Author: BrianKrebs

Austin, TX, USA, 6th August 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

GuidePoint Security uncovers a new Akira ransomware tactic targeting SonicWall VPNs. The group’s use of drivers to disable defenses is a significant threat to businesses.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

KLM confirms a data breach exposing customer info via a third-party system, affecting names, contact details and Flying Blue membership data.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which are from 2020 and 2022, are listed below – CVE-2020-25078 (CVSS score: 7.5) … Read More “CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence  – The Hacker News” »

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A hospital in Thailand has been fined after patient’s printed records were recycled as snack bags to hold crispy crepes.  – Read More  – Graham Cluley 

Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant. The system “automates what is considered the gold  … Read More “Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools  – The Hacker News” »

As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and … Read More “AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Reveals  – The Hacker News” »

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws. “A vulnerability … Read More “Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems  – The Hacker News” »

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. The attacks, which leverage phishing emails as an initial compromise vector, are used to deliver malware families like MATCHBOIL, … Read More “CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures  – The Hacker News” »

When Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers and thousands of users, that vision has proven itself. But … Read More “AI Is Transforming Cybersecurity Adversarial Testing – Pentera Founder’s Vision  – The Hacker News” »

SonicWall warned customers to disable encryption services on Gen 7 firewalls in the wake of an active attack spree targeting a yet-to-be identified vulnerability affecting a critical firewall service. Attacks have increased notably since Friday, the company said in a blog post. Threat hunters and incident responders from Arctic Wolf, Google and Huntress have observed … Read More “SonicWall firewalls hit by active mass exploitation of suspected zero-day  – CyberScoop” »

Identity has become the new cybersecurity perimeter. As federal agencies rapidly adopt cloud services, AI-powered tools and hybrid work models, identity security is now central to mission assurance. However, for many federal leaders, identity management remains a complex puzzle. The abundance of tools — from password managers to identity governance systems — often leads to … Read More “Why identity is the definitive cyber defense for federal agencies  – CyberScoop” »

As crypto-backed lending gathers momentum among institutions and everyday users, cybersecurity shadows every new transaction. Billions in digital…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The apparently disjointed response from Iranian hackers to the 12-day conflict with Israel in June actually demonstrated a significant degree of alignment and coordination, according to research published Tuesday. SecurityScorecard’s STRIKE Team analyzed 250,000 messages from Iranian proxies and hacktivists from more than 178 groups whose activity ranged from pushing propaganda to stealing data to … Read More “Iranian hackers were more coordinated, aligned during Israel conflict than it seemed  – CyberScoop” »

A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the way it did over the past year, according to new findings from Guardio Labs. “Like a real-world virus variant, this new ‘ClickFix’ strain quickly outpaced and ultimately wiped out the infamous fake browser … Read More “ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections  – The Hacker News” »

A new Cisco Talos report reveals critical flaws in Dell Latitude and Precision laptops. Find out how hackers can exploit the ControlVault chip to steal sensitive data.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications … Read More “Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval  – The Hacker News” »

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June … Read More “Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild  – The Hacker News” »

In episode 62 of The AI Fix, your hosts learn how AI models smash through CAPTCHA roadblocks like they’re made of wet tissue paper – so much for humanity’s last line of defence. Meanwhile, we meet a bottle-flipping robot and call BS on a cartwheeling cyborg, Graham has a full-blown breakdown over traffic light puzzles, … Read More “The AI Fix #62: AI robots can now pass CAPTCHAs, and punch you in the face  – Graham Cluley” »

Pandora cyber attack exposes customer data via third-party breach. No passwords or payment info leaked, but phishing risks remain.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Hackers are installing multiple RMMs like Atera and Splashtop in a new malware attack. This article details the abuse of Discord CDN link andn fake OneDrive phishing campaign discovered by Sublime Security.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real exposure. This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer  – Read More  … Read More “Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks  – The Hacker News” »

Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need … Read More “How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents  – The Hacker News” »

Cybersecurity researchers have lifted the veil on a widespread malicious campaign that’s targeting TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps. “Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users,” CTM360 said. “The core tactic involves … Read More “15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign  – The Hacker News” »

SonicWall said it’s actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025. “Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is … Read More “SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported  – The Hacker News” »

Google addressed six vulnerabilities affecting Android devices in its August security update, marking a months-long lull in the number of software defects disclosed and patched in the mobile operating system this summer. The company issued no security patches in its update last month. Yet, monthly Android security bulletins typically address dozens of vulnerabilities. Google’s Android … Read More “Google addresses six vulnerabilities in August’s Android security update  – CyberScoop” »

Artificial intelligence startup Perplexity is using stealthy techniques to get around network blocks against systematic browsing and scraping of web pages, Cloudflare said Monday in a blog post. The alleged activity prompted Cloudflare, which received complaints from its customers, to take action against Perplexity. “There are clear preferences that crawlers should be transparent, serve a … Read More “AI company Perplexity is sneaking to get around blocks on crawlers, Cloudflare alleges  – CyberScoop” »

A new Proofpoint report reveals how attackers are using Microsoft 365’s Direct Send and unsecured SMTP relays to…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto