Cybersecurity News from Across the Internet
A new phishing campaign is targeting thousands in the US by posing as the Social Security Administration. Learn how scammers use fake 2025/2026 tax statements and Datto RMM software to hijack computers and steal data, as shared with Hackread.com – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that’s designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. “It builds deep context … Read More “OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues – The Hacker News” »
Researchers at Acronis have discovered a malicious trojanized version of the Red Alert rocket warning app targeting Israeli Android users. Distributed via fake Home Front Command SMS messages, this spyware steals GPS data, SMS messages, and contact lists while maintaining full alert functionality. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and … Read More “Hackers Spread Fake Red Alert Rocket Alert App to Spy on Israeli Users – Hackread – Cybersecurity News, Data Breaches, AI and More” »
Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last … Read More “Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model – The Hacker News” »
President Donald Trump released his administration’s cyber strategy Friday, promoting offense operations in cyberspace, securing federal networks and critical infrastructure, streamlining regulations, leveraging emerging technologies and strengthening the cybersecurity workforce. Trump also signed an executive order Friday directing agencies to take action to combat cybercrime and fraud. A little more than half of the five … Read More “The long-awaited Trump cyber strategy has arrived – CyberScoop” »
President Donald Trump released his administration’s cyber strategy Friday, promoting offense operations in cyberspace, securing federal networks and critical infrastructure, streamlining regulations, leveraging emerging technologies and strengthening the cybersecurity workforce. Trump also signed an executive order Friday directing agencies to take action to combat cybercrime and fraud. A little more than half of the five … Read More “The long-awaited Trump cyber strategy has arrived – CyberScoop” »
North Korean threat groups are using artificial intelligence tools to accelerate and expand the country’s long-running scheme to get remote technical workers hired at global companies for longer durations, Microsoft Threat Intelligence said in a report Friday. AI services are empowering North Korean operatives across the attack lifecycle. Attackers have turned AI into a “force … Read More “Microsoft warns North Korean threat groups are scaling up fake worker schemes with generative AI – CyberScoop” »
A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA – one of the world’s most prolific phishing-as-a-service platforms – has been dismantled. Read more in my article on the Hot for Security blog. – Read More – GRAHAM CLULEY
The post DHS CISO, deputy CISO exit amid reported IT leadership overhaul appeared first on CyberScoop. – Read More – CyberScoop
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is … Read More “Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT – The Hacker News” »
The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a “high-volume, mediocre mass of implants” that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted … Read More “Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India – The Hacker News” »
A bank, an airport, a non-profit and the Israeli branch of a US software company were among the targets of this new MuddyWater campaign – Read More –
The House Energy and Commerce committee unanimously passed a package of bipartisan cybersecurity bills Thursday targeting the energy sector, including legislation that would reauthorize and fund a critical federal cybersecurity assistance program for rural electric utilities across the country. The Rural and Municipal Utility Cybersecurity Act, introduced by Reps. Mariannette Miller-Meeks, R-Iowa, and Jennifer McClellan, … Read More “Congress looks to revive critical cyber program for rural electric utilities – CyberScoop” »
Cisco patches 48 vulnerabilities in Secure Firewall products, including two critical CVSS 10 flaws that could allow authentication bypass and remote code execution. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances – Read More –
New research from Broadcom’s Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies’ networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It’s affiliated with … Read More “Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor – The Hacker News” »
Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology … Read More “The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity – The Hacker News” »
A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow. It’s worth … Read More “China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks – The Hacker News” »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed below – CVE-2017-7921 (CVSS score: 9.8) – An improper authentication vulnerability affecting – Read More – The Hacker … Read More “Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog – The Hacker News” »
Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal emulator program instead of instructing users to launch the … Read More “Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer – The Hacker News” »
Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Cisco Secure Firewall Management Center (FMC) is a centralized management platform for Cisco firewalls. Cisco Secure Firewall Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family of firewalls. Cisco … Read More “Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
A vulnerability has been discovered in pac4j-jwt (JwtAuthenticator) which could allow for authentication bypass. pac4j-jwt is a Java module within the pac4j security framework designed for generating, validating, and managing JSON Web Tokens (JWT) to secure web applications and services. It supports signed and encrypted tokens, primarily using the Nimbus JOSE+JWT library to handle authentication, … Read More “A Vulnerability in pac4j-jwt (JwtAuthenticator) Could Allow for Authentication Bypass – Cyber Security Advisories – MS-ISAC” »
