The Hacker News

⚠️ Researchers found malicious packages in VS Code, Go, npm, and Rust stealing developer data. They mimicked themes, AI tools, and libraries to grab screenshots, Wi-Fi passwords, and browser cookies. 🔗 Find details here ↓ https://thehackernews.com/2025/12/researchers-find-malicious-vs-code-go.html

⚠️ Hackers are hiding malware in normal websites. A new attack called JS#SMUGGLER plants code that quietly runs PowerShell through mshta.exe to install NetSupport RAT — giving attackers full control of your computer. It even checks your device type to avoid being caught. 🔗 Read ↓ https://thehackernews.com/2025/12/experts-confirm-jssmuggler-uses.html

Catch the the latest CybersecurityRecap for: 💥 USB drives spreading crypto miners. 💰 Fake investment sites busted. 🐀 CastleRAT creeping through networks. ⚖️ Portugal shields ethical hackers. 💸 Ransomware payouts falling fast. 👉 Get the full stories, latest tools, and expert webinars in the latest recap: https://thehackernews.com/2025/12/weekly-recap-usb-malware-react2shell.html

⚠️ Holiday shopping means hacker season. Bots hit hardest around Black Friday & Christmas. Reused passwords = easy targets. Block breached logins + secure vendor accounts now. 🔗 Read ↓ https://thehackernews.com/2025/12/how-can-retailers-cyber-prepare-for.html

⚠️ Three new Android threats just dropped: • FvncBot – fake “mBank” app that logs keys, streams screens, and steals banking data. • SeedSnatcher – spreads via Telegram to steal crypto seed phrases and 2FA codes. • ClayRat – upgraded spyware faking YouTube & taxi apps for full device control. All abuse Android’s accessibility features. 🔗 Read here ↓ https://thehackernews.com/2025/12/android-malware-fvncbot-seedsnatcher.html

⚠️ Hackers are exploiting a bug in the Sneeit Framework plugin (CVE-2025-6389) to run code on servers and create admin accounts on WordPress sites. ⚠️ Separately, a flaw in ICTBroadcast (CVE-2025-2611) lets attackers use the BROADCAST cookie for unauthenticated remote shell access on exposed hosts. 🔗 Read ↓ https://thehackernews.com/2025/12/sneeit-wordpress-rce-exploited-in-wild.html

⚠️ Iran’s MuddyWater hackers are using a new backdoor called "UDPGangster" that hides in fake “election seminar” Word files. It only runs after checking if your computer is real — not a sandbox — then steals data over UDP to dodge detection. 🔗 Read → https://thehackernews.com/2025/12/muddywater-deploys-udpgangster-backdoor.html

🛑 Over 30 security flaws found in AI-powered coding tools like Copilot, Cursor, and Zed — letting hackers steal data or run malicious code without you doing a thing. Researchers are calling it “IDEsaster.” 🔗 Details here → https://thehackernews.com/2025/12/researchers-uncover-30-flaws-in-ai.html

CISA added the new 10.0-rated React RCE flaw (CVE-2025-55182) to its exploited list. 🕒 Exploited within hours by Chinese hackers. 💥 Affects Next.js, React Router, Vite, Waku & more. 💰 Some attacks dropped crypto-miners & stole AWS creds. 🔗 Read: https://thehackernews.com/2025/12/critical-react2shell-flaw-added-to-cisa.html

🚨 WARNING: A new attack can trick Perplexity’s Comet browser into deleting your Google Drive. Just one normal-looking email with hidden cleanup instructions can make the AI agent erase real files — no exploit, no warning. 🔗 Details here → https://thehackernews.com/2025/12/zero-click-agentic-browser-attack-can.html

🧩 57% of SMBs say cybersecurity is a top priority — yet they still turn down MSPs. ➡ The issue isn’t interest. It’s confusion. ➡ They’re tired of jargon, fear, and hard selling. “Getting to Yes” helps MSPs explain security in plain business terms — and win trust. 👉 See how it’s done → https://thehackernews.com/2025/12/getting-to-yes-anti-sales-guide-for-msps.html

🚨 Critical Apache Tika flaw (CVE-2025-66516) just dropped — CVSS 10.0. A single fake PDF can trigger an XXE attack, letting hackers read server files or run code. 🔗 Read ↓ https://thehackernews.com/2025/12/critical-xxe-bug-cve-2025-66516-cvss.html Update to v3.2.2 now.