News

The Hacker News6h
Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
A critical vulnerability in mcp-remote (CVE-2025-6514) allows remote code execution, affecting 437,000+ users.
The Hacker News11h
What Security Leaders Need to Know About AI Governance for SaaS
U.S. companies are using generative AI, raising concerns about data privacy, compliance, and operational risks.
The Hacker News8h
Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
A cryptocurrency social engineering campaign uses fake AI and gaming companies to deliver malware on Windows and macOS, ...
The Hacker News11h
New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App
The altered app packs in two extra executables within Termius Helper.app, a loader named ".localized" that's designed to ...
The Hacker News15h
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
ServiceNow's CVE-2025-3648 flaw exposes sensitive data across multiple tables, impacting all users with misconfigured ACLs.
The Hacker News10h
Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
Four individuals were arrested in connection with £440M cyber attacks on Marks & Spencer, Co-op, and Harrods, linked to the ...
The Hacker News15h
Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware
Hackers are exploiting Shellter’s leaked Elite license to distribute Lumma Stealer, SectopRAT, and more. This affects ...
The Hacker News1d
U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
The IT worker scheme, also tracked as Nickel Tapestry, Wagemole, and UNC5267, involves North Korean actors using a mix of ...
The Hacker News2d
5 Ways Identity-based Attacks Are Breaching Retail
Major retailers like Adidas and The North Face were breached using identity-driven tactics, exposing key security gaps.
The Hacker News1d
Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
Anatsa banking malware targets North American users via Google Play, leading to credential theft and financial fraud ...
The Hacker News1d
Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
Gold Melody uses ASP.NET vulnerabilities for long-term access, impacting various industries across Europe and the U.S.
The Hacker News1d
Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
"Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a ...