Author: Joe-W

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. “The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis. “More than 1,600 victims were affected during one of  – Read...

We’ve reached the third Patch Tuesday of 2025, and, as expected, Microsoft and Adobe have released their latest security offerings. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast...

Disgruntled ex-employee sabotages company systems with malicious code, causing major disruptions and financial losses.  Learn about the case…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his...

A potential government shutdown looms by the end of this week if Congress doesn’t pass legislation to keep funding the federal government, a development that could worsen problems cyber personnel and agencies are experiencing under the second Trump administration, experts say. Many cyber feds would likely be exempt from furloughs during a government shutdown, common for personnel deemed “essential,” although...

In episode 41 of the AI Fix, our hosts learn that society needs to be completely reordered by December, Grok accuses Trump of being a Russian asset, Graham discovers that parents were wrong about computer games all along, and Mark wonders if a kung-fu kicking robot from Unitree is the hero that we need. Graham gives an AI a Rorschach...

Fake Elon Musk endorsements are used in SMS campaigns to sell bogus energy-saving devices. Learn how to spot…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Allstate and several of the insurance company’s subsidiaries were accused of poor security practices resulting in data breaches in 2020 and 2021 that exposed sensitive data on nearly 200,000 people, the New York State Attorney General office said in a lawsuit filed Monday.  National General, an insurance company Allstate acquired for $4 billion in 2021, failed to notify almost 12,000...

President Donald Trump nominated Sean Plankey to head the Cybersecurity and Infrastructure Security Committee on Tuesday, the last major piece to fall into place for cybersecurity leadership in his administration. Plankey served in the first Trump administration, holding a few posts with cyber responsibilities. He was the principal deputy assistant secretary for the Energy Department’s Office of Cybersecurity, Energy Security...

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. “The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet,” security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with  –...

Elon Musk has confirmed a massive cyberattack on his social media platform, X (once Twitter), causing widespread technical…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn’t equal being secure. As Sun Tzu warned, “Strategy without tactics is  –...

Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace. This is steganography, a cybercriminal’s secret weapon for ...

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. “Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws...

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy  – Read More ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-57968 – An unrestricted file upload vulnerability in Advantive VeraCore  – Read More  –...

The telecom industry is at a major turning point. With 5G, IoT, and AI reshaping global connectivity, the…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

International law enforcement disrupts Garantex, a multi-billion-dollar cryptocurrency exchange used for money laundering. Two individuals, Aleksej Besciokov and…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

A popular set of SCADA software systems used in critical infrastructure around the world suffered from at least five known vulnerabilities that could have allowed for privilege escalation, DLL hijacking and the ability to modify critical files. The vulnerabilities were found within a suite of software made by ICONICS, which claims on its website that its SCADA software is embedded...

Over 1,000 malicious packages found using low file counts, suspicious installs, and hidden APIs. Learn key detection methods…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

On Tuesday, March 18 2025, at 1pm EST, I will be joining the experts at Dashlane for an online chat all about credential security in the age of AI. Learn more and make sure to book your free seat.  – Read More  – Graham Cluley 

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. “The polymorphic extensions create a pixel perfect replica of the target’s icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to  – Read More  – The...

The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. “The campaign, which leverages social media to distribute malware, is tied to the region’s current geopolitical climate,” Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week. ...

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together different  – Read More  –...

Cyber threats today don’t just evolve—they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds—ranging from nation-state espionage and ransomware to manipulated AI chatbots—the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our  – Read More  – The Hacker News 

A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services. Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (WPD) tools to distribute malware  – Read More  –...

A Storm of Scams Awaits!  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion. On...

Outpost24’s KrakenLabs reveals EncryptHub’s multi-stage malware campaign, exposing their infrastructure and tactics through critical OPSEC failures. Learn how…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News 

Cryptocurrency offers financial freedom, but it also comes with privacy challenges. Unlike traditional banking, where transactions remain relatively…  – Read More  – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News