Author: Matt Kapko

Salesloft Drift customers are compromised in a much more expansive downstream attack spree than previously thought, potentially ensnaring any user that integrated the AI chat agent platform to another service. “We’re telling organizations to treat any Drift integration into any platform as potentially compromised, so that increases the scope of victims,” Mandiant Consulting CTO Charles … Read More “Salesloft Drift compromised en masse, impacting all third-party integrations  – CyberScoop” »

Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions. Software supply chain security outfit ReversingLabs said it made the discovery after it identified a malicious extension named “ahbanC.shiba” that functioned similarly to two other extensions – ahban.shiba and ahban.cychelloworld –  – … Read More “Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names  – The Hacker News” »

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called “Gambler Panel” that bills itself … Read More “Affiliates Flock to ‘Soulless’ Scam Gambling Machine  – Krebs on Security” »

Miami, United States, 28th August 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Election officials should brace for direct attacks from the Trump administration and its state GOP allies on the integrity of U.S. elections — and plan for the possibility that federal agencies once charged with protecting elections will leverage their authorities to interfere in the process, a voting rights nonprofit warned. In a report released Wednesday, … Read More “Trump administration setting the stage for elections power grab, voting rights group warns  – CyberScoop” »

The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors. “While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and  – Read More  – … Read More “Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide  – The Hacker News” »

A coalition of international cybersecurity agencies led by the UK’s National Cyber Security Centre (NCSC) has publicly linked…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions. Scary, right? In 2025, the average … Read More “Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec  – The Hacker News” »

Email has always been a double-edged sword in the world of business. On one hand, it’s the fastest,…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Make sure your Chrome browser is updated to the latest version to stay protected.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when that trust is broken? According to a recent report by Statista, the average cost of a data breach worldwide was about $4.88 million. Also, in 2024, the private data of over 15 million … Read More “Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them  – The Hacker News” »

The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other auxiliary plugins with data-gathering capabilities. “Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans … Read More “Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials  – The Hacker News” »

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two entities for their role in the North Korean remote information technology (IT) worker scheme to generate illicit revenue for the regime’s weapons of mass destruction and ballistic missile programs. “The North Korean … Read More “U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits  – The Hacker News” »

We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal password vault. Then we time-hope to the post-quantum scramble: “harvest-now, decrypt later”, Microsoft’s 2033 quantum-safe pledge, and whether your printer will survive … Read More “Smashing Security podcast #432: Oops! I auto-filled my password into a cookie banner  – Graham Cluley” »

ESET has identified PromptLock, the first AI-powered ransomware, using OpenAI models to generate scripts that target Windows, Linux…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The Treasury Department on Wednesday expanded efforts to disrupt the pervasive North Korean technical worker scheme by imposing sanctions on people and organizations serving as facilitators and fronts for the country’s years-long conspiracy effort to defraud businesses and earn money despite international sanctions.  Vitaly Sergeyevich Andreyev, Kim Ung Sun, Shenyang Geumpungri Network Technology and Korea … Read More “Treasury sanctions North Korea IT worker scheme facilitators and front organizations  – CyberScoop” »

A notorious Chinese hacking campaign against telecommunications companies has now reached into a variety of additional sectors across the globe, including government, transportation, lodging and military targets, according to an alert U.S. and world cybersecurity agencies published Wednesday. The alert is an effort to give technical details to potential victims of the campaign from the … Read More “Salt Typhoon hacking campaign goes beyond previously disclosed targets, world cyber agencies say  – CyberScoop” »

Cybersecurity firm Netcraft has discovered a new task scam cluster that has stolen over $1 million in crypto.…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments. “Unlike traditional on-premises ransomware, where the threat actor typically deploys malware to encrypt critical files across endpoints within the compromised network and then negotiates for a decryption key,  – Read More  … Read More “Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks  – The Hacker News” »

Google says it is starting a cyber “disruption unit,” a development that arrives in a potentially shifting U.S. landscape toward more offensive-oriented approaches in cyberspace. But the contours of that larger shift are still unclear, and whether or to what extent it’s even possible. While there’s some momentum in policymaking and industry circles to put … Read More “Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense  – CyberScoop” »

Farmers Insurance reports a breach affecting 1.1 million customers. Learn how the attack, linked to groups ShinyHunters and…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A financially motivated threat group operating since 2021 has refined its technical tradecraft, honing its focus on cloud-based systems that allow it to expand ransomware operations beyond the scope of on-premises infrastructure, Microsoft Threat Intelligence said in a report released Wednesday. By leveraging cloud-native capabilities, Storm-0501 has exfiltrated large volumes of data with speed, destroying … Read More “Microsoft details Storm-0501’s focus on ransomware in the cloud  – CyberScoop” »

Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock. Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time. The open-weight language model was released by OpenAI earlier this month. “PromptLock  – Read … Read More “Someone Created First AI-Powered Ransomware Using OpenAI’s gpt-oss:20b Model  – The Hacker News” »

Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025. “The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions,” the company said. ”  – Read … Read More “Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors  – The Hacker News” »

A new advisory from Google and Mandiant reveals a widespread data breach in Salesforce. Learn how UNC6395 bypassed…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC). According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration. The hacking group shares toolset and infrastructural overlaps with campaigns undertaken by … Read More “ShadowSilk Hits 36 Government Targets in Central Asia and APAC Using Telegram Bots  – The Hacker News” »

Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place. For CISOs and security leaders like you, the challenge is clear: you don’t want to slow AI adoption down, … Read More “The 5 Golden Rules of Safe AI Adoption  – The Hacker News” »

Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity … Read More “Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra  – The Hacker News” »