The Hacker News

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

[email protected] The Hacker News November 22, 2025

Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by...

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

[email protected] The Hacker News November 22, 2025

Nov 22, 2025Ravie LakshmananZero-Day / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday...

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

[email protected] The Hacker News November 21, 2025

Nov 21, 2025Ravie LakshmananVulnerability / Threat Mitigation Grafana has released security updates to address a maximum severity...

Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

[email protected] The Hacker News November 21, 2025

Nov 21, 2025Ravie LakshmananData Protection / Technology In a surprise move, Google on Thursday announced that it...

Why IT Admins Choose Samsung for Mobile Security

Why IT Admins Choose Samsung for Mobile Security

[email protected] The Hacker News November 21, 2025

Nov 21, 2025The Hacker NewsMobile Security / Data Protection Ever wonder how some IT teams keep corporate...

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

[email protected] The Hacker News November 21, 2025

A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO...

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

[email protected] The Hacker News November 21, 2025

Nov 21, 2025Ravie LakshmananCompliance / Cyber Attack The U.S. Securities and Exchange Commission (SEC) has abandoned its...

Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity

Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity

[email protected] The Hacker News November 21, 2025

Nov 21, 2025Ravie LakshmananData Breach / SaaS Security Salesforce has warned of detected “unusual activity” related to...

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

[email protected] The Hacker News November 20, 2025

Nov 20, 2025Ravie LakshmananVulnerability / Cloud Computing Oligo Security has warned of ongoing attacks exploiting a two-year-old...

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

[email protected] The Hacker News November 20, 2025

Nov 20, 2025Ravie LakshmananBotnet / Malware Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere...