Author: Joe-W

Social media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure continued access to the service. To that end, users are being asked to complete the re-enrollment, either using their existing security key or enrolling a new one, … Read More “X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts  – The Hacker News” »

Cybersecurity researchers have discovered a new vulnerability in OpenAI’s ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant’s memory and run arbitrary code. “This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware,” LayerX  – Read More  … Read More “New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands  – The Hacker News” »

Researchers have uncovered HyperRat, a new Android malware sold as a service, giving attackers remote control, data theft tools, and mass phishing features.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

London, United Kingdom, 27th October 2025, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far … Read More “⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens  – The Hacker News” »

X (formerly Twitter) is asking users with security keys to re-enroll by Nov 10 as it moves logins from twitter.com to x.com for continued 2FA access.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June. The development comes as the ransomware-as-a-service (RaaS) operation has … Read More “Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack  – The Hacker News” »

The newly released OpenAI Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to visit. “The omnibox (combined address/search bar) interprets input either as a URL to navigate to, or as a natural-language command … Read More “ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands  – The Hacker News” »

Everest ransomware group claims to have stolen 1.5 million passenger records from Dublin Airport and personal data of 18,000 Air Arabia employees in latest breaches.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Hackers earned over $1 million at Pwn2Own Ireland 2025 in Cork, breaching printers, routers, NAS devices, and more as Summoning Team claimed Master of Pwn.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The financial industry is transforming as artificial intelligence (AI) is becoming an integral tool for managing operations, improving…  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Everest ransomware group claims a breach of AT&T Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. “Although these domains are registered through a Hong Kong-based registrar and use Chinese nameservers, … Read More “Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation  – The Hacker News” »

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the … Read More “Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability  – The Hacker News” »

The United States needs to counter China’s “attempt to export a surveillance state across planet Earth,” and instead push a “clean American tech stack” globally, National Cyber Director Sean Cairncross said Friday. “It’s important that we send that message and engage with not only partners that we have now, but potential partners who are looking … Read More “National cyber director says U.S. needs to counter Chinese surveillance, push American tech  – CyberScoop” »

A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. … Read More “APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign  – The Hacker News” »

Paris, France, 24th October 2025, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

New Android malware Baohuo hijacks Telegram X accounts, stealing data and controlling chats. Over 58,000 devices infected, mainly in India and Brazil.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even realize it. This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences what organizations prioritize, where they  – … Read More “The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently  – The Hacker News” »

In recent years, the cybersecurity industry has made significant strides in securing endpoints with advanced Endpoint Detection and Response (EDR) solutions, and we have been successful in making life more difficult for our adversaries.  While this progress is a victory, it has also produced a predictable and dangerous consequence where threat actors are shifting their … Read More “Shifting from reactive to proactive: Cyber resilience amid nation-state espionage  – CyberScoop” »

A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads. Active since 2021, the network has published more than 3,000 malicious videos to date, with the volume of such videos tripling … Read More “3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation  – The Hacker News” »

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps … Read More “Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack  – The Hacker News” »

North Korea’s Lazarus threat group attacked three Europe-based companies with active operations in the defense sector last spring to potentially steal sensitive data about drone components and software, ESET researchers said in a report released Thursday. The attacks initiated by North Korea’s long-running advanced persistent threat group, which specializes in espionage, sabotage and financial gain, … Read More “North Korea’s Lazarus group attacked three companies involved in drone development  – CyberScoop” »

Medusa ransomware leaks 186 GB of Comcast data, claiming 834 GB stolen after a $1.2M ransom demand apparently went unpaid.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Operant AI reveals Shadow Escape, a zero-click attack using the MCP flaw in ChatGPT, Gemini, and Claude to secretly steal trillions of SSNs and financial data. Traditional security is blind to this new AI threat.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

The New York Department of Financial Services published updates this week to longstanding industry guidance that urges financial services companies to closely watch their third-party providers. While the guidance’s updates are numerous, they are, according to the state, mostly intended to provide clarity as the technology landscape shifts. A department press release notes that the … Read More “New York updates third-party risk guidance, adds AI provisions  – CyberScoop” »

Federal prosecutors have accused a former executive at L3Harris Technologies’ cyber division of stealing trade secrets and selling them to an undisclosed buyer in Russia, according to court documents obtained by CyberScoop.  The Department of Justice filed charges against Peter Williams, an Australian national who served as general manager of Trenchant, a specialized cybersecurity division … Read More “Ex-L3Harris executive accused of selling trade secrets to Russia  – CyberScoop” »

Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. “Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be … Read More “North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets  – The Hacker News” »

Palo Alto, California, 23rd October 2025, CyberNewsWire  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target. This week’s ThreatsDay highlights show exactly how those weak points are … Read More “ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More  – The Hacker News” »

AI is everywhere—and your company wants in. Faster products, smarter systems, fewer bottlenecks. But if you’re in security, that excitement often comes with a sinking feeling. Because while everyone else is racing ahead, you’re left trying to manage a growing web of AI agents you didn’t create, can’t fully see, and weren’t designed to control. … Read More “Secure AI at Scale and Speed — Learn the Framework in this Free Webinar  – The Hacker News” »

Massive Synthient Stealer Log leak adds 183 million stolen usernames and passwords to Have I Been Pwned, exposing new victims worldwide.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More 

SentinelLABS’ research reveals PhantomCaptcha, a highly coordinated, one-day cyber operation on Oct 8, 2025, targeting the International Red Cross, UNICEF, and Ukraine government groups using fake emails and a Remote Access Trojan (RAT) linked to Russian infrastructure.  – Read More  – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More