TECHZONE™

Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries https://thehackernews.com/2025/10/microsoft-warns-of-payroll-pirates.html A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. "Storm-2657 is actively targeting a range of U.S.-based organizations, particularly employees in sectors like higher education, to gain access to third-party human resources (HR) software as a service (SaaS) platforms like Workday," the

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation https://thehackernews.com/2025/10/from-detection-to-patch-fortra-reveals.html Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a "potential vulnerability" reported by a customer, uncovering "potentially suspicious

The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart? https://thehackernews.com/2025/10/the-ai-soc-stack-of-2026-what-sets-top.html The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how Security Operations Centers (SOCs) detect, respond, and adapt. But not all AI SOC platforms are created equal. From prompt-dependent copilots to autonomous, multi-agent systems, the current market offers

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign https://thehackernews.com/2025/10/175-malicious-npm-packages-with-26000.html Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, and energy

From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability https://thehackernews.com/2025/10/from-lfi-to-rce-active-exploitation.html Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw https://thehackernews.com/2025/10/cl0p-linked-hackers-breach-dozens-of.html Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday. "We're still assessing the scope of this incident, but we believe it affected dozens of organizations," John Hultquist, chief analyst of

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine https://thehackernews.com/2025/10/from-phishing-to-malware-ai-becomes.html Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special Communications and Information Protection (SSSCIP) said. "Hackers now employ it not only to generate phishing messages, but some of the malware samples we have analyzed show clear signs of being generated

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme https://thehackernews.com/2025/10/critical-exploit-lets-hackers-bypass.html Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks https://thehackernews.com/2025/10/hackers-exploit-wordpress-themes-to.html Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave https://thehackernews.com/2025/10/chinese-hackers-weaponize-open-source.html Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets. The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log injection) to plant a web shell on a web

Step Into the Password Graveyard… If You Dare (and Join the Live Session) https://thehackernews.com/2025/10/step-into-password-graveyard-if-you.html Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops Software invite you to a live webinar: “

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem https://thehackernews.com/2025/10/lockbit-qilin-and-dragonforce-join.html Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker News. "Announced shortly

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks https://thehackernews.com/2025/10/openai-disrupts-russian-north-korean.html OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to

Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them https://thehackernews.com/2025/10/googles-new-ai-doesnt-just-find.html Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company's ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive and

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers https://thehackernews.com/2025/10/batshadow-group-uses-new-go-based.html A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. "The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents," Aryaka Threat Research Labs

New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise https://thehackernews.com/2025/10/new-research-ai-is-already-1-data.html For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single largest uncontrolled channel for corporate data

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities https://thehackernews.com/2025/10/xworm-60-returns-with-35-plugins-and.html Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plugins," Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis published last week. "These plugins are

13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely https://thehackernews.com/2025/10/13-year-redis-flaw-exposed-cvss-100.html Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. "An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware https://thehackernews.com/2025/10/microsoft-links-storm-1175-to.html Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain