Author: Joe-W

Software development is about to undergo a generative change. What this means is that AI (Artificial Intelligence) has…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A bipartisan trio of House lawmakers is pushing a bill that would give law enforcement more resources to tackle financial fraud, pig butchering and other scams that specifically target older Americans. The Guarding Unprotected Aging Retirees from Deception (GUARD) Act from Reps. Zach Nunn, R-Iowa, Josh Gottheimer, D-N.J., and Scott Fitzgerald, R-Wis., would give state, local and tribal enforcement agencies...

Threat hunters and security researchers have observed widespread exploitation of a zero-day vulnerability affecting SAP NetWeaver systems. The unrestricted file upload vulnerability — CVE-2025-31324 — has a base score of 10 on the CVSS scale and allows attackers to upload files directly to the system without authorization.  The software defect, which affects the SAP Visual Composer component for SAP NetWeaver,...

Interlock ransomware group claims it stole 20TB of sensitive patient data from DaVita Healthcare. While the group has…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. “In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread  – Read More  – The Hacker News 

Silent Push reveals a complex scheme where North Korean hackers posed as crypto companies, using AI and fake…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs).  At the top of mind when NHIs are mentioned, most security teams immediately think of...

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.  “The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue,” ReliaQuest said in a report published this week. The cybersecurity  – Read...

Mobile network operator SK Telecom, which serves approximately 34 million subscribers in South Korea, has confirmed that it suffered a cyber attack earlier this month that saw malware infiltrate its internal systems, and access data related to customers’ SIM cards. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Cybersecurity researchers are warning about a new malware called DslogdRAT that’s installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were “installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024,” JPCERT/CC researcher Yuma  – Read More  – The...

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below – CVE-2025-27610 (CVSS score: 7.5) – A path traversal  – Read More  –...

The Cybersecurity and Infrastructure Security Agency will soon have a new second-in-command. Madhu Gottumukkala has been named deputy director. He comes over to CISA from his prior position in the South Dakota government, where Kristi Noem was most recently governor before taking over as secretary of the Department of Homeland Security. Gottumukkala had been commissioner of the Bureau of Information...

Attackers exploited nearly a third of vulnerabilities within a day of CVE disclosure in the first quarter of 2025, VulnCheck said in a report released Thursday. The company, which focuses on vulnerability threat intelligence, identified 159 actively exploited vulnerabilities from 50 sources during the quarter. The time from CVE disclosure to evidence of exploitation in the first quarter was marginally...

Two federal cybersecurity officials said Thursday that they’re using — or contemplating using — artificial intelligence to conduct tasks that speed up the work of human analysts. AI is an important current and future contributor to a variety of security-related administrative jobs like accreditation and compliance, and for the Department of the Air Force as it undertakes modernization efforts, said...

XRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A federal court partially blocked a Trump administration executive order Thursday that seeks to impose requirements on states to use the White House’s definition of “documentary proof” of citizenship, inhibit mail voting and other election-related elements by threatening to withhold federal funding.  The order was subject to multiple lawsuits from Democratic Party organizations as well as civic groups like the...

Blue Shield of California exposed the health data of 4.7 million members to Google for years due to…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Blockchain infrastructure provider dRPC has announced the launch of a NodeHaus platform that enables chain foundations unprecedented control…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in  – Read More  – The...

SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Growing Threat and How Da Vinci helps Businesses Fight Back As businesses continue to digitise operations, sensitive data becomes increasingly vulnerable to exposure on hidden layers of the internet. Deep and dark web scavenging has emerged as a prominent tactic used by cybercriminals to exploit personal, corporate, and government data. While the deep web […] The post Deep and...

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. “We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure,” VulnCheck said in a report shared with The Hacker News. This...

Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a “major blind spot in Linux runtime security tools,” ARMO said. “This mechanism allows a user application to perform various actions without using system calls,” the company said in  – Read More  –...

The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. “This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes,” Netcraft said in a new report shared with The Hacker News. ”  – Read More  – The...

Hackers in the Elusive Comet campaign exploit Zoom’s remote-control feature to steal cryptocurrency, and over $100K lost in…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

With the rise of fintechs, accuracy alone isn’t enough, security and reliability are just as necessary. For fintech…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0. “A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without  – Read...

The Evolving Healthcare Cybersecurity Landscape  Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector  – Read More  – The Hacker News