- SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Othersby info@thehackernews.com (The Hacker News) on 07/08/2025 at 18:26
The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations," Silent Push
- Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Needby info@thehackernews.com (The Hacker News) on 07/08/2025 at 15:33
Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write. But in 2025, that trust comes with a serious risk. Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)—many going undetected until after they’ve caused
- Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipesby info@thehackernews.com (The Hacker News) on 07/08/2025 at 13:19
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory," Socket security
- The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defenseby info@thehackernews.com (The Hacker News) on 07/08/2025 at 10:45
Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden: Secure AI embedded in every part of the business. Use AI to defend faster and smarter. Fight AI-powered threats that execute in minutes—or seconds. Security
- Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setupsby info@thehackernews.com (The Hacker News) on 07/08/2025 at 10:42
Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug. "In an Exchange hybrid deployment, an