2026/06/whatsapp-vbscript-campaign-uses-fake.html
161 640
🔥 OpenAI is putting GPT-5.5-Cyber in defenders’ hands.
The model is being released through Daybreak to help trusted defenders find, validate, and patch software flaws.
#OpenAI is also launching Patch the Planet with Trail of Bits to support open-source projects like cURL, Python, Sigstore, and aiohttp.
Read - https://thehackernews.com/2026/06/openai-expands-daybreak-with-gpt-55.html
161 640
⚠️ ALERT - ShapedPlugin Pro plugins were backdoored through official #WordPress update channels.
The malware can steal credentials, 2FA codes, wp-config.php data, and #WooCommerce order details.
Read 🠖 https://thehackernews.com/2026/06/shapedplugin-wordpress-pro-plugins.html
161 640
🛑 Private AI chats crossed tenant lines.
Researchers found four DifyTap flaws in #Dify, the 146K-star agentic workflow platform.
The bugs could expose AI conversations across tenants and leak uploaded document previews.
Read 🠖 https://thehackernews.com/2026/06/researchers-detail-difytap-flaws-in.html
161 640
🤯 A 1997 parser bug is still haunting Squid.
Squidbleed (CVE-2026-47729) can leak another user’s cleartext HTTP request through a shared Squid proxy, including credentials or session tokens.
Read 🠖 https://thehackernews.com/2026/06/29-year-old-squid-proxy-bug-squidbleed.html
161 640
⚡ AI-assisted social engineering has moved beyond the inbox.
Bobby Ford of Doppel says modern campaigns now span email, SMS, collaboration apps, social media, and paid ads — often as one attack chain.
The goal is no longer just blocking lures.
It is breaking the campaign earlier.
Read the full story: https://thehackernews.com/expert-insights/2026/06/beyond-blocking-disrupting-social.html
161 640
🚨 A fake Node.js download was the start of a real malware chain.
Elastic researchers found a new #malvertising campaign using Google Ads to deliver OXLOADER, a previously unreported loader that drops CastleStealer.
The payload was staged through Storj and built to avoid analysis.
Read: https://thehackernews.com/2026/06/new-oxloader-loader-uses-malicious.html
