Security
Headlines
HeadlinesLatestCVEs

Latest News

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape has become. Here’s the full rundown of what

The Hacker News
Open in Source
#vulnerability#web#ios#mac#windows#apple#google#microsoft#linux#ddos#dos#git#kubernetes#backdoor#rce#aws#oauth#auth#chrome#sap#The Hacker News
Chrome extension slurps up AI chats after users installed it for privacy

The extension disclosed its AI data collection, but not in a way most users would recognize—or knowingly agree to.

North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December. The figure represents a 51% increase year-over-year and $681 million more than 2024, when the threat actors stole

Dormant Iran APT is Still Alive, Spying on Dissidents

"Prince of Persia" has rewritten the rules of persistence with advanced operational security and cryptographic communication with its command-and-control server.

Why Organizations Need to Modify Their Cybersecurity Strategy for 2026

Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every…

FBI Seizes Crypto Laundering Hub E-Note Linked to Russian Admin

The FBI and international police have shut down E-Note, a cryptocurrency exchange that laundered over $70 million for cybercriminals. Read about the indictment of a Russian and how the global task force ended his decade-long operation.

The Case for Dynamic AI-SaaS Security as Copilots Scale

Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major SaaS vendor has rushed to embed AI into their offerings. The result is an explosion of AI capabilities across

GHSA-46j5-6fg5-4gv3: Nodemailer is vulnerable to DoS through Uncontrolled Recursion

A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

CVE-2025-64677: Office Out-of-Box Experience Spoofing Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-65046: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability?** An attacker using either a specially-crafted page or a content script injected into a target page can show an extension's popup over a permission prompt or screen share dialog allowing the extension to spoof parts of the prompt's UI that shows its origin.