noname 🥸

@n3rd

110 Following

27 Followers

noname 🥸 pfp

🚨 New cyber threat alert! Pakistan-linked hackers are ramping up attacks on India's oil, railways, and external affairs sectors using Xeno RAT, Spark RAT, and new malware CurlBack RAT. They're now using MSI packages—ditching old methods—to steal browser data, files, and credentials across Windows & Linux. Find details here: https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

⚡ Mobile Malware Alert — Cybersecurity researchers warn of rising threats from SpyNote, BadBazaar, and MOONSHINE malware. ➡️ SpyNote exploits fake Google Play pages to hijack Android devices — stealing data, mic, and camera access. ➡️ BadBazaar and MOONSHINE target Tibetan, Uyghur, and Taiwanese communities — tied to Chinese APT groups. 🔗 Full report: https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 New Google Quick Share flaw exposed. 📌 CVE-2024-10668 Attackers could crash your PC or send files to it without approval via Quick Share for Windows. 🔗 Learn more: https://thehackernews.com/2025/04/google-patches-quick-share.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🛑 Think that cheap Android phone is a bargain? It might come loaded with Triada—a powerful malware pre-installed on counterfeit devices. 👀 2,600+ victims hit in just two weeks; and hackers stole 💰 $270K+ in crypto. 🔗 Learn more: https://thehackernews.com/2025/04/triada-malware-preloaded-on-counterfeit.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 New web skimming campaign abuses old Stripe API to steal real credit cards 💳 49+ sites hit. Real Stripe screen, fake iframe. Cloned buttons. Targets: WooCommerce, WordPress, PrestaShop. 🔎 Details → https://thehackernews.com/2025/04/legacy-stripe-api-exploited-to-validate.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🔥 New Linux botnet ALERT! Outlaw—a Romanian-linked group—is actively hijacking SSH servers to mine crypto via auto-spreading malware. – Targets servers with weak SSH creds – Uses BLITZ to self-propagate – Installs SHELLBOT for remote control, DDoS, and data theft – Exploits old bugs like Dirty COW (CVE-2016-5195) 🔗 Full report: https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 They’re back. Russian threat group FIN7 is using Anubis—a lightweight Python backdoor that grants full remote access to Windows machines without leaving detectable files. It runs entirely in memory, evades most defenses, and can steal passwords, take screenshots, and exfiltrate data—all masked with Base64 and hosted on compromised SharePoint sites. 🔗 Full analysis: https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 A new wave of stealth malware loaders is here—modular, evasive, and cloud-integrated. 🧬 Hijack Loader: API spoofing, anti-VM, Avast evasion 💻 SHELBY: GitHub as C2—payloads & commands via commits 🧪 SmokeLoader: .NET Reactor obfuscation + 7-Zip phishing 🔗 Read the full report: https://thehackernews.com/2025/04/new-malware-loaders-use-call-stack.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 Old iPhones, new threats. Apple just patched 3 exploited zero-days—and yes, even your dusty iPhone 6s is getting a fix. 🛡️ What's at stake? • CVE-2025-24201 (CVSS 8.8): Malicious web content breaking free from Safari’s sandbox • CVE-2025-24085 (7.3): Apps hijacking system privileges • CVE-2025-24200 (4.6): Bypassing USB Restricted Mode—hello physical attacks 🔥 Why now? These bugs are being actively exploited in the wild. 🔗 Full list + device breakdown: https://thehackernews.com/2025/04/apple-backports-critical-fixes-for-3.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

A China-linked hacking group, Earth Alux, is hitting key sectors in Asia-Pacific and Latin America with stealthy, advanced cyberattacks. 🛠 Tools & Tactics: • VARGEIT: A backdoor hidden in mspaint.exe, used for spying and data theft • COBEACON (Cobalt Strike): Initial access • MASQLOADER: Evades security detection • Uses 10+ covert communication channels, including Microsoft Outlook drafts 👉 Learn more: https://thehackernews.com/2025/04/china-linked-earth-alux-uses-vargeit.html Stay alert. These attacks are live.

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 A Russian group, Water Gamayun, is abusing a Windows zero-day (CVE-2025-26633) to drop two chilling backdoors: SilentPrism & DarkWisp. They’re hiding in plain sight—using signed .msi files posing as legit apps like DingTalk & VooV to hijack systems. 👀 Targets? Your data, credentials, and even crypto wallets. 💀 Techniques? Living-off-the-land, PowerShell implants, fake WinRAR sites—pure cyber espionage playbook. 🔗 Learn more: https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 Hackers are abusing WordPress mu-plugins—a hidden auto-run directory—to inject malware, hijack links, and redirect users to scam sites. Also, add these to the list of 2024's major WordPress threats: CVE-2024-27956 | SQL injection CVE-2024-25600 | RCE in Bricks theme CVE-2024-8353 | PHP injection CVE-2024-4345 | Arbitrary file upload If you run a WordPress site, check your mu-plugins folder NOW. 🛡️ Full story: https://thehackernews.com/2025/03/hackers-exploit-wordpress-mu-plugins-to.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 Russia-linked hackers Gamaredon are using fake war docs to drop Remcos RAT on Ukrainian systems. 🪤 ZIP → LNK → PowerShell → DLL side-loading → full access Meanwhile, another phishing op is posing as the CIA to trick pro-Ukraine Russians into handing over personal info via Google Forms. Two fronts. One strategy. Learn more: https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 New Malware: RESURGE China-linked hackers are exploiting Ivanti VPNs via CVE-2025-0282. 🛠️ RESURGE = rootkit + bootkit + web shell 🎯 Hits critical infrastructure 🔍 Linked to UNC5337 & Silk Typhoon Patch now | Ivanti <22.7R2.5 is vulnerable Full CISA alert: https://thehackernews.com/2025/03/resurge-malware-exploits-ivanti-flaw.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 New Android threat spotted: Crocodilus malware is targeting users in Spain and Turkey, posing as Google Chrome to hijack phones. • Bypasses Android 13+ protections • Abuses Accessibility to steal credentials • Records screen & key actions • Remotely controls the device • Hides with black screen overlays 📱 Targets banks + crypto wallets 🔗 Learn how it works: https://thehackernews.com/2025/03/new-android-trojan-crocodilus-abuses.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🔥 Hackers got hacked. BlackLock, a top ransomware gang in 2025, just got owned—by threat hunters who found a fatal flaw in their infrastructure. exposing... ➡️ Real IPs behind their hidden servers ➡️ Command history showing OPSEC fails ➡️ Credentials, configs, and MEGA storage accounts used for exfil 👀 Turns out, DragonForce—another ransomware crew—also hacked BlackLock’s site last week, leaking internal chats and configs. Read: https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🛑 Hackers can now hijack solar power systems. 46 new bugs found in inverters from Sungrow, Growatt, and SMA. Attackers could shut down power, cause blackouts, or remotely control devices like a botnet. 😬 One trick? Reset accounts to default password: 123456 🔗 Details: https://thehackernews.com/2025/03/researchers-uncover-46-critical-flaws.html

0 reply

0 recast

0 reaction

noname 🥸 pfp

🚨 New Malware Alert: CoffeeLoader is brewing trouble. This stealthy loader evades AV/EDR using GPU execution, sleep obfuscation, and call stack spoofing. It masquerades as ASUS Armoury Crate to slip in undetected, runs every 10 minutes, and delivers second-stage payloads via HTTPS—like Rhadamanthys. 🔗 Learn more: https://thehackernews.com/2025/03/coffeeloader-uses-gpu-based-armoury.html

0 reply

0 recast

0 reaction