Author: Joe-W

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in “extremely sophisticated” attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content...

Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993, both vulnerabilities in NTFS, the default file system for Windows and Windows Server. Both require the attacker to trick a target into mounting...

Almost every company nowadays depends on cloud computing since it is a necessary tool in the world of…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities, the company said in its latest security update Tuesday. Four of the six zero-days, which were all added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, are high-severity on the CVSS scale.  The software defects impact fundamental drivers, kernels and...

Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine.  Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions. The sandbox is a security feature that isolates untrusted web content in order to prevent malicious code from accessing critical...

Scammers use fake Binance wallet emails to lure users with TRUMP Coin, but instead, they install malware that grants hackers full control over victims’ devices.  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Social media service X was hit by a series of distributed denial-of-service attacks Monday, which rendered the platform formerly known as Twitter inaccessible at times for users with intermittent outages and errors, according to researchers. The cause of those attacks has been much harder to discern. Elon Musk, the site’s owner, described the incident as a “massive cyberattack,” but did...

Blockchain technology is revolutionizing industries by enabling secure transactions, decentralization, and transparency. At the same time, Blockchain software…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Business groups told lawmakers Tuesday that they fear cyber threat information sharing could drop off in light of the Trump administration’s move to eliminate a critical infrastructure committee and given the pending expiration of a 2015 law. The Critical Infrastructure Partnership Advisory Council (CIPAC) fell among a swath of government advisory committees that Homeland Security Secretary Kristi Noem scrapped last...

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. “The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis. “More than 1,600 victims were affected during one of  – Read...

We’ve reached the third Patch Tuesday of 2025, and, as expected, Microsoft and Adobe have released their latest security offerings. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast...

Disgruntled ex-employee sabotages company systems with malicious code, causing major disruptions and financial losses.  Learn about the case…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his...

A potential government shutdown looms by the end of this week if Congress doesn’t pass legislation to keep funding the federal government, a development that could worsen problems cyber personnel and agencies are experiencing under the second Trump administration, experts say. Many cyber feds would likely be exempt from furloughs during a government shutdown, common for personnel deemed “essential,” although...

In episode 41 of the AI Fix, our hosts learn that society needs to be completely reordered by December, Grok accuses Trump of being a Russian asset, Graham discovers that parents were wrong about computer games all along, and Mark wonders if a kung-fu kicking robot from Unitree is the hero that we need. Graham gives an AI a Rorschach...

Fake Elon Musk endorsements are used in SMS campaigns to sell bogus energy-saving devices. Learn how to spot…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Allstate and several of the insurance company’s subsidiaries were accused of poor security practices resulting in data breaches in 2020 and 2021 that exposed sensitive data on nearly 200,000 people, the New York State Attorney General office said in a lawsuit filed Monday.  National General, an insurance company Allstate acquired for $4 billion in 2021, failed to notify almost 12,000...

President Donald Trump nominated Sean Plankey to head the Cybersecurity and Infrastructure Security Committee on Tuesday, the last major piece to fall into place for cybersecurity leadership in his administration. Plankey served in the first Trump administration, holding a few posts with cyber responsibilities. He was the principal deputy assistant secretary for the Energy Department’s Office of Cybersecurity, Energy Security...

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. “The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet,” security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with  –...

Elon Musk has confirmed a massive cyberattack on his social media platform, X (once Twitter), causing widespread technical…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn’t equal being secure. As Sun Tzu warned, “Strategy without tactics is  –...