An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. “In some of those campaigns, Israeli technology and…
Tag: The Hacker News
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa
Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking…
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of…
WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews
Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users…
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
New research has uncovered continued risk from a known security weakness in Microsoft’s Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in an analysis of 104 SaaS applications, found…
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC
Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It…
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056…
Beware the Hidden Risk in Your Entra Environment
If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into…
Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games
Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025,…
SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks
Unknown threat actors have been distributing a trojanized version of SonicWall’s SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. “NetExtender enables remote users to securely connect and run applications on the company network,”…