Cybersecurity News
Understand the Threats. Protect What Matters.
- Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addressesby Lily Hay Newman on June 17, 2025 at 2:24 am
The shooter allegedly researched several “people search” sites in an attempt to target his victims, highlighting the potential dangers of widely available personal data.
- 6 Tools for Tracking the Trump Administration’s Attacks on Civil Libertiesby Lily Hay Newman on June 16, 2025 at 10:00 am
The White House has undertaken initiatives to crack down on immigration, suppress speech, and curtail US public health efforts. These online tools are tracking the rapidly changing US landscape.
- How to Protect Yourself From Phone Searches at the US Borderby Lily Hay Newman, Matt Burgess on June 16, 2025 at 10:00 am
Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.
- The WIRED Guide to Protecting Yourself From Government Surveillanceby Andy Greenberg, Lily Hay Newman on June 16, 2025 at 10:00 am
Donald Trump has vowed to deport millions and jail his enemies. To carry out that agenda, his administration will exploit America’s digital surveillance machine. Here are some steps you can take to evade it.
- Why We Made a Guide to Winning a Fightby Katie Drummond on June 16, 2025 at 10:00 am
Right now, everyone seems ready to throw down. More than ever, it’s important to fight smart—and not give up until you land a decisive blow.
The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]
- LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agentsby [email protected] (The Hacker News) on June 17, 2025 at 5:33 pm
Cybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security. LangSmith is an observability and evaluation platform that allows users to
- Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malwareby [email protected] (The Hacker News) on June 17, 2025 at 1:28 pm
Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe. The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan’s National Taxation Bureau, Fortinet FortiGuard Labs said in a report
- Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firmsby [email protected] (The Hacker News) on June 17, 2025 at 12:53 pm
The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K. and U.S. retailers has begun to target major insurance companies, according to Google Threat Intelligence Group (GTIG). “Google Threat Intelligence Group is now aware of multiple intrusions in the U.S. which bear all the hallmarks of Scattered Spider activity,” John Hultquist, chief analyst
- Are Forgotten AD Service Accounts Leaving You at Risk?by [email protected] (The Hacker News) on June 17, 2025 at 11:25 am
For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or stale passwords. It’s no surprise
- Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deploymentsby [email protected] (The Hacker News) on June 17, 2025 at 10:33 am
Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated remote code execution. Sitecore Experience Platform is an enterprise-oriented software that provides users with tools for content management, digital marketing, and analytics and reports. The list of vulnerabilities, which are yet to be