TECHZONE™

Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware https://thehackernews.com/2025/08/ex-developer-jailed-four-years-for.html A 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer's network with custom malware and deploying a kill switch that locked out employees when his account was disabled. Davis Lu, 55, of Houston, Texas, was convicted of causing intentional damage to protected computers in March 2025. He was arrested and

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks https://thehackernews.com/2025/08/pre-auth-exploit-chains-found-in.html Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows - CVE-2025-57788 (CVSS score: 6.9) - A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages https://thehackernews.com/2025/08/cybercriminals-deploy-cornflakev3.html Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA pages as lures to trick users into providing initial access to their systems, which is then

Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025 https://thehackernews.com/2025/08/weak-passwords-and-compromised-accounts.html As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren't from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this threat vector, Picus Security's Blue Report 2025 shows that organizations continue to struggle with preventing

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft https://thehackernews.com/2025/08/scattered-spider-hacker-gets-10-years.html A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of major hacks and cryptocurrency thefts. Noah Michael Urban pleaded guilty to charges related to wire fraud and aggravated identity theft back in April 2025. News of Urban's sentencing was reported by Bloomberg and Jacksonville news

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image. "Apple is aware of a report that this issue may have been

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft https://thehackernews.com/2025/08/dom-based-extension-clickjacking.html Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions. The technique has been dubbed Document Object Model (DOM)-based extension clickjacking by independent security researcher Marek Tóth,

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage https://thehackernews.com/2025/08/fbi-warns-russian-fsb-linked-hackers.html A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks. Cisco Talos, which disclosed details of the activity, said the attacks single out organizations in telecommunications, higher education and manufacturing

Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts https://thehackernews.com/2025/08/experts-find-ai-browsers-can-be-tricked.html Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page. Described by Guardio Labs an "AI-era take on the ClickFix scam," the attack technique demonstrates how AI-driven browsers,

🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do https://thehackernews.com/2025/08/webinar-discover-and-control-shadow-ai.html Do you know how many AI agents are running inside your business right now? If the answer is “not sure,” you’re not alone—and that’s exactly the concern. Across industries, AI agents are being set up every day. Sometimes by IT, but often by business units moving fast to get results. That means agents are running quietly in the background—without proper IDs, without owners, and without logs of

From Impact to Action: Turning BIA Insights Into Resilient Recovery https://thehackernews.com/2025/08/turning-bia-insights-into-resilient-recovery.html Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number of risks, along with an increase in their frequency, variety, complexity, severity, and potential business impact. The real question is, “How do you tackle these rising threats?” The answer lies in having a robust BCDR strategy. However, to build a

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms https://thehackernews.com/2025/08/north-korea-uses-github-in-diplomat.html North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting invites

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks https://thehackernews.com/2025/08/doj-charges-22-year-old-for-running.html A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DoJ) said. The botnet has been used to carry out large-scale DDoS-for-hire attacks targeting

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems https://thehackernews.com/2025/08/apache-activemq-flaw-exploited-to.html Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial access to prevent further exploitation by other adversaries and evade detection, Red Canary said in

New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code https://thehackernews.com/2025/08/new-godrat-trojan-targets-trading-firms.html Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT. The malicious activity involves the "distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger," Kaspersky researcher Saurabh Sharma said in a technical analysis published today. The

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution https://thehackernews.com/2025/08/public-exploit-for-chained-sap-flaws.html A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said. CVE-2025-31324 (CVSS score: 10.0) - Missing

Investors beware: AI-powered financial scams swamp social media https://www.welivesecurity.com/en/scams/investors-beware-ai-powered-financial-scams-swamp-social-media/ Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.

U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback https://thehackernews.com/2025/08/uk-government-drops-apple-encryption.html The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to the protected data of U.S. citizens. U.S. Director of National Intelligence (DNI) Tulsi Gabbard, in a statement posted on X, said the U.S. government had been working with its partners with the U.K. over the past few months to ensure that

Why Your Security Culture is Critical to Mitigating Cyber Risk https://thehackernews.com/2025/08/why-your-security-culture-is-critical.html After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and technologies alone are not enough to mitigate cyber risk. As tech stacks have grown more sophisticated and capable, attackers have shifted their focus. They are no longer focusing on infrastructure vulnerabilities alone. Instead, they are increasingly

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks https://thehackernews.com/2025/08/pypi-blocks-1800-expired-domain-emails.html The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. "These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts," Mike Fiedler, PyPI safety and security engineer at the Python