Author: Joe-W

St. Paul hit by Interlock ransomware attack, 43GB of sensitive data leaked, city refuses ransom, launches Operation Secure…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Most security tools can’t see what happens inside the browser, but that’s where the majority of work, and risk, now lives. Security leaders deciding how to close that gap often face a choice: deploy a dedicated Enterprise Browser or add an enterprise-grade control layer to the browsers employees already use and trust. The Ultimate Battle: … Read More “The Ultimate Battle: Enterprise Browsers vs. Secure Browser Extensions  – The Hacker News” »

A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC products to breach organizations in the country. The NCSC-NL said it discovered the exploitation of CVE-2025-6543 targeting several critical organizations within the Netherlands, and that investigations are ongoing to determine the  – … Read More “Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors  – The Hacker News” »

SonicWall insists a spree of ransomware attacks hitting its Gen 7 firewalls is not linked to a zero-day vulnerability, but rather a critical defect the company previously disclosed and patched last summer in its network security operating system.  The vendor disputed initial assessments from outside researchers suggesting the speed and scale of the attacks pointed … Read More “SonicWall pins firewall attack spree on year-old vulnerability  – CyberScoop” »

A security vulnerability in a major carmaker’s online portal exposed customer data and could have let hackers remotely…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Using a seven-year-old vulnerability, researchers said they were able to realistically leak private data from public clouds, suggesting that a “lack of concern” about such supposedly impractical attacks is misguided, according to a presentation delivered Monday. The anonymous researchers presented their findings at a hacker conference, WHY2025, in the Netherlands, and they leaned on the … Read More “Researchers determine old vulnerabilities pose real-world threat to sensitive data in public clouds  – CyberScoop” »

The digital landscape for federal agencies is a constantly evolving battlefield. Adversaries are leveraging rapidly advancing technologies, including artificial intelligence, to devise more sophisticated attacks, while government leaders strive to keep up by modernizing systems and fortifying security measures. This creates an urgent, almost daily re-evaluation of strategies. One of the most significant pain points … Read More “Why cyber modernization requires partners with technical plus acquisition expertise  – CyberScoop” »

Using a seven-year-old vulnerability, researchers said they were able to realistically leak private data from public clouds, suggesting that a “lack of concern” about such supposedly impractical attacks is misguided, according to a presentation delivered Monday. The anonymous researchers presented their findings at a hacker conference, WHY2025, in the Netherlands, and they leaned on the … Read More “Researchers determine old vulnerabilities pose real-world threat to sensitive data in public clouds  – CyberScoop” »

The Federal Communications Commission has adopted new rules to make it more difficult for foreign firms to apply for licensing to build out submarine cables, citing the need to protect the continued construction of critical undersea cables that underpin the internet and transcontinental communications. The rules would require the FCC to presumptively deny “certain foreign … Read More “FCC tightens rules on foreign firms building undersea cables, citing security  – CyberScoop” »

Three Ghanaian men have been extradited to the US over $100 million fraud involving romance scams and business…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A national security-focused Commerce Department component would get fresh IT investments to help keep dual-use U.S. technologies from ending up in the wrong hands under a bill reintroduced late last week by a bipartisan pair of House lawmakers. The Bureau of Industry and Security IT Modernization Act from Reps. Jason Crow, D-Colo., and Tom Kean, … Read More “House lawmakers seek better tech for Commerce in fight against foreign powers  – CyberScoop” »

Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic. Details of the vulnerabilities – dubbed 2TETRA:2BURST – were presented at the Black Hat USA  … Read More “New TETRA Radio Encryption Flaws Expose Law Enforcement Communications  – The Hacker News” »

Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks. The vulnerability in question is CVE-2025-32433 (CVSS score: 10.0), a missing authentication issue that could be abused by … Read More “Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls  – The Hacker News” »

Hackers release 9GB of stolen files from the computer of an alleged North Korean hacker, revealing tools, logs,…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The cybersecurity world stands immeasurably stronger because of the vision, expertise, and leadership of Amit Yoran. Throughout his distinguished career, Amit fundamentally shaped the field of cybersecurity, setting new standards for excellence, innovation, and resilience. We are proud to honor Amit’s life with our first-ever lifetime CyberScoop 50 award.  Amit made an extraordinary impact on … Read More “CyberScoop 50 reveals 2025 winners; honors Amit Yoran with lifetime award   – CyberScoop” »

Scoop News Group is thrilled to honor the standout winners of the 2025 CyberScoop 50 Awards, recognizing the leaders who protect our networks, data, and infrastructure while driving innovation across cybersecurity. Over three months, voters nationwide nominated and selected trailblazers who demonstrated exceptional dedication, creativity, and resilience. With more than 800,000 votes across five categories, … Read More “Announcing the winners of the 2025 CyberScoop 50 awards  – CyberScoop” »

North Korean hackers ScarCruft shift from spying to ransomware, using VCD malware in phishing attacks, targeting South Korea…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

This week, cyber attackers are moving quickly, and businesses need to stay alert. They’re finding new weaknesses in popular software and coming up with clever ways to get around security. Even one unpatched flaw could let attackers in, leading to data theft or even taking control of your systems. The clock is ticking—if defenses aren’t … Read More “⚡ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More  – The Hacker News” »

The Evolution of Exposure Management Most security teams have a good sense of what’s critical in their environment. What’s harder to pin down is what’s business-critical. These are the assets that support the processes the business can’t function without. They’re not always the loudest or most exposed. They’re the ones tied to revenue, operations, and … Read More “6 Lessons Learned: Focusing Security Where Business Value Lives  – The Hacker News” »

London, United Kingdom, 11th August 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cary, United States, 11th August 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious … Read More “WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately  – The Hacker News” »

A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct power distributed denial-of-service (DDoS) attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, who presented their findings at the DEF CON … Read More “New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP  – The Hacker News” »

A cyberattack on Bouygues Telecom exposed data for 6.4 million customers. Find out what information was compromised and…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft’s Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server. The vulnerability, tracked as CVE-2025-49760 (CVSS score: 3.5), has been described by the tech giant as a Windows … Read More “Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation  – The Hacker News” »

AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have uncovered multiple security flaws in Dell’s ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware. The vulnerabilities have been codenamed  … Read More “Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models  – The Hacker News” »

Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. “This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system,” Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News. The  … Read More “Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks  – The Hacker News” »

A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Critical WinRAR flaw CVE-2025-8088 exploited by Russia-linked hackers to spread RomCom malware, update to version 7.13 now to…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users and likely resell them on dark web forums like Russian Market. The activity is assessed to be active since at least … Read More “RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes  – The Hacker News” »

Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions. Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering to trick the model into producing undesirable  – Read More  … Read More “Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems  – The Hacker News” »