Author: Matt Kapko

A Russian nation-state threat group has been spying on foreign diplomats, managing continuous access to their  communications and data in Moscow since at least 2024, according to Microsoft Threat Intelligence. Secret Blizzard is gaining “adversary-in-the-middle” positions on Russian internet service providers and telecom networks by likely leveraging surveillance tools and deploying malware on targeted devices, … Read More “Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow  – CyberScoop” »

Researchers identify a new SS7 encoding attack used by a surveillance vendor to bypass security and access mobile subscriber data without detection.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. “Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering techniques to successfully convince the targeted employees to execute malicious Docker containers in their  – Read … Read More “N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto  – The Hacker News” »

Cybersecurity trends in 2025 reveal rising AI threats, quantum risks, and supply chain attacks, pushing firms to adapt or face major data and financial losses.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

As the Trump administration has sought to muscle through changes to election laws and rules across the country, Democrats in Congress have steadily escalated their concerns about the potential for disenfranchisement. At a public forum Wednesday held by Democratic lawmakers focused on elections and voter suppression, Sen. Alex Padilla, D-Calif., ranking member on the Senate … Read More “Senate Democrats call Trump admin’s focus on state voter rolls a pretext for disenfranchisement  – CyberScoop” »

The viral women-only dating safety app Tea, built to flag red flags, gets flagged itself – after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs, and a dash of 4chan creepiness. Yikes. Plus, Carole takes us down memory lane as she hangs up her co-host mic … Read More “Smashing Security podcast #428: Red flags, leaked chats, and a final farewell  – Graham Cluley” »

Google this week changed how it publicly discloses vulnerabilities in a bid to give defenders early details about new software defects it discovers, shortening the early window of time between a vendor releasing a patch and customers installing the security update. Project Zero, Google’s squad of security researchers who find and study zero-day vulnerabilities, will … Read More “Project Zero disclosure policy change puts vendors on early notice  – CyberScoop” »

Man in the Prompt attack shows how browser extensions can exploit ChatGPT, Gemini and other AI tools to steal data or inject hidden prompts.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A bipartisan pair of senators are introducing legislation Thursday that would direct a White House office to develop a strategy for reckoning with the cybersecurity ramifications of quantum computers, and require agencies to begin pilot programs on quantum-safe encryption. Sens. Gary Peters, D-Mich., and Marsha Blackburn, R-Tenn., say the National Quantum Cybersecurity Migration Strategy Act … Read More “Senate legislation would direct federal agencies to fortify against quantum computing cyber threats  – CyberScoop” »

watchTowr’s latest research details critical SonicWall SMA100 flaws (CVE-2025-40596, 40597, 40598). Discover how pre-auth stack/heap overflows and XSS put SSL-VPNs at risk. Patch now!  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets. The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct  … Read More “Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps  – The Hacker News” »

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. “Because the ransomware is now considered dead, we released the decryptor for public download,” Gen Digital researcher Ladislav Zezula said. FunkSec, which emerged towards the end of 2024, has claimed 172 victims, according … Read More “FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant  – The Hacker News” »

The notorious INC Ransomware group is claiming responsibility for a data breach at Dollar Tree, the American retail…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Palo Alto Networks has agreed to acquire identity security firm CyberArk for approximately $25 billion, marking the cybersecurity giant’s largest acquisition and its formal entry into the identity security market as the industry continues consolidating amid rising cyber threats. The transaction ranks among the largest technology acquisitions this year and underscores the market’s focus on … Read More “Palo Alto Networks to acquire CyberArk for $25 billion  – CyberScoop” »

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. “The flaws, affecting the device’s ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,”  – Read More  … Read More “Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits  – The Hacker News” »

Akamai’s latest Ransomware Report 2025 reveals “quadruple extortion,” new AI-driven tactics by groups like Black Basta, FunkSec, and TrickBot, and growing threats to non-profits. Learn about evolving cyber threats.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser’s ANGLE and GPU components … Read More “Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome  – The Hacker News” »

In this article, we will provide a brief overview of Pillar Security’s platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new … Read More “Product Walkthrough: A Look Inside Pillar’s AI Security Platform  – The Hacker News” »

During a Senate Homeland Security and Governmental Affairs Committee hearing earlier this month in which lawmakers considered if Sean Plankey is fit to become director of the Cybersecurity and Infrastructure Security Agency, ranking member Gary Peters asked the CISA nominee how he would ensure the agency meets all of its statutory requirements, including those in … Read More “CISA is facing a tight CIRCIA deadline. Here’s how Sean Plankey can attempt to meet it  – CyberScoop” »

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities. The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access … Read More “Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools  – The Hacker News” »

Menlo Park, United States, 30th July 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The average cost of a data breach for U.S. companies jumped 9% to an all-time high of $10.22 million in 2025, as the global average cost fell 9% to $4.44 million, IBM said in its 20th annual Cost of a Data Breach Report Wednesday. While shorter investigations are pushing down costs globally, reflecting the first … Read More “Research shows data breach costs have reached an all-time high  – CyberScoop” »

Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using … Read More “Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero  – The Hacker News” »

Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses. “Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn’t … Read More “Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure  – The Hacker News” »

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. “Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked … Read More “Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware  – The Hacker News” »