Hidden cyber risks in remote work include insecure home Wi-Fi, phishing attacks, and data exposure, leaving businesses and employees vulnerable to breaches. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Bitdefender research reveals Pakistani group APT36 is using AI-generated vibeware and trusted cloud services like Google Sheets to target Indian officials. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The FBI found evidence that its networks had been targeted in a suspected cybersecurity incident, the bureau confirmed on Thursday, without sharing any further details. “The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the agency said in a statement. “We have nothing additional to … Read More “FBI targeted with ‘suspicious’ activity on its networks – CyberScoop” »
Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Discover the best next-gen endpoint protection platforms in 2026, built to detect modern threats, stop credential abuse, and secure enterprise devices. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The Department of Health and Human Services unveiled a tool Thursday to help health care facilities assess their cybersecurity risks, elevating the emphasis on those threats to the kind produced by weather conditions and other dangers. The assistance from HHS’s Administration for Strategic Preparedness and Response (ASPR) comes in the form of an update to … Read More “HHS updates a free risk tool to help hospitals size up their cybersecurity exposure – CyberScoop” »
Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Hydrolix expert Tom Howe explains how AI bots impact ecommerce, how to spot good vs malicious bots, and why blocking them can hurt sales. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Russian national Evgenii Ptitsyn pleaded guilty to running the Phobos ransomware outfit that extorted more than $39 million from more than 1,000 victims globally, the Justice Department said Wednesday. Ptitsyn assumed a leadership role in the Phobos ransomware group in January 2022, yet his criminal activities began by April 2019, according to court records. He … Read More “Phobos ransomware leader pleads guilty, faces up to 20 years in prison – CyberScoop” »
Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2026-20122 (CVSS score: 7.1) – An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file … Read More “Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities – The Hacker News” »
Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2026-20122 (CVSS score: 7.1) – An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file … Read More “Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities – The Hacker News” »
Malicious insiders are using misusing AI for nefarious gain, while employees cutting corners also creates risk, warns Mimecast – Read More –
Europol and partners dismantle Tycoon 2FA phishing service used to bypass MFA, disrupting a global phishing-as-a-service operation targeting organisations. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Europol seizes LeakBase cybercrime and hacker forum used to trade stolen data, disrupting a global platform with over 140,000 members. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cisco released information on a pair of max-severity vulnerabilities in its firewall management software Wednesday that unauthenticated, remote attackers could exploit to obtain the highest level of access to the underlying operating system or on affected devices. The vulnerabilities — CVE-2026-20079 and CVE-2026-20131 — affect the web-based interface of Cisco Secure Firewall Management Center (FMC) … Read More “Cisco reveals 2 max-severity defects in firewall management software – CyberScoop” »
Most organizations assume encrypted data is safe. But many attackers are already preparing for a future where today’s encryption can be broken. Instead of trying to decrypt information now, they are collecting encrypted data and storing it so it can be decrypted later using quantum computers. This tactic—known as “harvest now, decrypt later”—means sensitive data … Read More “Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders – The Hacker News” »
Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention. Together, these updates offer a useful snapshot of … Read More “ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More – The Hacker News” »
Critical flaw “ContextCrush” in Context7 MCP Server could allow malicious instructions into AI tools – Read More –
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country’s Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the … Read More “Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware – The Hacker News” »
Exploit kit “Coruna” targets iPhones running iOS 13.0 to 17.2.1, focusing on financial data theft – Read More –
Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. “The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, an initial HTA file displays a lure document written in Ukrainian concerning … Read More “APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine – The Hacker News” »
Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but coverage. Enforced through an identity provider (IdP) such as Microsoft Entra ID, Okta, … Read More “Where Multi-Factor Authentication Stops and Credential Abuse Starts – The Hacker News” »
Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction – Read More –
A global operation has resulted in the takedown of popular cybercrime forum LeakBase – Read More –
Two of the 48 Cisco vulnerabilities, affecting Secure Firewall Management Center, are maximum-severity flaws – Read More –
A joint law enforcement operation has dismantled LeakBase, one of the world’s largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of Justice (DoJ), had over 142,000 members and more than 215,000 messages between members as of December 2025. Those attempting to access … Read More “FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials – The Hacker News” »
Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies. The subscription-based phishing kit, which first emerged in August 2023, was described by Europol as one of the largest phishing – Read … Read More “Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks – The Hacker News” »
