Hacking 2025 2026() 2025() 2024() 2023()
|
31.12.25 |
DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers |
HACKING |
BROWSER |
|
|
13.12.25 |
Hiding Web2 Malicious Code in Web3 Smart Contracts |
HACKING | ||
|
23.11.25 |
MFA downgrade: How attackers are getting around phishing-resistant authentication |
HACKING |
Phishing |
|
|
19.11.25 |
When AI Turns on Its Team: Exploiting Agent-to-Agent Discovery via Prompt Injection |
HACKING |
AI |
|
|
15.11.25 |
The Genians Security Center (GSC) has identified new attack activity linked to the KONNI APT campaign, which is known to be associated with the Kimsuky or APT37 groups. |
HACKING |
MALWARE |
|
|
15.11.25 |
Quantum Redirect: Offense by Vibes |
HACKING |
PHISHING |
|
|
15.11.25 |
Quantum Route Redirect: Anonymous Tool Streamlining Global Phishing Attack |
HACKING |
PHISHING |
|
|
15.11.25 |
MCP Hijacking of Cursor’s New Browser |
HACKING |
WEB |
|
|
13.11.25 |
A dual strategy: legal action and new legislation to fight scammers |
That text message you got about a 'stuck package' from USPS or an 'unpaid road toll'? It’s not just spam. It’s the calling card of a sophisticated, global scam that has swindled victims out of millions of dollars. |
HACKING |
SPAM |
|
6.11.25 |
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage |
HACKING |
AI |
|
|
3.11.25 |
Tap-and-Steal: The Rise of NFC Relay Malware on Mobile Devices |
HACKING |
Malware |
|
|
28.10.25 |
OpenAI Atlas Omnibox Prompt Injection: URLs That Become Jailbreaks |
HACKING |
AI |
|
|
28.10.25 |
“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT |
HACKING |
AI |
|
|
26.10.25 |
Hiding Web2 Malicious Code in Web3 Smart Contracts |
HACKING |
Malware |
|
|
26.10.25 |
Cache smuggling: When a picture isn’t a thousand words |
HACKING | ||
|
8.10.25 |
Ghosts in the Machine: ASCII Smuggling across Various LLMs |
HACKING |
AI |
|
|
8.10.25 |
Disrupting malicious uses of AI: October 2025 |
HACKING |
AI |
|
|
5.10.25 |
CometJacking: How One Click Can Turn Perplexity’s Comet AI Browser Against You |
HACKING |
AI |
|
|
24.9.25 |
SSRF to AWS Metadata Exposure: How Attackers Steal Cloud Credentials |
HACKING |
Cloud |
|
|
20.9.25 |
Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware |
HACKING |
ATTACK |
|
|
20.9.25 |
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware |
HACKING |
AI |
|
|
20.9.25 |
ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent |
HACKING |
AI |
|
|
17.9.25 |
Echoleak- Send a prompt , extract secret from Copilot AI!( CVE-2025-32711) |
HACKING |
AI |
|
|
12.9.25 |
Oasis Security’s research team uncovered a vulnerability in Cursor, the popular AI Code Editor, that allows a maliciously crafted code repository to execute code as soon as it's opened using Cursor, no trust prompt. |
HACKING |
AI |
|
|
4.9.25 |
Hexstrike-AI: When LLMs Meet Zero-Day Exploitation |
HACKING |
AI |
|
|
24.8.25 |
DOM-based Extension Clickjacking: Your Password Manager Data at Risk |
HACKING |
CRYPTOCURRENCY |
|
|
21.8.25 |
Scattered Spider: A Threat Profile |
HACKING |
THREATS |
|
|
21.8.25 |
DOM-based Extension Clickjacking: Your Password Manager Data at Risk |
HACKING |
CRYPTOCURRENCY |
|
|
20.8.25 |
"Scamlexity" - a new era of scam complexity, supercharged by Agentic AI. Familiar tricks hit harder than ever, while new AI-born attack vectors break into reality. |
HACKING |
AI |
|
|
9.8.25 |
Unmasking the Viral Evolution of the ClickFix Browser-Based Threat |
HACKING |
HACKING |
|
|
1.6.25 |
An adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim's browser to the adversary's system. The adversary must deploy a web client with a remote desktop session that the victim can access. |
HACKING |
HACKING |
|
|
1.6.25 |
Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites |
Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, in particular those tools which can be used to generate videos based on user prompts. |
HACKING |
HACKING |
|
20.5.25 |
Shadow Roles: AWS Defaults Can Open the Door to Service Takeover |
HACKING |
CLOUD |
|
|
4.5.24 |
Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk |
HACKING |
Apple |
|
|
29.4.25 |
Uyghur Language Software Hijacked to Deliver Malware |
HACKING |
SOFTWARE |
|
|
15.4.25 |
Pick your Poison - A Double-Edged Email Attack |
HACKING |
SPAM |
|
|
4.4.25 |
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic |
HACKING |
CRYPTOCURRENCY |
|
|
2.4.25 |
CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims |
HACKING |
CRYPTOCURRENCY |
|
|
1.4.25 |
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques |
HACKING |
CyberSpionage |
|
|
29.3.25 |
A browser-in-the-browser (BitB) attack is a new phishing technique that simulates a login window with a spoofed domain within a parent browser window to steal credentials. |
HACKING |
PHISHING |
|
|
27.3.25 |
Over 150K websites hit by full-page hijack linking to Chinese gambling sites |
HACKING |
INJECT |
|
|
20.3.25 |
Over 100 auto dealerships were being abused compliments of a supply chain attack of a shared video service unique to dealerships. |
HACKING |
MALWARE |
|
|
10.3.25 |
Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension |
HACKING |
HACKING |
|
|
27.2.25 |
360XSS: Mass Website Exploitation via Virtual Tour Framework for SEO Poisoning |
HACKING |
EXPLOIT |
|
|
22.2.25 |
Deceptive Employment Scheme |
A network from North Korea linked to the fraudulent IT worker scheme that was involved in the creation of personal documentation for fictitious job applicants, such as resumés, online job profiles and cover letters, as well as come up convincing responses to explain unusual behaviors like avoiding video calls, accessing corporate systems from unauthorized countries or working irregular hours. Some of the bogus job applications were then shared on LinkedIn. |
HACKING |
AI |
|
22.2.25 |
Sponsored Discontent |
A network likely of Chinese origin that was involved in the creation of social media content in English and long-form articles in Spanish that were critical of the United States, and subsequently published by Latin American news websites in Peru, Mexico, and Ecuador. |
HACKING |
AI |
|
22.2.25 |
Romance-baiting Scam |
A network of accounts that was involved in the translation and generation of comments in Japanese, Chinese, and English for posting on social media platforms including Facebook, X and Instagram in connection with suspected Cambodia-origin romance and investment scams. |
HACKING |
AI |
|
22.2.25 |
Iranian Influence Nexus |
A network of five accounts that was involved in the generation of X posts and articles that were pro-Palestinian, pro-Hamas, and pro-Iran, and anti-Israel and anti-U.S., and shared on websites associated with an Iranian influence operations tracked as the International Union of Virtual Media (IUVM) and Storm-2035. |
HACKING |
AI |
|
22.2.25 |
Kimsuky and BlueNoroff |
A network of accounts operated by North Korean threat actors that was involved in gathering information related to cyber intrusion tools and cryptocurrency-related topics, and debugging code for Remote Desktop Protocol (RDP) brute-force attacks |
HACKING |
AI |
|
22.2.25 |
Youth Initiative Covert Influence Operation |
A network of accounts that was involved in the creation of English-language articles for a website named "Empowering Ghana" and social media comments targeting the Ghana presidential election |
HACKING |
AI |
|
22.2.25 |
Task Scam |
A network of accounts likely originating from Cambodia that was involved in the translation of comments between Urdu and English as part of a scam that lures unsuspecting people into jobs performing simple tasks (e.g., liking videos or writing reviews) in exchange for earning a non-existent commission, accessing which requires victims to part with their own money. |
HACKING |
AI |
|
5.2.25 |
CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks |
HACKING |
VULNEREBILITY |
|
|
18.1.25 |
Hack The Emulated Planet: Vulnerability Hunting Planet WGS-804HPT Industrial Switch |
HACKING |
Hardware |
|
|
14.1.25 |
Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection |
Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress website. |
HACKING |
HACKING |