Author: Joe-W

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could  – Read More  … Read More “CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation  – The Hacker News” »

GLOBAL GROUP Ransomware targets media giant Albavisión, claims 400 GB data theft as it continues hitting global sectors with advanced extortion tactics.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Researchers have disclosed a vulnerability in Gemini Command Line Interface (CLI), Google’s latest piece of “agentic” AI software for code development. The flaw, which was reported to Google and patched prior to disclosure, would have allowed an attacker to silently execute arbitrary code on a user’s machine. In one video demonstration, a researcher interacts with … Read More “Researchers flag flaw in Google’s AI coding assistant that allowed for ‘silent’ code exfiltration   – CyberScoop” »

If you’re running a WordPress site and rely on the Post SMTP plugin for email delivery, there’s something…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

macOS flaw dubbed Sploitlight allows attackers to access Apple Intelligence-cached data by abusing Spotlight plugins, bypassing privacy controls.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A new report from Google’s GTIG reveals how UNC3944 (0ktapus) uses social engineering to compromise Active Directory, then exploits VMware vSphere for data theft and direct ransomware deployment. Understand their tactics and learn vital mitigation steps.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In what’s the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal’s GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry. The packages contained code to exfiltrate GitHub authentication tokens and destroy victim systems, Socket said in a report published last week. … Read More “Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads  – The Hacker News” »

The US insurance giant has admitted that hackers stole personal info of the “majority” of its customers and staff earlier this month.  – Read More  – Graham Cluley 

It’s time for SpaceX to take strong action against scammers abusing the company’s Starlink internet service, Sen. Maggie Hassan said in a letter to CEO Elon Musk on Monday. The New Hampshire Democrat cited evidence accumulating over the past two years that some Southeast Asian fraudsters scamming billions of dollars from U.S. citizens have leaned … Read More “Sen. Hassan wants to hear from SpaceX about scammers abusing Starlink  – CyberScoop” »

There are few laws at the state or federal level to constrain data brokerage, the process by which companies collect and sell bulk data on people they’ve never met or done business with. States at the forefront of regulating the industry, like California, currently require hundreds of companies to register with the government and provide … Read More “Hundreds of registered data brokers ignore user requests around personal data  – CyberScoop” »

The FBI released a trove of research on The Com last week, warning that the sprawling cybercriminal network of minors and young adults is growing rapidly and splintering into three primary subsets described by officials as Hacker Com, In Real Life Com and Extortion Com. The warnings lay out how The Com’s thousands of members, … Read More “FBI alerts tie together threats of cybercrime, physical violence from The Com  – CyberScoop” »

European defence giant Naval Group has confirmed that it is investigating an alleged cyber attack which has seen what purports to be sensitive internal data published on the internet by hackers. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Some risks don’t breach the perimeter—they arrive through signed software, clean resumes, or sanctioned vendors still hiding in plain sight. This week, the clearest threats weren’t the loudest—they were the most legitimate-looking. In an environment where identity, trust, and tooling are all interlinked, the strongest attack path is often the one that looks like it … Read More “⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More  – The Hacker News” »

The “Tea” app, a new and popular social platform for women, confirmed a major data breach affecting users…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Picture this: you’ve hardened every laptop in your fleet with real‑time telemetry, rapid isolation, and automated rollback. But the corporate mailbox—the front door for most attackers—is still guarded by what is effectively a 1990s-era filter. This isn’t a balanced approach. Email remains a primary vector for breaches, yet we often treat it as a static … Read More “Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach  – The Hacker News” »

Sublime Security reveals a cunning romance/adult-themed scam targeting German speakers, leveraging Keitaro TDS to deliver an AutoIT-based malware loader. Learn how this sophisticated campaign operates, its deceptive tactics, and the hidden payload.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

News of two major Microsoft security events in as many weeks should concern every federal agency, not just because of the breaches themselves, but because of what they reveal about how the company does business. First, ProPublica uncovered that Microsoft allowed Chinese engineers to work on sensitive U.S. military cloud projects under the supervision of … Read More “Microsoft’s software licensing playbook is a national security risk  – CyberScoop” »

The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. “The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk,” Google’s Mandiant … Read More “Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure  – The Hacker News” »

Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium’s Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. “These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device,” Nozomi Networks Labs said in a  – … Read More “Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide  – The Hacker News” »

Arizona woman jailed 8.5 years for aiding North Korea’s $17 million IT job scam, defrauding over 300 US companies. Learn how to protect your business from such sophisticated cybersecurity threats.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers at CloudSEK’s STRIKE team used facial recognition and GPS data to expose a massive, over $2…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

BreachForums resurfaces on its original .onion domain amid law enforcement crackdowns, raising questions about its admin, safety and future.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

International law enforcement agencies, including the FBI and Europol, have successfully seized the infrastructure of the notorious BlackSuit ransomware gang in Operation Checkmate. This article details the takedown, BlackSuit’s origins, and the ongoing fight against evolving cyber threats.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Medusa Ransomware breached NASCAR, demanded $4 million, leaked sensitive data including maps and staff info, exposing major security failures. The incident was exclusively reported by Hackread.com.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

On January 25th, 2025, the Trend Zero Day Initiative (ZDI) received a report from Kentaro Kawane of GMO Cybersecurity by Ierae regarding a deserialization of untrusted data vulnerability in Cisco Identity Services Engine (ISE). This pre-authentication vulnerability existed in the enableStrongSwanTunnel method of the DescriptionRegistrationListener class. While analyzing this vulnerability, I noticed that the same … Read More “CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability  – Zero Day Initiative – Blog” »

The State Department announced Thursday it will pay up to $15 million for information leading to the arrest of seven North Korean nationals accused of operating criminal schemes that generate revenue for Pyongyang’s weapons programs, marking the latest effort to disrupt financing networks that have funneled money around sanctions. The coordinated action that also involved … Read More “US offers $15 million reward for info on North Korean nationals involved in global criminal network  – CyberScoop” »

The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. “The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems,” Arctic Wolf Labs … Read More “Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files  – The Hacker News” »

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology (IT) worker scheme designed to generate illicit revenues for Pyongyang. The sanctions target Korea Sobaeksu Trading Company (aka Sobaeksu United Corporation), and Kim Se … Read More “U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm  – The Hacker News” »

Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration. The activity, dubbed Operation CargoTalon, has been assigned to a threat cluster tracked as UNG0901 (short for Unknown Group 901). “The campaign is aimed at targeting employees of Voronezh Aircraft Production … Read More “Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor  – The Hacker News” »

A hacker injected a malicious prompt into Amazon Q via GitHub, aiming to delete user files and wipe AWS data, exposing a major security flaw.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which sensitive data was uploaded to platforms hosted in China, … Read More “Overcoming Risks from Chinese GenAI Tool Usage  – The Hacker News” »

Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners. The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively. Soco404 “targets both Linux and Windows systems, deploying platform-specific malware,” Wiz  – Read More  – The … Read More “Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks  – The Hacker News” »