TECHZONE™

5 Ways Identity-based Attacks Are Breaching Retail https://thehackernews.com/2025/07/5-ways-identity-based-attacks-are.html From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about... In recent months, major retailers like Adidas, The North Face, Dior, Victoria's Secret, Cartier, Marks & Spencer, and Co‑op have all been breached. These attacks weren’t sophisticated

RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks https://thehackernews.com/2025/07/rondodox-botnet-exploits-flaws-in-tbk.html Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating

BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally https://thehackernews.com/2025/07/baittrap-over-17000-fake-news-websites.html A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial

Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms https://thehackernews.com/2025/07/researchers-uncover-batavia-windows.html Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky, has been active since July 2024. "The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract," the Russian company said. "The main goal of the

CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation https://thehackernews.com/2025/07/cisa-adds-four-critical-vulnerabilities.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is as follows - CVE-2014-3931 (CVSS score: 9.8) - A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an

SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools https://thehackernews.com/2025/07/seo-poisoning-campaign-targets-8500.html Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization (SEO) poisoning techniques to deliver a known malware loader called Oyster (aka Broomstick or CleanUpLoader). The malvertising activity, per Arctic Wolf, promotes fake websites hosting trojanized versions of legitimate tools like PuTTY and WinSCP, aiming to trick software professionals

⚡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More https://thehackernews.com/2025/07/weekly-recap-chrome-0-day-ivanti.html Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms—they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection—that’s all it takes. Staying safe isn’t just about reacting fast. It’s about catching these early signs

Manufacturing Security: Why Default Passwords Must Go https://thehackernews.com/2025/07/manufacturing-security-why-default.html If you didn't hear about Iranian hackers breaching US water facilities, it's because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn't its scale, but how easily the hackers gained access — by simply using the manufacturer's default password "1111." This narrow escape prompted CISA to urge manufacturers to

TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors https://thehackernews.com/2025/07/tag-140-deploys-drat-v2-rat-targeting.html A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) called DRAT. The activity has been attributed by Recorded Future's Insikt Group to a threat actor tracked as TAG-140, which it said overlaps with SideCopy, an adversarial collective assessed to be an operational sub-cluster within

How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3) https://www.welivesecurity.com/en/videos/how-get-cybersecurity-unlocked-403-cybersecurity-podcast-s2e3/ Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.

Task scams: Why you should never pay to get paid https://www.welivesecurity.com/en/scams/task-scams-why-you-should-never-pay-to-get-paid/ Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.

Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties https://thehackernews.com/2025/07/taiwan-nsb-alerts-public-on-data-risks.html Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal

Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS https://thehackernews.com/2025/07/alert-exposed-jdwp-interfaces-lead-to.html Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts. "The attacker used a modified version of XMRig with a hard-"coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders," Wiz researchers Yaara Shriki and Gili

NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors https://thehackernews.com/2025/07/nighteagle-apt-exploits-microsoft.html Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China. According to QiAnXin's RedDrip Team, the threat actor has been active since 2023 and has switched network

Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It https://thehackernews.com/2025/07/your-ai-agents-might-be-leaking-data.html Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leak—and most teams don’t even realize it. If you’re building, deploying, or managing AI systems, now is the time to ask: Are your AI agents exposing confidential data

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host

Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they were idle to passively send information to the company. The verdict marks an end to a legal class-action complaint that was originally filed in August 2019. In their lawsuit, the plaintiffs argued that Google's Android operating system

How government cyber cuts will affect you and your business https://www.welivesecurity.com/en/business-security/how-government-cyber-cuts-will-affect-you-and-your-business/ Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks

Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams https://thehackernews.com/2025/07/mobile-security-alert-352-iconads-fraud.html A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team. The apps have

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets https://thehackernews.com/2025/07/over-40-malicious-firefox-extensions.html Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox