The Hacker News
⭐ Official THN Telegram Channel — A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking. 📨 Contact: admin@thehackernews.com 🌐 Website: https://thehackernews.com
نمایش بیشتر📈 تحلیل کانال تلگرام The Hacker News
کانال The Hacker News (@thehackernews) در بخش زبانی انگلیسی بازیگری فعال است. در حال حاضر جامعه شامل 161 752 مشترک است و جایگاه 687 را در دسته فناوری و برنامهها و رتبه 109 را در منطقه الولايات المتحدة الأمريكية دارد.
📊 شاخصهای مخاطب و پویایی
از زمان ایجاد در невідомо، پروژه رشد سریعی داشته و 161 752 مشترک جذب کرده است.
بر اساس آخرین دادهها در تاریخ 13 ژوئیه, 2026، کانال فعالیت پایداری دارد. در ۳۰ روز گذشته تغییر اعضا برابر 45 و در ۲۴ ساعت گذشته برابر 0 بوده و همچنان دسترسی گستردهای حفظ شده است.
- وضعیت تأیید: تأیید شده (به صورت رسمی توسط تلگرام)
- نرخ تعامل (ER): میانگین تعامل مخاطب 4.59% است و در ۲۴ ساعت نخست پس از انتشار، محتوا معمولاً 3.05% واکنش نسبت به کل مشترکان کسب میکند.
- دسترسی پستها: هر پست به طور میانگین 7 423 بازدید دریافت میکند. در اولین روز معمولاً 4 929 بازدید جمعآوری میشود.
- واکنشها و تعامل: مخاطبان بهطور فعال حمایت میکنند؛ میانگین واکنش به هر پست 11 است.
- علایق موضوعی: محتوا بر موضوعات کلیدی مانند attack, credential, cve-2026, github, backdoor تمرکز دارد.
📝 توضیح و سیاست محتوایی
نویسنده این فضا را محل بیان دیدگاههای شخصی توصیف میکند:
“⭐ Official THN Telegram Channel — A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking.
📨 Contact: admin@thehackernews.com
🌐 Website: https://thehackernews.com”
به لطف بهروزرسانیهای پرتکرار (آخرین داده در تاریخ 14 ژوئیه, 2026)، کانال همواره بهروز و دارای دسترسی بالاست. تحلیلها نشان میدهد مخاطبان بهطور فعال با محتوا تعامل دارند و آن را به نقطه اثرگذاری مهم در دسته فناوری و برنامهها تبدیل کردهاند.
در حال بارگیری داده...
| تاریخ | رشد مشترکین | اشارات | کانالها | |
| 14 ژوئیه | +59 | |||
| 13 ژوئیه | +26 | |||
| 12 ژوئیه | +14 | |||
| 11 ژوئیه | +47 | |||
| 10 ژوئیه | +48 | |||
| 09 ژوئیه | +44 | |||
| 08 ژوئیه | +55 | |||
| 07 ژوئیه | +44 | |||
| 06 ژوئیه | +48 | |||
| 05 ژوئیه | +58 | |||
| 04 ژوئیه | +32 | |||
| 03 ژوئیه | +40 | |||
| 02 ژوئیه | +55 | |||
| 01 ژوئیه | +58 |
| 2 | SAP patched a CVSS 9.9 NetWeaver ABAP flaw that could let an authenticated attacker access or modify data, or knock systems offline.
The same update fixes a Commerce Cloud issue tied to publicly documented sample OAuth credentials left unchanged in production.
Read : https://thehackernews.com/2026/07/sap-patches-cvss-99-netweaver-abap-flaw.html | 2 348 |
| 3 | 🛑 Claude for Chrome still lets another extension running on claude[.]ai trigger tasks that read Gmail, Docs, and Calendar.
One approval click remains by default. With “Act without asking” enabled, the same task runs silently.
Eight releases later, the path is still open.
How it works: https://thehackernews.com/2026/07/claude-for-chrome-flaw-lets-other.html | 2 735 |
| 4 | ⚠️ LabubaRAT masquerades as NVIDIA software on Windows.
The Rust-based RAT profiles 12 security products and can run commands, move files, capture screenshots, and proxy traffic through the infected host.
Here's how it stays connected: https://thehackernews.com/2026/07/labubarat-masquerades-as-nvidia.html | 2 956 |
| 5 | UPDATE: Progress has restored ShareFile Storage Zone Controllers.
Progress Software told The Hacker News it patched a high-severity flaw in versions 5.x and 6.x. It found no evidence of account or data access and no active threat.
No CVE or actor was named.
Read: https://thehackernews.com/2026/07/urgent-progress-tells-sharefile.html | 2 817 |
| 6 | ⚡ Pentera’s MCP Server gives AI assistants validated attack paths, not just scanner scores.
A critical finding may be unreachable, while a medium-severity flaw may be the one that leads to privileged access.
How validation changes the workflow: https://thehackernews.com/2026/07/how-pentera-turns-ai-security-workflows.html | 3 370 |
| 7 | ⚠️ A RabbitMQ flaw can leak an OAuth client secret in one unauthenticated request, potentially giving attackers full broker control in affected setups.
A second bug lets logged-in users read queue and exchange metadata beyond their permissions.
Details: https://thehackernews.com/2026/07/rabbitmq-flaws-could-leak-oauth-secrets.html | 3 743 |
| 8 | 🛑 11 old Microsoft-signed UEFI shims could let attackers with admin access bypass Secure Boot and run code before the OS starts.
Microsoft revoked the vulnerable shims in June 2026, but systems without the revocation update may still accept them.
Read how the bypass works: https://thehackernews.com/2026/07/11-old-microsoft-signed-linux-uefi.html | 3 899 |
| 9 | 🚨 Researchers tested 85 browser crypto wallets representing 35.16 million Chrome Web Store users.
Some linked separate addresses, kept exposing previously granted addresses after logout, or enabled tracking across unrelated sites.
How it works: https://thehackernews.com/2026/07/study-of-85-crypto-wallet-extensions.html | 3 972 |
| 10 | ⚠️ Attackers can validate stolen #Microsoft Entra credentials without generating a successful sign-in event.
Researchers tracked two campaigns using spoofed OAuth client IDs, including one that targeted over 2 million users. App-scoped detections may miss it.
Read why Entra logs may miss it: https://thehackernews.com/2026/07/oauth-client-id-spoofing-lets-attackers.html | 4 053 |
| 11 | 🛑 Grok Build uploaded entire Git repositories, full commit history and all, to xAI storage, not just the files the agent read.
A captured bundle contained a file the agent had been explicitly told not to open.
What was uploaded, and which secrets users should rotate: https://thehackernews.com/2026/07/grok-build-uploads-entire-git.html | 4 705 |
| 12 | 💪 U.S. sanctions hit First VPN, its administrator, and a cryptor seller over support for #ransomware attacks on American businesses, hospitals, financial firms, and local governments.
The VPN was dismantled in May 2026 after allegedly helping attackers hide their origins.
How the operation worked: https://thehackernews.com/2026/07/us-sanctions-first-vpn-service-and.html | 4 716 |
| 13 | 🚨 148 npm packages disguised as student web proxies turned visitors’ browsers into a DDoS botnet.
The code never ran at install time. It waited inside working proxy sites, beyond scanners focused on install-time behavior.
Here's how the campaign worked: https://thehackernews.com/2026/07/148-npm-packages-disguised-as-student.html | 4 813 |
| 14 | 🚨 Hackers spent a year stealing data from #Salesforce environments without exploiting a single platform flaw.
#Microsoft mapped the ShinyHunters-linked activity to trusted OAuth apps, stolen vendor tokens, and misconfigured guest access while sign-in monitoring stayed quiet.
How the three attack paths worked: https://thehackernews.com/2026/07/microsoft-maps-year-long-shinyhunters.html | 4 849 |
| 15 | CrashStealer uses a signed and Apple-notarized macOS dropper to pass Gatekeeper checks.
Once launched, it can steal browser credentials, wallet data, password manager records, files, and keychain material.
How the attack chain works: https://thehackernews.com/2026/07/crashstealer-macos-malware-uses.html | 5 930 |
| 16 | 🚨 Google and Microsoft pulled ModHeader after researchers found a dormant browsing-history collector inside its genuine store build.
The extension had roughly 1.6 million installs across Chrome and Edge, with most of the collection pipeline already in place.
Here's how it stayed hidden - https://thehackernews.com/2026/07/google-and-microsoft-pull-modheader.html | 5 630 |
| 17 | ⚡ THN Recap: Before you start the week, know what's out there:
▪️ ShareFile servers pulled offline
▪️ npm package hijacked to drop infostealer
▪️ Critical Zimbra email flaw patched
▪️ GigaWiper backdoor wipes disks
▪️ 1.4M WordPress sites targeted
▪️ Citrix Bleed 2 leads to ransomware
▪️ AI coding assistants tricked into malware
▪️ Django flaw actively exploited
▪️ Fake VPN installer drops RAT
▪️ Helix crew hits SharePoint data
Full recap → https://thehackernews.com/2026/07/weekly-recap-sharefile-threat-citrix.html | 5 509 |
| 18 | "AI changed both sides of this fight.” Stephen Sims is keynoting AND teaching at Network Security 2026, bringing offensive security expertise straight into the classroom. Caesars Palace, Vegas | Sept 21–26.
His code SIMS777 = $777 off any course 👉 https://thn.news/cyber-training-sans | 5 166 |
| 19 | 🛑 [New] One email could rewrite what an inbox-reading AI assistant remembers about you.
MemGhost adds false information to an AI agent’s memory and changes what it says later. In #OpenClaw lab tests, the change could stay hidden from the user.
How it works, and what limits it: https://thehackernews.com/2026/07/new-memghost-attack-plants-persistent.html | 5 026 |
| 20 | 🚨 Forg365 targets Microsoft 365 with device code and AitM phishing.
This $400/month service can use a legitimate Microsoft sign-in to authorize an attacker-controlled session, with tools for post-compromise mailbox operations.
How the attack works: https://thehackernews.com/2026/07/forg365-phaas-targets-microsoft-365.html | 5 102 |
