Author: Joe-W

Fake Home Office emails target the UK Visa Sponsorship System, stealing logins to issue fraudulent visas and run…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Norway says pro-Russian hackers breached a dam in Bremanger in April, opening a water valve for 4 hours…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Japan’s CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for cross-platform system control. The agency said the activity was detected between September and December … Read More “Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS  – The Hacker News” »

Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil. “PhantomCard relays NFC data from a victim’s banking card to the fraudster’s device,” ThreatFabric said in a report. “PhantomCard is based on  – Read More  … Read More “New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits  – The Hacker News” »

You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous … Read More “Have You Turned Off Your Virtual Oven?  – The Hacker News” »

Zimperium’s zLabs team uncovers a critical security flaw in the popular Android rooting tool, KernelSU v0.5.7. Learn how…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencing ™ can eliminate entire categories of risk. From disabling Office … Read More “Simple Steps for Attack Surface Reduction  – The Hacker News” »

Google said it’s implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishing apps in 15 jurisdictions in order to “ensure a safe and compliant ecosystem for users.” The policy applies to markets like Bahrain, Canada, Hong Kong, Indonesia, Israel, Japan, the Philippines, South Africa, South Korea, Switzerland, … Read More “Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.  N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure  – Read More  … Read More “CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog  – The Hacker News” »

A poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic outing. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley, joined this … Read More “Smashing Security podcast #430: Poisoned Calendar invites, ChatGPT, and Bromide  – Graham Cluley” »

Russia is restricting calls on the WhatsApp and Telegram messaging apps in what it says is a bid to counter criminal activity, but that WhatsApp contends is a response to its defiance of government efforts to violate user communication rights. “According to law enforcement agencies’ information and numerous reports from citizens, the foreign messengers Telegram … Read More “Russia restricts WhatsApp, Telegram calls, alleging criminal, terrorist activity  – CyberScoop” »

Fortinet warned customers in an advisory Tuesday of a critical vulnerability in FortiSIEM, its security information and event management software, adding that “practical exploit code” for the defect exists in the wild. The OS command injection vulnerability, CVE-2025-25256, has an initial CVSS score of 9.8 and could allow unauthenticated attackers to escalate privileges and execute … Read More “Fortinet SIEM issue coincides with spike in brute-force traffic against company’s SSL VPNs  – CyberScoop” »

Kaspersky reports Efimer Trojan infecting thousands, swapping crypto wallets, brute-forcing sites, and spreading through torrents and phishing. Cybercriminals…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Two executive orders President Donald Trump has signed in recent months could prove to have a more dramatic impact on cybersecurity than first thought, for better or for worse. Overall, some of Trump’s executive orders have been more about sending a message than spurring lasting change, as there are limits to their powers. Specifically, some … Read More “The overlooked changes that two Trump executive orders could bring to cybersecurity  – CyberScoop” »

Cybersecurity researchers have discovered a new malvertising campaign that’s designed to infect victims with a multi-stage malware framework called PS1Bot. “PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system  – Read More  – … Read More “New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks  – The Hacker News” »

A surge in brute-force attacks on Fortinet products could signal a new vulnerability. A timeline shows a strong…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.  The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation. … Read More “Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws  – The Hacker News” »

Every chief information security officer understands that unresolved vulnerabilities can eventually become entry points for threats. In the private sector, we don’t ignore gaps in leadership when they pose security risks. However, that’s precisely the risk our nation faces with the ongoing vacancy at the head of the Cybersecurity and Infrastructure Security Agency. As the … Read More “Patch the vulnerability: Confirm Sean Plankey as CISA director  – CyberScoop” »

Fake Minecraft clone Eaglercraft 1.12 Offline spreads NjRat spyware stealing passwords, spying via webcam and microphone, warns Point…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stakes, leaving SOCs under constant pressure … Read More “AI SOC 101: Key Capabilities Security Leaders Need to Know  – The Hacker News” »

Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0. “An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] … Read More “Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code  – The Hacker News” »

When it comes to transcribing videos, technical jargon can pose several challenges. However, with the right approach, you…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work. But here’s the uncomfortable truth: Attackers are evolving just as fast. Every leap forward in AI gives bad actors new tools — deepfake … Read More “Webinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive  – The Hacker News” »

Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low … Read More “Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws  – The Hacker News” »

Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of advanced persistent threat (APT) groups, such as DLL side-loading, process injection, and the ability  … Read More “Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics  – The Hacker News” »

Microsoft’s August Patch Tuesday fixes 107 vulnerabilities, including 13 critical RCE flaws, impacting Windows, Office, Azure, and more,…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Connex Credit Union breach exposes data of 172000 members, legal probe launched, experts urge victims to monitor accounts…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Microsoft’s monthly batch of patches includes a vulnerability affecting on-premises Microsoft Exchange servers that the company and federal authorities warned about in a series of alerts last week. In its latest security update Tuesday, Microsoft maintained the flaw hasn’t been exploited in the wild and designated the exploitability of the defect — CVE-2025-53786 — as … Read More “Microsoft Patch Tuesday follows SharePoint attacks, Exchange server warnings  – CyberScoop” »

New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection further in a transitive manner, Binarly REsearch … Read More “Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks  – The Hacker News” »

We’ve made it through hacker summer camp and made our way to the second Tuesday of the month. Adobe and Microsoft seemed to have survived as well, as they released their latest security patches. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If … Read More “The August 2025 Security Update Review  – Zero Day Initiative – Blog” »

Cybersecurity researchers are warning of a “significant spike” in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence firm GreyNoise, was observed on August 3, 2025, with over 780 unique IP addresses participating in the effort. As many as 56 unique IP addresses have been detected over the past 24 … Read More “Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager  – The Hacker News” »

On Aug. 7, OpenAI released GPT-5, its newest frontier large language model, to the public. Shortly after, all hell broke loose. Billed as faster, smarter and more capable tools for enterprise organizations than previous models, GPT-5 has instead met an angry user base that has found its performance and reasoning skills wanting. And in the … Read More “Guess what else GPT-5 is bad at? Security  – CyberScoop” »