Author: Greg Otto

China’s campaign to break into our critical infrastructure and federal government networks is persistent and growing. Beijing is stealing information while also planting tools and maintaining access in key systems, giving it the option to pressure the United States in the future. Russia also continues to test our critical infrastructure with increasingly sophisticated operations, support … Read More “Time to restore America’s cyberspace security system  – CyberScoop” »

Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S. President Donald Trump’s First Step Act. … Read More “Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that’s capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far back as April 2025, according to a report from Palo Alto Networks Unit 42. “VVS … Read More “New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code  – The Hacker News” »

Security researcher in “Martha Root” in Pink Power Ranger deletes white supremacist dating sites live onstage, leaks 8,000 profiles and 100GB of data at Chaos Communication Congress (CCC) 2025.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

After a sudden internet cable break between Finland and Estonia, authorities have seized the cargo ship Fitburg. With two crew members arrested and sanctioned steel found on board, investigators are now probing if this was an accident or a deliberate act of hybrid warfare.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, … Read More “Finnish Authorities Detain Crew After Undersea Internet Cable Severed  – Hackread – Cybersecurity News, Data Breaches, AI, and More” »

Resecurity denies breach claims by ShinyHunters, says attackers accessed a honeypot with fake data. No real systems or customer info were compromised.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The hacking group ShinyHunters has claimed responsibility for breaching Resecurity, a US-based cybersecurity company headquartered in Los Angeles.…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

RondoDox hackers exploit the React2Shell flaw in Next.js to target 90,000+ devices, including routers, smart cameras, and small business websites.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The world of finance has undergone a remarkable transformation with the rise of digital wallets and financial technology…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Tokyo FM is investigating claims of a massive data breach involving 3 million records. Learn what information was allegedly taken and how you can stay safe.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The Trump administration this week removed three Iranians from its sanctions list who were previously accused of working for Intellexa, the consortium behind the Predator spyware that recent investigations say has circumvented human rights safeguards. The Biden administration imposed sanctions against the trio in 2024 as part of a broader move to sanction spyware operators. … Read More “Treasury removes Intellexa spyware-linked trio from sanctions list  – CyberScoop” »

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. “The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF … Read More “Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia  – The Hacker News” »

The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal … Read More “The Kimwolf Botnet is Stalking Your Local Network  – Krebs on Security” »

Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.  Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear.  This gap between … Read More “The ROI Problem in Attack Surface Management  – The Hacker News” »

Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud’s Application Integration service to distribute emails. The activity, Check Point said, takes advantage of the trust associated with Google Cloud infrastructure to send the messages from a legitimate email address (”  – Read More  … Read More “Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign  – The Hacker News” »

Conventional development frequently results in a trade-off between speed and brand consistency, which harms reputation by causing delays…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

As web browsers evolve into all-purpose platforms, performance and productivity often suffer.  Feature overload, excessive background processes, and fragmented workflows can slow down browsing sessions and introduce unnecessary friction, especially for users who rely on the browser as a primary work environment. This article explores how adopting a lightweight, task-focused browser, like  – Read More  … Read More “How To Browse Faster and Get More Done Using Adapt Browser  – The Hacker News” »

The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks … Read More “ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories  – The Hacker News” »

Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK … Read More “RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers  – The Hacker News” »

As South Africans take advantage of the ease and convenience of the digital financial world, it has become increasingly more simple for threat actors to take advantage. Deceiving the average individual has become rather simple for cybercriminals as the internet brings them a wealth of information. All it takes is one or two rather official … Read More “Mobile fraud on the rise in South Africa  – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »

A hacker using the alias 888 is claiming responsibility for a major data breach affecting the European Space…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. “Our Developer GitHub secrets were exposed in the attack, which gave the attacker … Read More “Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack  – The Hacker News” »

On December 2, 2025, Hackread.com exclusively reported that the Everest ransomware group claimed to have stolen 1TB of…  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under … Read More “DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide  – The Hacker News” »

Can you trust your cybersecurity team? A recent federal case reveals how two US-based cybersecurity experts turned into affiliates for the BlackCat ransomware group, extorting over $1.2M in Bitcoin. Read the full story on their 2023 crime spree.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is “@vietmoney/react-big-calendar,” which was uploaded to npm back in March 2021 by a user named … Read More “Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry  – The Hacker News” »

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. “IBM API Connect could … Read More “IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass  – The Hacker News” »

Can you trust your cybersecurity team? A recent federal case reveals how two US-based cybersecurity experts turned into affiliates for the BlackCat ransomware group, extorting over $1.2M in Bitcoin. Read the full story on their 2023 crime spree.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Korean Air confirms a major data leak affecting 30,000 staff members after the Cl0p gang targeted a catering partner. Learn what data was stolen and the airline’s response to secure its data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. The names of the individuals are as follows – Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara … Read More “U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware  – The Hacker News” »

The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code … Read More “CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution  – The Hacker News” »

OpenAI is warning that prompt injection, a technique that hides malicious instructions inside ordinary online content, is becoming a central security risk for AI agents designed to operate inside a web browser and carry out tasks for users. The company said it recently shipped a security update for ChatGPT Atlas after internal automated red-teaming uncovered … Read More “OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas  – CyberScoop” »

HoneyMyte (Mustang Panda) is back with a new ToneShell backdoor. Read how this stealthy attack blinds Microsoft Defender to target government entities in Asia.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Warning for EmEditor users: A third-party breach tampered with the official download link between Dec 19–22, 2025. Learn how to identify the fake installer and protect your data from infostealer malware.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). “This sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence,” CloudSEK researchers Prajwal Awasthi … Read More “Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware  – The Hacker News” »

Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional approach to operational integration. Some teams treat it as a shortcut for broken processes. Others attempt to apply machine learning … Read More “How to Integrate AI into Modern SOC Workflows  – The Hacker News” »

The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by … Read More “Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor  – The Hacker News” »

Artificial intelligence is evolving faster than regulators can keep up. In the absence of federal guidance, states have taken matters into their own hands. California’s S.B. 53 is only one example of a state attempting to shape how AI is built and used. Although these laws are well-intentioned and help protect consumers and promote transparency … Read More “AI doesn’t care if it’s in California or Texas. It just runs.  – CyberScoop” »

Cybersecurity professionals are closing out 2025 confronting yet another information-disclosure vulnerability, drawing widespread concern as threat hunters and researchers race to avoid impacts comparable to previous defects dubbed with a “bleed” suffix.  MongoBleed — CVE-2025-14847 — is a high-severity vulnerability affecting many versions of MongoDB with default configurations that allows unauthenticated attackers to leak server … Read More “MongoBleed defect swirls, stamping out hope of year-end respite  – CyberScoop” »

Over 87,000 MongoDB instances are at risk from a critical memory leak called MongoBleed. Following the chaos at Ubisoft, see how this zero-password flaw works and how to protect your data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

Crypto phishing scams surged 83% in 2025, targeting wallets with fake sites, approval tricks, and poisoned addresses. One click can drain your funds.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a … Read More “Happy 16th Birthday, KrebsOnSecurity.com!  – Krebs on Security” »

Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More 

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a … Read More “Happy 16th Birthday, KrebsOnSecurity.com!  – Krebs on Security” »

Researchers reveal CVE-2025-54322, a critical unpatched flaw in XSpeeder networking gear found by AI agents. 70,000 industrial and branch devices are exposed.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI, and More