THE HACKER NEWS 98

  Apple CEO Tim Cook confirms majority of iPhones sold in the US will come from India Apple is increasingly leaning on India to soften the blow of rising tariffs under the Trump administration’s reciprocal trade policy. Speaking to CNBC after the company’s During the company’s Q2 FY25 quarterly results, CEO Tim Cook confirmed that India will be the country of origin for a majority of iPhones sold in the US, as Apple reroutes its supply chain away from China. “We do expect the majority of iPhones sold in the US will have India as their country of origin,” said Cook. Vietnam, meanwhile, will handle most production for iPads, Macs, Apple Watches, and AirPods heading to the U.S. — countries currently facing a 10% tariff, compared to a steep 145% tariff on Chinese imports. For now, Apple has stockpiled inventory and baked the risk into its financials. The company has budgeted around $900 million in extra costs for the current quarter, citing tariffs as a key reason. This figure su...

Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers. "We first became aware of this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees," security researchers Tom Hegel, Aleksandar Milenkoski, and Jim Walter said in an analysis published Monday. PurpleHaze is assessed to be a hacking crew with loose ties to another state-sponsored group known as APT15 , which is also tracked as Flea, Nylon Typhoon (formerly Nickel), Playful Taurus, Royal APT, and Vixen Panda. The adversarial collective has also been observed targeting an unnamed South Asian government-supporting entity in October 2024, employing an operational relay box (ORB) network and a Windows backdoor dubbed GoReShell. The implant, written in the Go programming language, repurposes a...

India में Drop Shipping कैसे शुरू करें (Full Guide) Step 1: एक Profitable Niche चुनें India में niche बहुत जरूरी है क्योंकि हर चीज नहीं बिकती। Popular Niche ideas in India: Kitchen tools & home décor Women’s fashion accessories Grooming products (beard oil, hair serum) Kids toys & learning games Spiritual / pooja items Fitness gadgets (e.g., yoga mats, resistance bands) Phone accessories Tools for Niche Research:] Google Trends India Amazon/Flipkart best sellers Meesho trending product --- Step 2: Supplier चुनें (जो इंडिया में ही डिलीवर करे) भारत में सप्लायर ढूंढना AliExpress जितना आसान नहीं है, लेकिन ये कुछ बेस्ट ऑप्शन हैं: Top Indian Drop Shipping Suppliers: 1. Meesho – Reselling app, कोई इन्वेस्टमेंट नहीं 2. GlowRoad – Direct supplier से जुड़ सकते हैं 3. Shop101 (अब बंद है, Meesho merge हो चुका) 4. IndiaMART – Bulk के लिए अच्छा हैं  5. Baapstore – Paid membership, automated system 6. Snazzyway (Women products niche) --- Step 3: अपना Online Store बनाएं Free Options: Meesh...

  What happens when cybercriminals no longer need deep skills to breach your defenses? Today's attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they're not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security unnoticed. This week's threats are a reminder: waiting to react is no longer an option. Every delay gives attackers more ground. ⚡ Threat of the Week Critical SAP NetWeaver Flaw Exploited as 0-Day — A critical security flaw in SAP NetWeaver (CVE-2025-31324, CVSS score: 10.0) has been exploited by unknown threat actors to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. The attacks have also been observed using the Brute Ratel C4 post-exploitation framework, as well as a well-known technique called Heaven's Gate to bypass endpoint protect...

 Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe , a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis. The tech giant noted that it observed the binary to connect to an external server named "sac-auth.nodefunction[.]vip" to retrieve an AES-encrypted data that contains a list of password spray targets. The tool also accepts as input a text file called " accounts.txt " that includes the username and password combinations to be used to carry out the password spray attack. "The threat actor then used the information from both files and posted the credentials to the target tenants for validation," Microsoft said. Cybersecurity In one successful instance of account compromise obse...

 Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be used to create reverse shells and execute commands on infected endpoints," Cisco Talos researchers Joey Chen, Asheer Malhotra, Ashley Shen, Vitor Ventura, and Brandon White said. Cybersecurity The malware was first documented by Google-owned Mandiant in late March 2023, attributing its use to a threat actor it tracks as UNC961. The activity cluster is also known by other names such as Gold Melody and Prophet Spider. The threat actor has been observed leveraging a huge arsenal of known security flaws in internet-facing applications to obtain initial access, followed by conducting ...