The Hacker News

⚡ Hackers move in hours, not weeks—mixing AI-driven attacks, zero-days & supply-chain breaches. • Old flaws keep resurfacing • AI gives cybercriminals lightning speed • Supply chains stay a prime target 👉 Read the latest edition: https://lnkd.in/gmeu-dMj

🚨 Two new flaws let attackers slip past Supermicro’s BMC Root of Trust! Hackers can sneak in a fake signed firmware image (CVE-2025-7937 & CVE-2025-6198) and take over the BMC—then the whole server—permanently. Full story → https://lnkd.in/gnXngNRc

🚨 Europe just took down a massive €100M crypto scam. Since 2018, 5 suspects tricked investors across 23 countries—then vanished with the cash. Cops froze accounts and seized assets. Full story → https://lnkd.in/gxS-CmZT

🚨 U.S. Secret Service dismantles a covert SIM network threatening officials. More than 300 SIM servers and 100,000 SIM cards found across the NY tri-state area—near the UN General Assembly—posing an imminent national security threat. Nation-state actors suspected. Details → https://lnkd.in/dsewEb7G

⚠️ AI agents are taking over core business tasks—opening dangerous new attack paths. Data leaks. Adversarial hacks. Trust at risk. Your defenses aren’t ready. Join the live webinar to learn how to protect your AI systems → https://lnkd.in/dpmWV-Ps

🚨 Critical flaw in SolarWinds Web Help Desk (CVE-2025-26399, CVSS 9.8) lets attackers run code without logging in. This is the third patch attempt—after two previous “fixes” were bypassed. Admins: update to 12.8.7 HF1 now. Full story → https://lnkd.in/gqUEFuhh

Wells Fargo cut 23% of staff, BofA dropped 88k, Verizon says headcount keeps falling—while 86% of breaches use stolen creds and take 292 days to contain. Lean teams = $11M+ per secret leak. Here’s what CISOs need to know ↓ https://lnkd.in/gkr4C2t2

🚨 New DDoS-for-hire threat: ShadowV2 Hackers are renting out a botnet that hijacks misconfigured AWS Docker servers—using a Go-based RAT and Python C2 on GitHub Codespaces—to launch massive HTTP/2 “Rapid Reset” attacks and even bypass Cloudflare protections. Read → https://lnkd.in/gJ9ycQu8

🚨 GitHub is tightening npm security after a worm called Shai-Hulud spread through hundreds of packages and tried to steal secrets. — Old tokens will be removed — 2FA will be required — New “trusted publishing” proves where each package came from Full story → https://lnkd.in/gy2yyzfF

🚨 Chinese hackers are hijacking legit websites to poison Google results. Experts uncovered Operation Rewrite: a BadIIS malware campaign targeting East & Southeast Asia—redirecting search traffic to scam sites and even planting web shells for deeper breaches. Read → https://lnkd.in/gJZ8_8WS