Author: Joe-W

Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. “These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially  – Read More  – The Hacker News 

Sydney, Australia, 19th March 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote  – Read More  – The...

Commissioners Alvaro Bedoya and Rebecca Slaughter of the Federal Trade Commission confirmed reports that President Donald Trump is attempting to fire them, marking a direct challenge to the agency’s independence and potentially crippling a host of its tech-related investigation and enforcement actions. On X, Bedoya posted a note saying he had just been “illegally fired” by the president. He referenced...

$32B Wiz acquisition: Google ramps up cloud security. Following Mandiant, this deal signals major GCP defense upgrade.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report. Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a report released Tuesday. By targeting...

Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report. Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a report released Tuesday. By targeting...

Google Play Store hit by 300+ fake Android apps, downloaded more than 60 million times pushing ad fraud and data theft. Learn how to spot and remove these threats.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

In episode 42 of the AI Fix, our hosts discover why ads for the Neo Gamma robot are so sinister, Graham plays peek-a-boo with a crow, humans give up writing, an AI designs a drug, an upstart AI agent gets everyone’s attention, and a talking fish offers our hosts some sage advice. Graham wonders if … Continue reading “The AI...

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. “This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent  – Read More  – The Hacker News 

Google announced Tuesday it will acquire cloud security firm Wiz for $32 billion. The move pairs Google — among the world’s largest cloud service providers — with one of the most promising cloud security startups. The purchase comes less than a year after Wiz rejected a previous $23 billion bid from Google, with executives saying at the time that they...

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

A critical security vulnerability has been disclosed in AMI’s MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. “A local or remote attacker can exploit the vulnerability by accessing the  – Read More  – The...

Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. “This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud),” the tech giant said today. It added...

An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden ...

Palo Alto, USA, 18th March 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Cybercriminals exploit AI hype with SEO poisoning, tricking users into downloading malware disguised as DeepSeek software, warns McAfee Labs in a new report.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. “The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks,” Bitdefender said in a report shared with ...

At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in  –...

Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to...

While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this  – Read More  – The...

An ingenious phishing scam is targeting cryptocurrency investors, by posing as a mandatory wallet migration. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to “steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored  – Read...

Do you need to permanently and securely delete photos from an iPhone to prevent unauthorized access? Simply deleting…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

ChatGPT Down: Users report “Gateway time-out” errors. OpenAI’s popular AI chatbot is experiencing widespread outages. Stay updated on the service disruption.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

StilachiRAT: Sophisticated malware targets crypto wallets & credentials. Undetected, it maps systems & steals data. Microsoft advises strong security measures.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within OpenAI’s ChatGPT…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

It’s not just you.  Seemingly everyone is getting those text messages that serve as a notification of an unpaid toll road violation. The past due is usually less than $25, but is often paired with threats of excessive penalties, suspended vehicle registrations and threats to report the fare to state motor vehicle agencies. None of it is legitimate. What is...

Educational institutions and businesses looking to implement technology-driven learning solutions often face a key decision: should they invest…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions – Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.98 It concerns a  –...

A staffer for the Department of Government Efficiency (DOGE) violated security policies at the Treasury Department by improperly sharing sensitive personal information outside the agency, according to a court filing. The filing last week came in a case state attorneys general brought against President Donald Trump and Treasury Secretary Scott Bessent challenging DOGE access to Treasury records. DOGE staffer Marko...

GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Following the success of the Neuro Nostalgia Hackathon that closed out in 2024, Hackathon Raptors has completed its…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Scammers are sending fake extortion and ransom demands while posing as ransomware gangs, including the notorious Cl0p ransomware.…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Amsterdam, Netherlands, 17th March 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users’ actions. That’s according to new findings from Cisco Talos, which said such malicious activities can compromise a victim’s security and privacy. “The features available in CSS allow attackers and spammers to track users’...

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of...