TECHZONE™

AI Agents Act Like Employees With Root Access—Here's How to Regain Control https://thehackernews.com/2025/07/ai-agents-act-like-employees-with-root.html The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager. From Hype to High Stakes Generative AI has moved beyond the hype cycle. Enterprises are: Deploying LLM copilots to accelerate software development Automating customer

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild https://thehackernews.com/2025/07/urgent-google-releases-critical-chrome.html Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser's ANGLE and GPU components. "Insufficient validation of untrusted input in ANGLE and

Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time https://thehackernews.com/2025/07/deepfakes-fake-recruiters-cloned-cfos.html Social engineering attacks have entered a new era—and they’re coming fast, smart, and deeply personalized. It’s no longer just suspicious emails in your spam folder. Today’s attackers use generative AI, stolen branding assets, and deepfake tools to mimic your executives, hijack your social channels, and create convincing fakes of your website, emails, and even voice. They don’t just spoof—they

New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code https://thehackernews.com/2025/07/new-konfety-malware-variant-evades.html Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package name: A benign "decoy" app that's hosted on the Google Play Store and its evil twin, which is

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act https://thehackernews.com/2025/07/google-ai-big-sleep-stops-exploitation.html Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an

Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors https://thehackernews.com/2025/07/hyper-volumetric-ddos-attacks-reach.html Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. "Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," Omer Yoachimik and Jorge Pacheco said. "Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools https://thehackernews.com/2025/07/newly-emerged-global-group-raas-expands.html Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the Ramp4u forum by the threat actor known as '$$$,'" EclecticIQ researcher Arda Büyükkaya said. "The same actor controls

State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments https://thehackernews.com/2025/07/state-backed-hazybeacon-malware-uses.html Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020, where "CL" stands for "cluster" and "STA" refers to "state-backed motivation." "The threat actors behind this

Securing Agentic AI: How to Protect the Invisible Identity Access https://thehackernews.com/2025/07/securing-agentic-ai-how-to-protect.html AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have

AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe https://thehackernews.com/2025/07/asyncrats-open-source-code-sparks-surge.html Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. "AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of forks and variants," ESET

North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign https://thehackernews.com/2025/07/north-korean-hackers-flood-npm-registry.html The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have attracted more than 17,000 downloads, and incorporate a previously undocumented version of a malware

The Unusual Suspect: Git Repos https://thehackernews.com/2025/07/the-unusual-suspect-git-repos.html While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping

New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries https://thehackernews.com/2025/07/new-php-based-interlock-rat-variant.html Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix. "Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters," The DFIR Report said in a technical

⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More https://thehackernews.com/2025/07/weekly-recap-scattered-spider-arrests.html In cybersecurity, precision matters—and there’s little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we’re seeing this week highlight deeper issues behind what might look like routine incidents: outdated tools, slow response to risks, and the ongoing gap between compliance and real security. For anyone responsible

CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center https://thehackernews.com/2025/07/cbi-shuts-down-390k-uk-tech-support.html India's Central Bureau of Investigation (CBI) has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to have led to losses worth more than £390,000 ($525,000) in the United Kingdom alone. The law

eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks https://thehackernews.com/2025/07/esim-vulnerability-in-kigens-euicc.html Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices have been enabled as of December 2020. The findings come from Security Explorations, a research lab

GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs https://thehackernews.com/2025/07/gpuhammer-new-rowhammer-attack-variant.html NVIDIA is urging customers to enable System-level Error Correction Codes (ECC) as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units (GPUs). "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design specification, and system settings," the GPU maker said in an advisory released this week. Dubbed

Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub https://thehackernews.com/2025/07/over-600-laravel-apps-exposed-to-remote.html Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. "Laravel's APP_KEY, essential for encrypting sensitive data, is often leaked publicly (e.g., on GitHub)," GitGuardian said. "If attackers get access to this key, they can exploit a deserialization flaw to

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) https://thehackernews.com/2025/07/fortinet-releases-patch-for-critical.html Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in

PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution https://thehackernews.com/2025/07/perfektblue-bluetooth-vulnerabilities.html Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors. The vulnerabilities, dubbed PerfektBlue, can be fashioned together as an exploit chain to run arbitrary code on cars from at least three major automakers,