Author: Joe-W

A Chinese-language PhaaS platform Haozi is making cybercrime easy with no tech skills needed. Discover how this plug-and-play service facilitated over $280,000 in illicit transactions.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Victoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn’t mince words: “Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn’t, … Read More “From the “Department of No” to a “Culture of Yes”: A Healthcare CISO’s Journey to Enabling Modern Care  – The Hacker News” »

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. “The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of … Read More “China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil  – The Hacker News” »

The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in  – … Read More “U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud  – The Hacker News” »

“We don’t just want payment; we want accountability.” The malicious hackers behind the Interlock ransomware try to justify their attacks. Learn more about what you need to know about Interlock in my article on the Tripwire State of Security blog.  – Read More  – Graham Cluley 

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. “ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very … Read More “ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach  – The Hacker News” »

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. “We detected and removed these campaigns before they were able to build authentic audiences on our apps,” the social media giant said in its quarterly Adversarial Threat Report. This included a network … Read More “Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas  – The Hacker News” »

Two of the parties behind an AI-generated robocall that imitated then-President Joe Biden and warned residents not to vote in the New Hampshire Democratic primary have agreed to settle a civil lawsuit brought by voting groups. As part of a consent order signed Thursday in the U.S. District Court for the District of New Hampshire, … Read More “Parties behind 2024 Biden AI robocall reach deal in lawsuit  – CyberScoop” »

The Treasury Department on Thursday sanctioned Philippines-based Funnull Technology and its administrator Liu Lizhi for allegedly providing infrastructure that supported thousands of cryptocurrency investment scams, also known as “pig butchering.”  Funnull directly aided the majority of virtual currency investment scam sites reported to the FBI, resulting in more than $200 million in losses for U.S.-based … Read More “Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims  – CyberScoop” »

Cisco Talos uncovers CyberLock ransomware, Lucky_Gh0$t, and Numero malware masquerading as legitimate software and AI tool installers. Learn…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. “CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim’s system,” Cisco Talos researcher … Read More “Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools  – The Hacker News” »

Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet. The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable. While the DOS header makes the … Read More “New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers  – The Hacker News” »

Fortinet spots new malware that corrupts its own headers to block forensic analysis, hide behavior, and communicate with its C2 server.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

PALO ALTO, California, 29th May 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider’s (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It’s believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that … Read More “DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints  – The Hacker News” »

Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2). The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities. … Read More “Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations  – The Hacker News” »

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists … Read More “Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin  – The Hacker News” »

Why is a cute Star Wars fan website now redirecting to the CIA? How come Cambodia has become the world’s hotspot for scam call centres? And can a WhatsApp image really drain your bank account with a single download, or is it just a load of hacker hokum? All this and much more is discussed … Read More “Smashing Security podcast #419: Star Wars, the CIA, and a WhatsApp malware mirage  – Graham Cluley” »

A recent investigation by cybersecurity researchers at Oasis Security has revealed a data overreach in how Microsoft’s OneDrive…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Multiple attackers are raiding Ivanti customers’ systems again by exploiting a pair of closely intertwined vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) to achieve unauthenticated remote code execution. The software defects — CVE-2025-4427 and CVE-2025-4428 — were exploited as zero-days before Ivanti disclosed and patched the flaws. “We are aware of a very limited number … Read More “Questions mount as Ivanti tackles another round of zero-days  – CyberScoop” »

Researchers reveal how guest accounts with billing roles can create Azure subscriptions inside external tenants, gaining unexpected Owner access and opening hidden privilege risks.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Google said Wednesday that it caught suspected People’s Republic of China-backed hackers leveraging its Calendar service to help stealthily stage attacks on government agencies. In late October of last year, Google Threat Intelligence Group said it “discovered an exploited government website hosting malware being used to target multiple other government entities,” the company’s Patrick Whitsell … Read More “Chinese hackers used Google Calendar to aid attacks on government entities  – CyberScoop” »

Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The Czech Republic on Wednesday formally accused a threat actor associated with the People’s Republic of China (PRC) of targeting its Ministry of Foreign Affairs. In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. … Read More “Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack  – The Hacker News” »

An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand … Read More “Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore  – The Hacker News” »

ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have discovered a security flaw in Microsoft’s OneDrive File Picker that, if successfully exploited, could allow websites to access a user’s entire cloud storage content, as opposed to just the files selected for upload via the tool. “This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain … Read More “Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File  – The Hacker News” »

Stealer malware no longer just steals passwords. In 2025, it steals live sessions—and attackers are moving faster and more efficiently than ever. While many associate account takeovers with personal services, the real threat is unfolding in the enterprise. Flare’s latest research, The Account and Session Takeover Economy, analyzed over 20 million stealer logs and tracked … Read More “From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign  – The Hacker News” »

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. “Rather than scanning the internet, the malware retrieves a list … Read More “New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto  – The Hacker News” »