The Hacker News

The State of Cybersecurity in 2025 Cybersecurity is entering a new phase of evolution. What was once centered on perimeter defenses and isolated tools is now defined by integration, verification, and execution speed. This report by Papryon brings together perspectives across authentication, endpoint security, software supply chain protection, network visibility, and human risk, examining how organizations are adapting to increasingly sophisticated threats and operational complexity. Download Full Report Here: https://thn.news/cyber-guide Featuring: Yubico Metomic usecure Corelight Axiado ShadowDragon SecureCo Unknown Cyber CrowdStrike SentinelOne

⚡ React2Shell. Weaxor. GhostPairing. ClickFix. RC4. RuTube. MCP leaks. DDoSia. Modbus. Google Phish. DarkGate. Token spills. Dozens of stories from one chaotic week. Read the latest ThreatsDay Bulletin — what security teams are tracking now. 🔗 Read 15+ new stories → https://thehackernews.com/2025/12/threatsday-bulletin-whatsapp-hijacks.html

🤖 AI copilots are now built into everyday SaaS tools. They move fast and quietly create new data paths across apps. Static SaaS security can’t see AI activity in real time, so risk hides in normal logs—driving the shift to dynamic AI-SaaS security. 👉 Understand the risk before it hits → https://thehackernews.com/2025/12/the-case-for-dynamic-ai-saas-security.html

North Korea–linked Kimsuky has been tied to a new Android malware campaign. The group is spreading a fresh DocSwap variant through QR codes on fake CJ Logistics sites. Once installed, the app deploys a full RAT with access to messages, calls, files, audio, and camera. 🔗 Read analysis here → https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html

A critical ASUS Live Update vulnerability is now on CISA’s exploited list. CVSS 9.3, supply chain–based, and tied to ShadowHammer, it embedded malicious code in signed updates for carefully chosen devices. 🔗 Read → https://thehackernews.com/2025/12/cisa-flags-critical-asus-live-update.html

🛑 WARNING: CVE-2025-20393 is rated 10.0, with no patch available. Cisco confirmed active exploitation of an AsyncOS zero-day by a China-linked APT. The flaw allows root-level command execution on affected email security appliances and enables attackers to establish persistence. 🔗 Details and mitigations → https://thehackernews.com/2025/12/cisco-warns-of-active-attacks.html

🛑 SonicWall patched an actively exploited flaw in SMA 100 series appliances. CVE-2025-40602 lets attackers escalate privileges via the management console and was chained with a prior bug for root access. Patches are now out for affected versions. 🔗 Read → https://thehackernews.com/2025/12/sonicwall-fixes-actively-exploited-cve.html

🌐 Kimwolf is a new botnet that has infected over 1.8 million Android devices, mainly smart TVs and set-top boxes on home networks. XLab says it has issued billions of DDoS commands, runs proxy and remote access functions, and uses blockchain-based ENS domains to resist takedowns. 🔗 Read → https://thehackernews.com/2025/12/kimwolf-botnet-hijacks-18-million.html

⚠️ State-linked APT28 targeted UKR-net with sustained credential harvesting from mid-2024 to 2025. 🕵️‍♂️ Fake UKR-net login pages hosted on Mocky and relayed via ngrok and Serveo captured credentials and 2FA codes. Phishing PDFs and URL shorteners helped evade filters, showing infrastructure adapted to resist disruption. 🔗 Read campaign details here → https://thehackernews.com/2025/12/apt28-targets-ukrainian-ukr-net-users.html

Kaspersky linked a new phishing wave to Operation ForumTroll. The Russia-focused APT shifted from organizations to individual academics, using fake eLibrary emails and personalized downloads to deploy a remote-access framework on Windows systems. 🔗 Find how the attack chain worked → https://thehackernews.com/2025/12/new-forumtroll-phishing-attacks-target.html

Most SOCs still respond after attackers move. That delay costs time and raises breach risk. ANYRUN says proactive teams use live threat intelligence to see campaigns forming, not just alerts firing. Industry and geo context helps analysts focus on threats that actually matter. 🔗 How SOCs move from reactive to proactive → https://thehackernews.com/2025/12/fix-soc-blind-spots-see-threats-to-your.html

🛡️ Ink Dragon, a China-aligned hacking group, is focusing on European government targets while staying active in Asia and South America. It exploits SharePoint and IIS flaws to drop web shells and maintain long-term access using ShadowPad and FINALDRAFT malware. 🔗 Learn more → https://thehackernews.com/2025/12/china-linked-ink-dragon-hacks.html