TECHZONE™

The Wild West of Shadow IT https://thehackernews.com/2025/08/the-wild-west-of-shadow-it.html Everyone’s an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they don’t need to clear it with your team first. It’s great for productivity, but it’s a serious problem for your security posture. When the floodgates of SaaS and AI opened, IT didn’t just get democratized, its security got outpaced. Employees are onboarding apps faster than

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads https://thehackernews.com/2025/08/playpraetor-android-trojan-infects.html Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign https://thehackernews.com/2025/08/cl-sta-0969-installs-covert-malware-in.html Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks. Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024. The attacks are characterized by the

New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft https://thehackernews.com/2025/08/new-plague-pam-backdoor-exposes.html Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access," Nextron Systems researcher Pierre-Henri Pezier said. Pluggable Authentication Modules

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5) https://www.welivesecurity.com/en/videos/is-your-phone-spying-on-you-unlocked-403-cybersecurity-podcast-s2e5/ Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much

Why the tech industry needs to stand firm on preserving end-to-end encryption https://www.welivesecurity.com/en/privacy/tech-industry-end-to-end-encryption/ Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices https://thehackernews.com/2025/08/akira-ransomware-exploits-sonicwall.html SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs," Arctic Wolf Labs researcher Julian Tuin said in a report. The cybersecurity company

Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection https://thehackernews.com/2025/08/cursor-ai-code-editor-fixed-flaw.html Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution. The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed EchoLeak.

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts https://thehackernews.com/2025/08/attackers-use-fake-oauth-apps-with.html Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. "The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign," Proofpoint said in a Thursday report. The

This month in security with Tony Anscombe – July 2025 edition https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-july-2025/ Here's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown https://thehackernews.com/2025/08/ai-generated-malicious-npm-package.html Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities for high-performance Node.js applications." It was uploaded to npm by a user named "Kodane" on July 28, 2025. The

You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them https://thehackernews.com/2025/08/you-are-what-you-eat-why-your-ai.html Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them The junk food problem in cybersecurity Imagine a triathlete who spares no expense on equipment—carbon fiber bikes, hydrodynamic wetsuits, precision GPS watches—but fuels their

Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks https://thehackernews.com/2025/08/storm-2603-exploits-sharepoint-flaws-to.html The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations. The framework includes at least two different types of clients, HTTP-based and Domain Name System (DNS)-based, which have been dubbed AK47HTTP and AK47DNS, respectively, by

Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies https://thehackernews.com/2025/07/secret-blizzard-deploys-malware-in-isp.html The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow. "ApolloShadow has the capability to install a trusted root certificate to

Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials https://thehackernews.com/2025/07/experts-detect-multi-layer-redirect.html Cybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by abusing link wrapping services from Proofpoint and Intermedia to bypass defenses. "Link wrapping is designed by vendors like Proofpoint to protect users by routing all clicked URLs through a scanning service, allowing them to block known malicious destinations at the moment of click,"

N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto https://thehackernews.com/2025/07/n-korean-hackers-used-job-lures-cloud.html The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. "Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering techniques to successfully convince the targeted employees to execute malicious Docker containers in their

AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals https://thehackernews.com/2025/07/ai-driven-trends-in-endpoint-security.html Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secured by a platform capable of not just keeping pace, but staying ahead of an ever-evolving threat landscape.

UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud https://thehackernews.com/2025/07/unc2891-breaches-atm-network-via-4g.html The financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped Raspberry Pi as part of a covert attack. The cyber-physical attack involved the adversary leveraging their physical access to install the Raspberry Pi device and have it connected directly to the same network switch as the ATM, effectively placing

Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs https://thehackernews.com/2025/07/alert-fatigue-data-overload-and-fall-of.html Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and security teams are chronically understaffed. Analysts face a daily battle with alert noise, fragmented tools, and incomplete data visibility. At the same time, more vendors are phasing out their on-premises SIEM solutions, encouraging migration to SaaS

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install https://thehackernews.com/2025/07/hackers-exploit-critical-wordpress.html Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary file upload