Attackers are having a field day with software defects in security devices, according to a new report released Wednesday by Mandiant Exploits were the most common initial infection vector, representing 1 of every 3 attacks in 2024, and the four most frequently exploited vulnerabilities were all contained in edge devices, such as VPNs, firewalls and routers, Mandiant said in its...
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows...
Multiple threat activity clusters with ties to North Korea (aka Democratic People’s Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. “The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North Korea,” Google-owned Mandiant said in ...
It looks like 2024 was a record year in cybercrime for all the wrong reasons, according to the FBI’s annual Internet Crime Complaint Center (IC3) report released Wednesday. As cyber-enabled fraud and ransomware continue to harm individuals, businesses, and critical infrastructure, the report, now in its 25th year, provides crucial insight into evolving criminal tactics and their nationwide impact. The...
Free up space on your iPhone fast. Learn 5 proven ways to clear storage, remove clutter, and manage photos, apps, and files with no gimmicks, just results. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionage-related operations. The intrusion set is said to have distributed the malware through a “complex ...
Lattica’s cloud-based solution uses Fully Homomorphic Encryption to query encrypted data on AI models without decrypting it, preserving privacy and bolstering security. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
AOA, DaVita, and Bell Ambulance hit by ransomware in 2025. Over 245K affected as hackers steal patient data,… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. “The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs,” Doctor Web said in an ...
Multiple suspected Russia-linked threat actors are “aggressively” targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device code – Read More –...
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before. Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary – Read More – The Hacker News
Marks & Spencer (M&S) cyberattack disrupts contactless payments and Click & Collect; investigation launched as retailer apologises and… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Last year, the escalating concerns about Chinese threat actors breaching U.S. organizations reached a crescendo as federal authorities issued increasingly urgent advisories about China’s “Typhoon” groups infiltrating U.S. networks, pressing organizations to take immediate action. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that these groups were engaged in a host of massive...
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users’ private keys. The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and...
Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. “We’ve made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies,” Anthony Chavez, vice...
Cybercriminals and state-sponsored threat groups exploited vulnerabilities and initiated ransomware attacks with vigor last year, escalating the scope of their impact by hitting more victims and outmaneuvering defenses with speed. The rate of ransomware detected in data breaches jumped 37%, occurring in 44% of the 12,195 data breaches reviewed in Verizon’s 2025 Data Breach Investigations Report released Wednesday. Researchers observed...
GPT-4.1, the latest family of generative AI models from OpenAI, was released earlier this month with promised improvements around coding, instruction following and context. It’s also the first model released by the company since it announced changes to the way it tests and evaluates products for safety. Unlike its previous fine-tuned models, OpenAI did not release a corresponding safety report...
Fake Alpine Quest app laced with spyware was used to target Russian military Android devices, stealing location data,… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
An SSL.com vulnerability allowed attackers to issue valid SSL certificates for major domains by exploiting a bug in… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
In what has been described as an “extremely sophisticated phishing attack,” threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google’s infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. “The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com,” Nick...
Cybersecurity researchers have detailed a malware campaign that’s targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources. This involves deploying a malware strain – Read More – The Hacker News
In episode 47 of The AI Fix, o3 becomes the best competitive programmer in the world, hacked California crosswalks speak with the voice of Elon Musk and Mark Zuckerberg, Meta introduces a herd of Llamas, Graham explains what a “lollipop lady” is, and Google talks to some dolphins. Graham discovers an AI that’s just a warehouse full of people, o3...
IBM X-Force observed an identical breakdown of the top methods cybercriminals used to intrude networks for two years running, the company said in its annual Threat Intelligence Index. The top initial access vectors, valid account credentials and exploitation of public-facing applications, each accounted for 30% of IBM X-Force incident response cases last year. By focusing on identity-based attacks, cybercriminals are...
Terrance, United States / California, 22nd April 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that’s based on Apache Airflow. “This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which – Read More –...
Regulator prohibits leasing of ‘global titles’ phone numbers by mobile operators after industry efforts to tackle problem were ineffective The UK communications regulator is banning mobile operators from leasing numbers that can be used by criminals to intercept and divert calls and messages, including security codes sent by banks to customers. Ofcom said it would stop the leasing of “global...
Was your Microsoft Entra ID account locked? Find out about the recent widespread lockouts caused by the new… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Artificial intelligence is transforming industries, but its adoption also raises ethical and cybersecurity concerns, especially in the regulated… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Threat actors are exploiting bulletproof hosting service Proton66 for malicious activities, including campaigns from SuperBlack ransomware operators, Android… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware’s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work. ...
U.S. ports are vital to the flow of imports and exports; however, the entire maritime transportation system’s cybersecurity is exceedingly vulnerable. The August 2024 ransomware attack at the Port of Seattle resulted in significant cargo delays and a data breach of 90,000 individuals. Such a wide-scale incursion could have resulted in a longer loss of communications, further security breaches, and...
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it’s also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and...
The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. “Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company,” the Symantec Threat Hunter Team said in a new report – Read...
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from...
There’s nothing like the freedom of the open road when you’re on a motorcycle. But staying connected while… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Fake Booking.com emails trick hotel staff into running AsyncRAT malware via fake CAPTCHA, targeting systems with remote access… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A federal judge last week placed strict limits on the kind of evidence NSO Group can raise during a trial on damages in the lawsuit WhatsApp brought against the spyware vendor over allegations it hacked 1,400 of the messaging platform’s users. Under the order, NSO Group is prohibited from presenting evidence about its customers’ identities, implying the targeted WhatsApp users...
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). “In some systems, initial access was gained through – Read More – The Hacker...
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). “In some systems, initial access was gained through – Read More – The Hacker...
Two top officials at the Cybersecurity and Infrastructure Security Agency who worked with the private sector to manufacture secure products and technology are leaving the agency. Bob Lord, senior technical adviser and Lauren Zabierek, senior advisor at CISA, were both chief architects behind CISA’s Secure by Design initiative, which garnered voluntary commitments from major vendors and manufacturers to build cybersecurity...
Morphisec discovers a new malware threat ResolverRAT, that combines advanced methods for running code directly in computer memory,… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to – Read More –...
Dallas, United States, TX, 21st April 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Government-backed hacking groups from North Korea (TA427), Iran (TA450), and Russia (UNK_RemoteRogue, TA422) are now using the ClickFix… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More – The Hacker News
Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured...
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose...
Cybersecurity researchers have disclosed a surge in “mass scanning, credential brute-forcing, and exploitation attempts” originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week. “Net – Read More – The Hacker News
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that’s targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. “While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool – Read More ...
Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Midnight Blizzard (APT29/Cozy Bear) targets European embassies and Ministries of Foreign Affairs with sophisticated phishing emails disguised as… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
