Author: CyberNewswire

Tel Aviv, Israel, 29th October 2025, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT … Read More “New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts  – The Hacker News” »

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. “These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks,” the Qualys Threat Research Unit (TRU) said … Read More “Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices  – The Hacker News” »

Your main rival in the fintech space just raised $20 million in a very successful Series B funding…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government … Read More “Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics  – The Hacker News” »

BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge. Introduction The next major breach won’t be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it’s the “ghost” identity from a 2015 breach lurking … Read More “Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc  – The Hacker News” »

Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It’s no longer a future concept—it’s here, and it’s already reshaping how teams operate. AI’s capabilities are profound: it’s speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more  … Read More “Discover Practical AI Tactics for GRC — Join the Free Expert Webinar  – The Hacker News” »

Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems. “The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer … Read More “10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux  – The Hacker News” »

Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck. The vulnerabilities are listed below – CVE-2025-6204 (CVSS score: 8.0) – A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker … Read More “Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack  – The Hacker News” »

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru … Read More “Aisuru Botnet Shifts from DDoS to Residential Proxies  – Krebs on Security” »

Everest ransomware group leaks alleged AT&T Carrier data, demands $1 million for Dublin Airport files and $2 million for Air Arabia employee records.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

F5 CEO François Locoh-Donou said on a company earnings call that there were two categories of impact on customers following a nation-state attacker’s long-term, persistent access to its systems: widespread emergency updates to BIG-IP software and hardware, and customers whose configuration data was stolen during the attack. “We were very impressed frankly, with the speed … Read More “F5 asserts limited impact from prolonged nation-state attack on its systems  – CyberScoop” »

A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment (TEE) in a computer’s main processor, including Intel’s Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX) and AMD’s Secure Encrypted Virtualization with Secure  … Read More “New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves  – The Hacker News” »

US teen indicted for involvement in extremist “764” network, accused of child exploitation, animal cruelty, and cyberstalking, says the Justice Department.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover (DTO) attacks. “Herodotus is designed to perform device takeover while making first attempts to mimic human behaviour and bypass behaviour biometrics detection,” ThreatFabric said in a report … Read More “New Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems by Typing Like a Human  – The Hacker News” »

As AI browser agents enter the market promising to help people shop, hire employees  or assist with other online tasks, security researchers are warning that the information these programs collect from the internet can be manipulated and corrupted without anyone ever realizing it. In new research shared exclusively with CyberScoop, AI cybersecurity firm SPLX highlighted … Read More “Exclusive: OpenAI’s Atlas browser — and others — can be tricked by manipulated web content  – CyberScoop” »

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster … Read More “Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains  – The Hacker News” »

A new Python-based infostealer called RedTiger is targeting Discord gamers to steal authentication tokens, passwords, and payment information. Learn how the malware works, its evasion tactics, and essential security steps like enabling MFA.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

In episode 74 of The AI Fix, we meet Amazon’s AI-powered delivery glasses, an AI TV presenter who doesn’t exist, and an Ohio lawmaker who wants to stop people from marrying their chatbot. Also, we learn how Geoffrey Hinton and Steve Wozniak have teamed up with the unlikely coupling of will.i.am and Steve Bannon to … Read More “The AI Fix #74: AGI, LLM brain rot, and how to scam an AI browser  – Graham Cluley” »

In cybersecurity, speed isn’t just a win — it’s a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more confidently your business keeps scaling. Early threat detection isn’t about preventing a breach someday: it’s about protecting the revenue you’re supposed to earn … Read More “Why Early Threat Detection Is a Must for Long-Term Business Growth  – The Hacker News” »

As more of our communication and work move online, keeping large file transfers secure has become a serious…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Mass exploitation attacks are once again targeting WordPress websites, this time through serious vulnerabilities in two popular plugins,…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The New Reality for Lean Security Teams If you’re the first security or IT hire at a fast-growing startup, you’ve likely inherited a mandate that’s both simple and maddeningly complex: secure the business without slowing it down. Most organizations using Google Workspace start with an environment built for collaboration, not resilience. Shared drives, permissive settings, … Read More “Is Your Google Workspace as Secure as You Think it is?  – The Hacker News” »

The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky. The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 … Read More “Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware  – The Hacker News” »

A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025. The activity “reveals a notable evolution in SideWinder’s TTPs, particularly the adoption of … Read More “SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats  – The Hacker News” »

Serverless architectures have fundamentally altered the cybersecurity landscape, creating attack vectors that traditional security models cannot address. After…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Attackers are actively exploiting a critical vulnerability in Windows Server Update Services, bypassing a patch Microsoft issued earlier this month that failed to mitigate the issue affecting software versions dating back to 2012.  Microsoft released an emergency, out-of-band security update for CVE-2025-59287 on Thursday. Multiple research firms detected in-the-wild exploitation by Friday, yet Microsoft has … Read More “Attackers bypass patch in deprecated Windows Server update tool  – CyberScoop” »

LayerX Security found a flaw in OpenAI’s ChatGPT Atlas browser that lets attackers inject commands into its memory, posing major security and phishing risks.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Unsecured House Democrats’ resume bank (DomeWatch) exposed 7,000 records, including PII and “top secret” clearance status, raising identity theft fears.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

New York, New York, USA, 27th October 2025, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Kaspersky researchers said Monday that they’ve unearthed a malware campaign they’re linking to the successor company of the infamous Italy-based surveillance tech firm Hacking Team, and at the same time discovered new commercial malware tied to the same firm. The malware campaign that Kaspersky dubbed Operation ForumTroll targeted government organizations, media outlets, financial institutions, universities, … Read More “Hacking Team successor linked to malware campaign, new ‘Dante’ commercial spyware  – CyberScoop” »