Privacy/Governance Feed
Cybersecurity researchers issue warning over a surge in attacks designed to trick Facebook users into handing over login credentials – Read More –
Author: Joe-W
Attack Feeds
Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that’s specifically designed for long-term, stealthy access to Linux-based cloud environments According to a new report from Check Point Research, the cloud-native Linux malware framework comprises an array of custom loaders, implants, rootkits, and modular – Read More – The … Read More “New Advanced Linux VoidLink Malware Targets Cloud and container Environments – The Hacker News” »
Attack Feeds
Telegram mods spread a powerful Android backdoor as banking trojans surge and Joker malware resurfaces on Google Play in Q4 2025, says Doctor Web. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Attack Feeds
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0 “This issue […] could enable an unauthenticated user to … Read More “ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation – The Hacker News” »
Attack Feeds
Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics The security industry loves talking about “new” threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025 are pretty much the same as they were in 2015. Attackers are exploiting the same … Read More “What Should We Learn From How Attackers Leveraged AI in 2025? – The Hacker News” »
Attack Feeds
Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. “The infection chain follows a tightly orchestrated execution path: an obfuscated VBS launcher executed via wscript.exe invokes a – Read … Read More “New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack – The Hacker News” »
Attack Feeds
Menlo Park, USA, 13th January 2026, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Privacy/Governance Feed
Silent Push has discovered a new Magecart campaign targeting six major payment network providers that has been running since 2022 – Read More –
Privacy/Governance Feed
Lawmakers want the security industry to help them scrutinize the Cyber Security and Resilience Bill – Read More –
Attack Feeds
Have you ever stolen data, traded a hacking tool, or just lurked on a dark web forum believing that you are anonymous? If so, I might have some unsettling news for you. Read more in my article on the Hot for Security blog. – Read More – GRAHAM CLULEY
Attack Feeds
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code … Read More “CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution – The Hacker News” »
Privacy/Governance Feed
Organizations will start and possibly end with regulatory fines when discussing the cost of data breach. Although the fines imposed on the… The post The Real Cost of a Data Breach: Why Data Protection Is Now a Boardroom Priority appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
Spanish police disrupt Black Axe, arrest alleged leaders in action spanning four cities – CyberScoop
Attack Feeds
Authorities arrested 34 alleged cybercriminals in Spain, including some leaders of Black Axe, a transnational criminal organization responsible for adversary-in-the-middle scams such as business email compromise, money laundering and vehicle trafficking, the Spanish National Police said Friday. A coordinated law enforcement operation that fanned out to Seville, Madrid, Malaga and Barcelona significantly disrupted the group’s … Read More “Spanish police disrupt Black Axe, arrest alleged leaders in action spanning four cities – CyberScoop” »
Attack Feeds
New research from Recorded Future reveals how Russian state hackers (BlueDelta) are using fake Microsoft and Google login portals to steal credentials. The campaign involves using legitimate PDF lures from GRC and EcoClimate to trick victims. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Attack Feeds
Scammers are using fake October 2025 performance reviews to trick staff into installing Guloader and Remcos RAT malware. Learn how to identify this threat and protect your personal data from remote hackers. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Attack Feeds
Secure container images are now essential for modern apps. These five options help teams reduce risk, cut patching effort, and improve long-term security. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Attack Feeds
The UK’s top internet regulator opened a formal investigation into social media network X after users, with the help of its AI chatbot Grok, flooded the site with nonconsensual, AI-manipulated nude and undressed photos of real people. On Monday, the Office of Communications (Ofcom), which regulates internet and telecommunications companies, said the investigation will determine … Read More “British regulator Ofcom opens investigation into X – CyberScoop” »
Attack Feeds
Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers’ OAuth credentials. One such package, named “n8n-nodes-hfgjf-irtuinvcm-lasdqewriit,” mimics a Google Ads integration, and prompts users to link their advertising account in a seemingly legitimate form and then … Read More “n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens – The Hacker News” »
Privacy/Governance Feed
Researchers at Palo Alto’s Unit 42 have outlined a list of recommended security controls for vibe coding tools – Read More –
Attack Feeds
Everest ransomware claims to have breached Nissan Motor Corporation, alleging the theft of 900GB of internal data, including documents and screenshots. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Attack Feeds
Public sector cybersecurity faces outdated systems, budget gaps, and rising attacks. Learn key challenges, defense strategies, and proven best practices. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Privacy/Governance Feed
US agency CISA has retired ten Emergency Directives issued between 2019 and 2024, marking a new step in managing federal cyber-risk – Read More –
Attack Feeds
As we ramp up to the premier automotive and charging station hacking competition, Pwn2Own Automotive 2026 in Tokyo, the Trend Micro Zero Day Initiative (ZDI) is providing a preliminary look at one of the main targets: the Alpitronic HYC50 High-Power Charger. The HYC50 series represents the leading edge of fast-charging infrastructure, blending complex high-voltage power … Read More “The Alpitronic HYC50 Hardware Teardown for Pwn2Own Automotive 2026 – Zero Day Initiative – Blog” »
Privacy/Governance Feed
California privacy regulator, the CPPA, is cracking down on data brokers trading personal data without authorization – Read More –
Privacy/Governance Feed
“Pervasive” threat of phishing, invoice scams and other cyber-enabled fraud is at “record highs”, warns WEF Cybersecurity Outlook 2026 – Read More –
Attack Feeds
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance. Scale amplified the damage. A single weak configuration rippled out … Read More “⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More – The Hacker News” »
Attack Feeds
A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that’s capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers. “The current wave of campaigns is driven by two factors: the mass reuse of AI-generated server deployment … Read More “GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials – The Hacker News” »
Attack Feeds
Meet OPCOPRO, an online scam that builds a fake AI-run world like The Truman Show using WhatsApp and apps to steal IDs via fake KYC and investments. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Attack Feeds
When President Trump referenced America’s ability to “darken” parts of Caracas during Operation Absolute Resolve, the comment stood out not because of what it confirmed, but because of what it implied. Delivered without technical detail, the remark hinted at capabilities that sit somewhere between diplomacy and force, and between cyber operations and traditional military action. … Read More “Is the US adopting the gray zone cyber playbook? – CyberScoop” »
Privacy/Governance Feed
TRM Labs says illegal crypto flows into digital wallets increased to $158bn in 2025 – Read More –
Attack Feeds
Anthropic has become the latest Artificial intelligence (AI) company to announce a new suite of features that allows users of its Claude platform to better understand their health information. Under an initiative called Claude for Healthcare, the company said U.S. subscribers of Claude Pro and Max plans can opt to give Claude secure access to … Read More “Anthropic Launches Claude AI for Healthcare with Secure Health Record Access – The Hacker News” »
Privacy/Governance Feed
A database featuring 300,000+ users of notorious hacking forum BreachForums has been leaked online – Read More –
Attack Feeds
Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy. At least since 2016, Chinese-speaking criminal groups have erected industrial-scale scam centers across Southeast Asia, creating special economic zones that are devoted to fraudulent investment – Read More … Read More “Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud – The Hacker News” »
Privacy/Governance Feed
As companies continue with their digital transformation processes, the pressure to maintain constant compliance with data protection is mounting…. The post 2025-2026 Roadmap: Maintaining Continuous Data Protection Compliance appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
Attack Feeds
Instagram’s 17 million user data leak wasn’t a new breach – Hackread.com’s in-depth analysis shows it was scraped in 2022, leaked in 2023, and falsely repackaged in 2026. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Attack Feeds
