Author: [email protected] (The Hacker News)

The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. “The Noodlophile campaign, active for over a year, now leverages advanced spear-phishing emails posing as copyright infringement  – … Read More “Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures  – The Hacker News” »

Morphisec warns of a new Noodlophile Stealer variant spread via fake copyright phishing emails, using Dropbox links and…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In a sweeping announcement about a forthcoming executive order, President Donald Trump argued Monday that states are ultimately subservient to the White House when it comes to setting election policy. “Remember, the states are merely an agent for the federal government in counting and tabulating the votes,” Trump wrote on Truth Social Monday morning. “They … Read More “Trump threatens executive order on elections, claims states must obey  – CyberScoop” »

Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks. The attacks involve the exploitation of CVE-2025-29824, a privilege escalation vulnerability impacting the Windows Common Log File System (CLFS) that was addressed by Microsoft in April 2025,  … Read More “Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware  – The Hacker News” »

A cyberattack on Manpower’s Michigan office compromised data for 144,000 people. Meanwhile, Workday reveals a data breach in…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Power doesn’t just disappear in one big breach. It slips away in the small stuff—a patch that’s missed, a setting that’s wrong, a system no one is watching. Security usually doesn’t fail all at once; it breaks slowly, then suddenly. Staying safe isn’t about knowing everything—it’s about acting fast and clear before problems pile up. … Read More “⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More  – The Hacker News” »

WarLock ransomware claims breach at Colt and Hitachi, with Colt investigating and working to restore systems while experts…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor, realizes its nefarious functionality through a dependency package called colorinal by means of a multi-stage malware operation, Zscaler  – Read … Read More “Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks  – The Hacker News” »

Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finance, government contracting, or education. Some of these standards and frameworks include, but are not limited to:  – Read More  – … Read More “Wazuh for Regulatory Compliance  – The Hacker News” »

Expiration of a 2015 law at the end of September could dramatically reduce cyber threat information sharing within industry, as well as between companies and the federal government, almost to the point of eliminating it, some experts and industry officials warn. The Cybersecurity Information Sharing Act, also known as CISA 2015, is due to end … Read More “Here’s what could happen if CISA 2015 expires next month  – CyberScoop” »

The State Department has demonstrated it does not understand that cyber power is critical to geopolitical power. In the course of reorganizing offices and reducing staff over the past three weeks, the department’s political appointees have gutted President Trump’s ability to work with partners and allies on cybersecurity and technology resilience. Congress will need to … Read More “By gutting its cyber staff, State Department ignores congressional directives  – CyberScoop” »

Expiration of a 2015 law at the end of September could dramatically reduce cyber threat information sharing within industry, as well as between companies and the federal government, almost to the point of eliminating it, some experts and industry officials warn. The Cybersecurity Information Sharing Act, also known as CISA 2015, is due to end … Read More “Here’s what could happen if CISA 2015 expires next month  – CyberScoop” »

A seller named Chucky_BF is offering 15.8M PayPal logins with emails, passwords, and URLs. The data may come…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The Las Vegas Metropolitan Police Department announced the arrest of eight individuals, including a top Israeli official, in…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Rotherham hacker Al-Tahery Al-Mashriky jailed for 20 months after global cyberattacks, stealing millions of logins and targeting government…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

CloudSEK uncovered a Pakistan-based family cybercrime network that spread infostealers via pirated software, netting $4.67M and millions of…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators’ infrastructure. “The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft capabilities to target more than 700 banking, shopping, and cryptocurrency applications,”  – Read More  … Read More “ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure  – The Hacker News” »

The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. Trustwave SpiderLabs said it recently observed an EncryptHub campaign that brings together social engineering and the exploitation of a vulnerability in the Microsoft Management Console (MMC) framework (CVE-2025-26633, aka MSC EvilTwin) to trigger  – … Read More “Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware  – The Hacker News” »

A federal district court declined to step in and review a combined $92 million fine imposed by the Federal Communications Commission on T-Mobile and Sprint for selling customer geolocation data to third parties, saying Congress has recognized “the highly sensitive nature” of such information. In a unanimous decision, the U.S. District Court of Appeals for … Read More “Court rebuffs request by telecoms to review $92 million privacy fine    – CyberScoop” »

A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attributed by Cisco Talos to an activity cluster it tracks as UAT-7237, which is believed to be active … Read More “Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools  – The Hacker News” »

A federal court has upheld the Federal Communications Commission’s authority to impose stricter data breach notification regulations on the telecom sector, including requirements that the industry notifies customers when their personally identifiable information is exposed in a hack. In a 2-1 decision, the U.S. Sixth Circuit Court of Appeals concluded that the FCC did not … Read More “Court upholds FCC data breach reporting rules on telecom sector  – CyberScoop” »

Cisco disclosed a maximum-severity vulnerability affecting its Secure Firewall Management Center Software that could allow unauthenticated attackers to inject arbitrary shell commands and execute high-privilege commands, the vendor said in a security advisory Thursday.  The enterprise networking vendor said it discovered the vulnerability — CVE-2025-20265 — during internal security testing. Cisco released a patch for … Read More “Cisco discloses maximum-severity defect in firewall software  – CyberScoop” »

Thai police arrest SMS Blaster operator in smishing scam and bust crypto laundering gang moving $30M monthly through…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

We used to think of privacy as a perimeter problem: about walls and locks, permissions, and policies. But in a world where artificial agents are becoming autonomous actors — interacting with data, systems, and humans without constant oversight — privacy is no longer about control. It’s about trust. And trust, by definition, is about what … Read More “Zero Trust + AI: Privacy in the Age of Agentic AI  – The Hacker News” »

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday renewed sanctions against Russian cryptocurrency exchange platform Garantex for facilitating ransomware actors and other cybercriminals by processing more than $100 million in transactions linked to illicit activities since 2019. The Treasury said it’s also imposing sanctions on Garantex’s successor, Grinex  – … Read More “U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions  – The Hacker News” »

NIST has released a concept paper for new control overlays to secure AI systems, built on the SP…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems. The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject  – … Read More “Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution  – The Hacker News” »

Cisco Talos researchers have discovered a dangerous new malware framework called PS1Bot. Active since early 2025, this sophisticated…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

U.S. officials imposed sanctions Thursday on Russian cryptocurrency exchange Garantex, its successor Grinex, and related affiliates, while also targeting its leaders for arrest with financial rewards. These measures are part of intensified efforts to halt the flow of ransomware proceeds facilitated by the platforms. The Treasury Department’s Office of Foreign Assets Control re-designated Garantex for … Read More “US widens sanctions on Russian crypto exchange Garantex, its successor and affiliate firms  – CyberScoop” »

Beware of fake Netflix job offers! A new phishing campaign is targeting job seekers, using fraudulent interviews to…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto