The Hacker News

🕵️ Google just patched a Chrome zero-day that’s already being exploited. The flaw’s details are hidden for now—so attackers can’t copy it before everyone updates. Update your Chrome and hit “Relaunch” to stay safe. 🔗 Read ↓ https://thehackernews.com/2025/12/chrome-targeted-by-active-in-wild.html

🚨 Hackers are attacking CentreStack and Triofox right now using a built-in key that never changes. It lets them break in, read the web.config file, and run code on the server. At least 9 companies have already been hit. 🔗 Read: https://thehackernews.com/2025/12/hard-coded-gladinet-keys-let-attackers.html

🚨 New: React2Shell attacks are surging. Hackers are exploiting a critical RSC flaw (CVE-2025-55182) to install crypto miners and new malware — PeerBlight, CowTunnel, and ZinFoq. 🔗 Read: https://thehackernews.com/2025/12/react2shell-exploitation-delivers.html

🚨 A .NET flaw called “SOAPwn” lets hackers run code on enterprise apps — no patch from Microsoft. Researchers at Black Hat Europe showed how SOAP clients can be tricked into writing files or web shells, hitting tools like Barracuda RMM and Ivanti EPM. 🔗 Full details here ↓ https://thehackernews.com/2025/12/net-soapwn-flaw-opens-door-for-file.html

⚠️ Attackers don't care about your model's safety scores. They care about what it connects to - and what they can reach from a single prompt. Even if you tested before deployment, in production your agent connects to tools, APIs, databases - an attack surface nobody validated. Pillar Security launches today RedGraph - the world-first attack surface mapping & testing for AI agents. Check it out: https://thn.news/redgraph-insights

⚠️ Three new PCIe security flaws found — they let hackers change or fake data moving between computer parts. They affect some Intel Xeon and AMD EPYC chips. The problem? It’s in the encryption that was supposed to keep data safe. 🔗 Read → https://thehackernews.com/2025/12/three-pcie-encryption-weaknesses-expose.html

⚠️ WinRAR just made CISA’s “actively exploited” list. Russian, South Asian, and Ukrainian-targeting hacker groups are using the flaw to hijack Windows — by planting code that runs every time Word opens. 🔗 Patch WinRAR now ↓ https://thehackernews.com/2025/12/warning-winrar-vulnerability-cve-2025.html

⚡WEBINAR ⤑ Hackers are finding new ways into the cloud and most tools can’t spot them. Next week, the #PaloAltoNetworks team will show real examples of how attacks happen and how to block them. 🔗 Join the live session to learn how to protect your setup: https://thehackernews.com/2025/12/webinar-how-attackers-exploit-cloud.html

⚠️ Microsoft just fixed 56 Windows bugs — one’s already being exploited. It hides in the Cloud Files driver used by OneDrive, Google Drive, and iCloud — even if those apps aren’t installed. Hackers can chain it with phishing to gain SYSTEM access. Plus: 2 zero-days in PowerShell and GitHub Copilot for JetBrains. 🔗 Details ↓ https://thehackernews.com/2025/12/microsoft-issues-security-fixes-for-56.html

⚠️ Fortinet, Ivanti & SAP just fixed critical bugs that let attackers break in or run code remotely. ➜ Fortinet: auth bypass via fake SAML login. ➜ Ivanti: admin takeover through poisoned dashboards. ➜ SAP: code injection in Solution Manager (CVSS 9.9). 🔗Patch Now: https://thehackernews.com/2025/12/fortinet-ivanti-and-sap-issue-urgent.html

🚨 North Korean hackers are exploiting the new React2Shell bug (10.0-severity) to drop EtherRAT — malware that hides its commands inside Ethereum smart contracts. It even makes 9 blockchain nodes “vote” to pick its server, so takedowns fail. 🔗 Read now ↓ https://thehackernews.com/2025/12/north-korea-linked-actors-exploit.html

⚠️ 4 hacker groups are now using the same malware tool — CastleLoader. It’s sold as malware-for-hire by a group called GrayBravo. They’re hitting targets from logistics to IT using fake online Booking pages and software updates. Each attack links back to the same control servers — built to spread fast. 🔗 Read ↓ https://thehackernews.com/2025/12/four-threat-clusters-using-castleloader.html

GTG-1002 changed the rules. An AI-driven attack hit dozens of companies—80% run autonomously, at machine speed. The real threat? SaaS tokens that stay trusted forever after one approval. Static trust can’t defend against dynamic attackers. 🔗 Learn more: https://thehackernews.com/expert-insights/2025/12/what-gtg-1002-and-claude-style-attacks.html

🚨 Storm-0249 just changed tactics. The hacker group Microsoft flagged in 2024 is now faking Microsoft domains and abusing real security tools like SentinelOne to sneak in ransomware. They’re using PowerShell commands that never drop files—making them almost invisible. 🔗 Read ↓ https://thehackernews.com/2025/12/storm-0249-escalates-ransomware-attacks.html

💡 Most Zero Trust tools still don’t talk to each other — so access decisions lag behind real risks. A MongoDB engineer built a workflow using Tines that lets Kolide send real-time device alerts to Okta through the Shared Signals Framework. Finally, Zero Trust that actually works in sync. 🔗 Read: https://thehackernews.com/2025/12/how-to-streamline-zero-trust-using.html

🔥 You can win $20K for breaking Google’s new Chrome security feature. Google just added the “User Alignment Critic,” a safeguard that uses a second model to double-check Chrome’s AI agent and block prompt attacks or data leaks. 🔗 Read: https://thehackernews.com/2025/12/google-adds-layered-defenses-to-chrome.html

🚨 Hackers are uploading fake resumes on Indeed and JazzHR to breach Canadian companies. 80% of attacks in this campaign hit Canada. The “PDFs” actually launch QWCrypt ransomware through a tool called RedLoader. 🔗 Read: https://thehackernews.com/2025/12/stac6565-targets-canada-in-80-of.html

⚠️ Researchers found malicious packages in VS Code, Go, npm, and Rust stealing developer data. They mimicked themes, AI tools, and libraries to grab screenshots, Wi-Fi passwords, and browser cookies. 🔗 Find details here ↓ https://thehackernews.com/2025/12/researchers-find-malicious-vs-code-go.html

⚠️ Hackers are hiding malware in normal websites. A new attack called JS#SMUGGLER plants code that quietly runs PowerShell through mshta.exe to install NetSupport RAT — giving attackers full control of your computer. It even checks your device type to avoid being caught. 🔗 Read ↓ https://thehackernews.com/2025/12/experts-confirm-jssmuggler-uses.html

Catch the the latest CybersecurityRecap for: 💥 USB drives spreading crypto miners. 💰 Fake investment sites busted. 🐀 CastleRAT creeping through networks. ⚖️ Portugal shields ethical hackers. 💸 Ransomware payouts falling fast. 👉 Get the full stories, latest tools, and expert webinars in the latest recap: https://thehackernews.com/2025/12/weekly-recap-usb-malware-react2shell.html