Mohit Kumar

🔴 Microsoft just dropped fixes for 183 security flaws. 3 are already being exploited — including one buried in every Windows PC since XP. ...and at the same time, it is ending Windows 10 support (unless you pay). Details + patch info ↓ thehackernews.com/2025/10/two-ne…

⚠️ Heads-up! SAP just re-patched a critical CVSS 10.0 flaw (CVE-2025-42944) in NetWeaver AS Java — a deserialization bug that lets attackers execute commands without authentication. Apply. The. Fix. → thehackernews.com/2025/10/new-sa…

🍪 A cookie that spawns a shell 💀 A critical flaw (CVE-2025-2611, CVSS 9.3) in ICTBroadcast autodialer software is under active exploitation. Attackers inject commands via the BROADCAST session cookie for unauthenticated remote code execution. No patch yet — check your stack…

🚨 Billions lost. Operations frozen. Ransomware in 2025 is faster, smarter, and nearly unstoppable. LockBit, Lazarus, and FunkLocker are already inside corporate networks worldwide. Help your SOC detect threats early and respond with confidence ⬇️ thn.news/enterprise-thr…

🚨 A Chinese APT hid inside ArcGIS for over a year. They turned a legit Java extension into a web shell. 🔑 Added a hardcoded key → exclusive access 💾 Hid it in backups → survived restores That’s what “living off the land” really means ↓ thehackernews.com/2025/10/chines…

🚨 Attackers are turning Discord into a command center — using webhooks to steal API keys and config files right from npm, PyPI, and Ruby installs. ⚙️ North Korean actors even pushed 300+ fake packages with 50K+ downloads. Details here → thehackernews.com/2025/10/npm-py…

Hackers just turned GitHub into their command center. When police take down their servers, the malware just… reboots itself from GitHub. The twist? It hides configs inside images using steganography. This isn’t a glitch — it’s resilience by design. Read how it works →…

⚡ Latest Weekly Recap is out... 🚨 Oracle 0-Day exploited 🤖 Nation-state AI abuse on the rise 🎣 npm phishing spreading fast 💀 New ransomware cartel emerges …and more The threat landscape is moving fast — here’s what defenders need to know. 🔗 thehackernews.com/2025/10/weekly…

⚠️ WARNING: Oracle just confirmed a new vulnerability (CVE-2025-61884) in E-Business Suite. No login required. Full data access possible. Even worse—similar flaws were just exploited by Cl0p-linked actors. Read the latest news here → thehackernews.com/2025/10/new-or…

⚡ Apple’s Siri recordings are under criminal investigation in France. A whistleblower says they captured “intimate” conversations — enough to identify users. Apple denies misuse, but prosecutors aren’t convinced. Read ↓ thehackernews.com/2025/10/threat…

🐭 A $35 gaming mouse just became a spy tool. UC Irvine researchers turned its optical sensor into a microphone that steals conversations from air-gapped PCs. It hides inside legit apps like games. Read the PoC → thehackernews.com/2025/10/threat…

🚨 Active zero-day alert: Gladinet’s CentreStack & TrioFox are under live exploitation. Hackers are chaining two CVEs to pull machine keys and trigger remote code execution — no patch yet. Admins, disable the temp handler now ↓ thehackernews.com/2025/10/from-l…

🚨 Google confirms dozens of organizations breached via Oracle E-Business Suite zero-day (CVE-2025-61882). Attackers exploited the flaw since July 2025, using multi-stage Java implants and extortion tactics. 🔹 Oracle issued an emergency patch Oct 4 🔹 Exploit code is now…

A China-backed group just turned AI into a cyber weapon. They’re using it to write phishing emails and build malware — across English, Chinese, and Japanese targets. The result? A new backdoor called GOVERSHELL spreading via fake research invites. Read how ↓…

🟥 SonicWall breach ALERT! Hackers accessed cloud-stored firewall backups — about 5% of customers affected. The files hold encrypted credentials and configs that could help attackers target devices. Check your MySonicWall portal for impacted devices → thehackernews.com/2025/10/hacker…

🚨 A new Android spyware is spreading like a worm. “ClayRat” infects phones, then messages every contact to spread further. It hides as WhatsApp, YouTube, or Google Photos — even faking Play Store screens. Full analysis ↓ thehackernews.com/2025/10/new-cl…

⚡ Latest ThreatsDay Bulletin Out Now! Hackers exploit MS Teams + MFA to breach orgs — plus a $2B crypto heist, .LNK malware with PowerShell implants, Autodesk zero-days, and IoT hub exploits. 🔗 Your quick intel brief → thehackernews.com/2025/10/threat…

🔥 Everyone’s talking about “AI automation.” Few know how to make it work. Join Tines’ Thomas Kinsella to learn how top teams blend: 🧠 Human intuition ⚙️ Rules-based systems 🤖 LLM-powered agents Build workflows that are secure, scalable & actually useful. 🎙️ Watch it now →…

Russian hackers are now using AI to write malware. Ukraine’s cybersecurity agency says over 3,000 cyberattacks hit in early 2025 — many powered by AI-generated phishing and data-stealing code. One strain, WRECKSTEEL, was built with AI tools to target state networks. Full…

🚨 New Threat ALERT! Hackers are exploiting WordPress themes with fake Cloudflare checks, redirecting users to malware via porsasystem[.]com. Meanwhile, new ClickFix phishing kits use cache smuggling to deliver “invisible” payloads—no downloads needed. How to spot & kill it ↓…