The Hacker News

🚨 Tomiris is back — and harder to spot. Kaspersky reports the group is using Telegram & Discord as C2 servers to hide attacks on government networks in Russia & Central Asia. Its new malware — written in Python, Rust, Go, PowerShell & C#. Full details ↓ https://lnkd.in/gDz8mEPS

🚨 CISA added a real-world exploited flaw in OpenPLC ScadaBR to its Known Exploited Vulnerabilities list. Hackers used the bug (CVE-2021-26829) to deface a fake water plant system in under 26 hours — disabling logs and alarms. Read → https://lnkd.in/gtexsxHv

⚠️ Researchers found old Python code that could expose projects to a supply chain attack. Some PyPI packages — including Tornado and slapos.core — still call an expired domain that anyone could buy and use to run malicious code. Details ↓ https://lnkd.in/gUneq4ZC

🚨 North Korean hackers uploaded 197 malicious npm packages (31K+ downloads). They drop a new OtterCookie variant that steals passwords, crypto data, and screenshots — all from a fake job interview setup. Details here ↓ https://lnkd.in/gXmxi_Uc

VPNs weren’t built for today’s hybrid networks. Hackers now exploit them as entry points to steal admin creds. Remote Privileged Access Management (RPAM) closes that gap — no VPNs, no shared passwords, full session tracking. Why it’s replacing PAM → https://lnkd.in/gN7yhMMe

⚡ Security Warning! Attackers can bypass Microsoft Defender for Office 365 by exploiting Teams’ guest access. When users join another organization’s tenant, they lose their home protections — and a malicious tenant can use that gap to deliver phishing or malware. Read ↓ https://lnkd.in/ghbYwEMH

Hackers posing as Kyrgyzstan’s Justice Ministry are spreading 2013-era NetSupport RAT across Kyrgyzstan and Uzbekistan using fake PDFs and old Java tricks—blocking outsiders to hide the attack. Old tools. New victims. → https://lnkd.in/gheQUumc

Microsoft will block all non-Microsoft scripts on Entra ID logins starting Oct 2026. If your sign-in flow or browser extension injects any code, it may break — so test ASAP. The new Content Security Policy only lets trusted Microsoft-hosted scripts. Read more → https://lnkd.in/gppBE5Bz

🚨 New ThreatsDay Bulletin is live! 🤖 AI malware that learns your habits 📞 Voice bots turned into attack tools 💸 Crypto rings laundering billions 🔌 IoT gear under siege again 🌍 Smishing scams spreading worldwide All that and 20+ more stories shaping the week in cybersecurity. 🔗 Read now: https://lnkd.in/gVhDJXpr

🛑 Gainsight just revealed more customers were affected than originally disclosed. Salesforce revoked all Gainsight access tokens after the breach tied to ShinyHunters — and the same user-agent from prior Salesloft attacks popped up again. The full scope remains unknown. Read here → https://lnkd.in/gMmc8ECJ