Authorities caught 34 members of the notorious Black Axe gang in Spain known for stealing millions of Euros through online romance scams and email fraud. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Alert Feeds
Posted by Stefan Kanthak via Fulldisclosure on Jan 10 Hi @ll, the following is a condensed form of <https://skanthak.hier-im-netz.de/whispers.html#whisper3> and <https://skanthak.hier-im-netz.de/whispers.html#whisper4>. Windows Vista moved the shared start menu from “%ALLUSERSPROFILE%Start Menu” to “%ProgramData%MicrosoftWindowsStart Menu”, with some shortcuts (*.lnk) “reflected” from the (immutable) component store below %SystemRoot%WinSxS JFTR:… – Read More – Full Disclosure
Alert Feeds
Posted by Ron E on Jan 10 A global buffer overflow vulnerability exists in the TinyOS printfUART implementation used within the ZigBee / IEEE 802.15.4 networking stack. The issue arises from an unsafe custom sprintf() routine that performs unbounded string concatenation using strcat() into a fixed-size global buffer. The global buffer debugbuf, defined with … Read More “TinyOS 2.1.2 printfUART Global Buffer Overflow via Unbounded Format Expansion – Full Disclosure” »
Alert Feeds
Posted by Ron E on Jan 10 A stack-based buffer overflow vulnerability exists in the mcp2200gpio utility due to unsafe use of strcpy() and strcat() when constructing device paths during automatic device discovery. A local attacker can trigger the vulnerability by creating a specially crafted filename under /dev/usb/, resulting in stack memory corruption and … Read More “TinyOS 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio – Full Disclosure” »
Alert Feeds
Posted by Ron E on Jan 10 A stack-based buffer overflow vulnerability exists in the tapslip6 utility distributed with RIOT OS (and derived from the legacy uIP/Contiki networking tools). The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. Specifically, tapslip6 uses strcpy() … Read More “RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility via Unbounded Device Path Construction – Full Disclosure” »
Alert Feeds
Posted by Ron E on Jan 10 A stack-based buffer overflow vulnerability exists in the RIOT OS ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer (serial->frame) without verifying that the current … Read More “RIOT OS 2026.01-devel-317 Stack-Based Buffer Overflow in RIOT ethos Serial Frame Parser – Full Disclosure” »
Alert Feeds
Posted by Art Manion via Fulldisclosure on Jan 10 Hi, CVE IDs *can* be assigned for SaaS or similarly “cloud only” software. For a period of time, there was a restriction that only the provider could make or request such an assignment. But the current CVE rules remove this restriction: 4.2.3 CNAs MUST NOT … Read More “Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group) – Full Disclosure” »
Attack Feeds
Database of 323,986 BreachForums users leaked online as forum admins claim the exposed data is partial and dates back to August 2025. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Privacy/Governance Feed
Welcome to WordPress. This is your first post. Edit or delete it, then start writing! – Read More – CryptoBind | HSM Provider in India | Aadhaar Data Vault | Data Security Solution
Attack Feeds
CISA adds a critical HPE OneView flaw (CVE-2025-37164) to its KEV catalogue with a Jan 28 deadline. Learn how this 10.0 RCE bug puts server infrastructure at risk. – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Attack Feeds
The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater. “The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular – … Read More “MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors – The Hacker News” »
Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime – The Hacker News
Attack Feeds
Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe. As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28 arrests were made in Seville, along with … Read More “Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime – The Hacker News” »
Attack Feeds
Cybersecurity researchers from Huntress detail a major VM Escape attack where hackers took over host servers. Using a secret toolkit called MAESTRO, the attackers stayed hidden for over a year. Read the exclusive details on how this breach was stopped and how to protect your network. – Read More – Hackread – Cybersecurity News, Data … Read More “MAESTRO Toolkit Exploiting VMware VM Escape Vulnerabilities – Hackread – Cybersecurity News, Data Breaches, AI, and More” »
Attack Feeds
Large businesses or governments aren’t the only ones threatened by cyber attacks. Every organization is now equally threatened.… – Read More – Hackread – Cybersecurity News, Data Breaches, AI, and More
Attack Feeds
The post Hegseth, Gabbard tap Tim Kosiba as NSA deputy director after months of cyber leadership tumult appeared first on CyberScoop. – Read More – CyberScoop