News

The Hacker News4h
TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China
"TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency ...
The Hacker News7h
MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks
Stealth malware MintsLoader delivers GhostWeaver RAT + Evades sandboxes using DGA + Powers data theft via encrypted C2 ...
The Hacker News10h
Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support
"Brand new Microsoft accounts will now be 'passwordless by default,'" Microsoft's Joy Chik and Vasu Jakkal said. "New users ...
The Hacker News10h
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
Backdoor plugin hijacks WordPress sites with admin access, stealth reinfection, and JS ad fraud—active since Jan 2025.
The Hacker News8h
Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense
Prompt injection flaws in Anthropic’s MCP and Google’s A2A protocols enable covert data exfiltration and AI manipulation.
The Hacker News1d
DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics
Phishing attacks deliver DarkWatchman and Sheriff malware; targets span Russia, Ukraine, Baltics, with stealth and ...
The Hacker News1d
RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control
RansomHub's sudden offline status triggered affiliate migration to Qilin and cartel shifts, signaling major RaaS disruption.
The Hacker News1d
Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool
Another noteworthy tool in TheWizards' arsenal is DarkNights, which is also called DarkNimbus by Trend Micro and has been ...
The Hacker News1d
Why top SOC teams are shifting to Network Detection and Response
NDR solutions uncover hidden threats missed by legacy tools by analyzing encrypted traffic, lateral movement, and blind spots ...
The Hacker News1d
Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
In an advisory issued on March 7, 2025, Commvault said it was notified by Microsoft on February 20 about unauthorized ...
The Hacker News2d
Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations
Indian court orders blocking of Proton Mail citing AI deepfakes and explicit emails, triggering national privacy concerns.
The Hacker News2d
Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About
The report found a median account takeover exposure rate of 1.4% among platforms ranging from 5 million to 300 million users.