Don’t get duped, doxxed, or drained! In this episode of “Smashing Security” we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger’s Discord server was hijacked in an attempt to phish for cryptocurrency recovery phrases. All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security...
The Consumer Financial Protection Bureau is set to withdraw a Biden-era rule aimed at cracking down on data brokers and their selling of Americans’ personal and financial information. In a notice set to publish Thursday in the Federal Register, the CFPB said legislative rulemaking on the data broker industry “is not necessary or appropriate at this time,” and the agency...
There is a lot of money in cyberattacks like ransomware, and unfortunately for organizations of all sizes, the… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The Department of Homeland Security won’t tell Congress how many employees at the Cybersecurity and Infrastructure Security Agency it has fired or pushed to leave, a top congressional Democrat said Wednesday. “You’ve overseen mass reductions in the workforce at CISA and” the Federal Emergency Management Agency, Mississippi Rep. Bennie Thompson, the top Democrat on the House Homeland Security Committee, told...
Flashpoint uncovers how North Korean hackers used fake identities to secure remote IT jobs in the US, siphoning… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the RansomExx ransomware – Read...
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. “Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to ...
A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee. According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering – Read More –...
Willkommen and welcome to the inuaguaral Pwn2Own Berlin! Not only is this our first time at the OffensiveCon conference, but it’s also our first time including an AI category in the event. We’ve assembled some of the finest security researchers in the world to test the security of these systems, and we can’t wait to see what happens. We had...
Weak passwords continue to be a major vulnerability for FTP servers. Specops’ latest report highlights the most frequent… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A new global phishing threat called “Meta Mirage” has been uncovered, targeting businesses using Meta’s Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing – Read More – The Hacker News
Did Siri record you? Apple is paying $95 million over Siri snooping allegations. Find out if you’re eligible… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available. Microsoft and several security firms have disclosed that...
Cybersecurity researchers have discovered a new phishing campaign that’s being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina. The campaign is “using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email – Read More – The Hacker...
Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%. As attacks rise – Read More – The Hacker News
A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers, while – Read More ...
Scammers impersonate government agencies on WhatsApp to target job seekers with fake offers, phishing sites, and identity theft… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Cary, North Carolina, 14th May 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
In late March, the nonprofit research organization MITRE celebrated the 25th anniversary of the Common Vulnerability and Exposures (CVE) program, a widely hailed scientific achievement funded by the U.S. government and administered by MITRE. The CVE program is the global bedrock of contemporary vulnerability management, cataloging and assigning unique identifiers to software vulnerabilities. Until April 15, cybersecurity defenders and data...
Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities...
Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below – CVE-2025-4427 (CVSS score: 5.3) – An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials – Read More ...
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. “A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to – Read More –...
Microsoft addressed 72 vulnerabilities affecting its core products and underlying systems, including five actively exploited zero-days across various Windows components, the company said in its latest security update Tuesday. “This is now the eight consecutive Patch Tuesday on which Microsoft has published zero-day vulnerabilities without evaluating any of them as critical severity at time of publication,” Adam Barnett, lead software...
CISA adds TeleMessage flaw to KEV list, urges agencies to act within 3 weeks after a breach exposed… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
President Donald Trump’s firing over the weekend of Shira Perlmutter, director of the U.S. Copyright Office, has drawn strong criticism from Democrats and tech experts who believe her dismissal is related to a report on generative AI and copyright law that the register of copyrights released a day earlier. That report, overseen by Perlmutter, questioned whether AI companies can legally...
Google is rolling out new security features for Android devices as part of its latest operating system update, Android 16, reinforcing its ongoing efforts to guard users against ever-changing threats. The measures target a spectrum of risks, from financial scams and impersonation attacks to theft protection and malware. One of the central advancements highlighted Tuesday is the enhancement of scam...
Liridon Masurica, the alleged lead administrator of cybercrime marketplace BlackDB.cc, was extradited to the United States on Friday and faces charges that carry a maximum penalty of 55 years in federal prison, the Justice Department said Tuesday. Masurica, 33, who is also known as “@blackdb,” was arrested by authorities in Kosovo on Dec. 12. He made his initial appearance in...
Zoom fixes multiple security bugs in Workplace Apps, including a high-risk flaw. Users are urged to update to… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
It’s the second Tuesday of the month, and the final patch Tuesday before Pwn2Own Berlin. I know several contestants are sweating it out and hoping their entries are patched out. While they quiver with anticipation, take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the...
In episode 50 of The AI Fix, AI brings a slain man back from the dead so he can appear at his killer’s trial, Mark gets a mysterious phone call, Trump uses AI to become Pope Donald the First, Zuck ponders the nature of friendship, Apple says the quiet part out loud, xAI springs a leak, and a philosophy professor...
Popular student engagement platform iClicker’s website was compromised with a ClickFix attack. A fake “I’m not a robot”… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A security lapse on PrepHero, a college recruiting platform, exposed millions of unencrypted records, including sensitive personal details… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A man has been jailed in Ireland for two years after pleading guilty to offences related to his illegal online business that sold ransomware and other malware, as well as stolen credit card details, and false bank accounts. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first –...
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. “Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign – Read More – The Hacker News
Apple rolled out a series of substantial security updates Monday for its major software platforms, with advisories covering iOS, iPadOS, and two versions of macOS lines, addressing more than 30 vulnerabilities in total. Among the numerous fixes, iOS 18.5 and iPadOS 18.5 introduce the first security update for Apple’s in-house C1 modem, featured in the newly released iPhone 16e. The...
As the Trump administration takes a hatchet to the federal government’s election security work and attempts to place conditions on funding to states, state and local election officials are pleading with lawmakers to provide robust support they say is crucial to keeping American elections secure. In a letter sent to leaders on the House and Senate Appropriations committees this week,...
The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.” “The group’s interest in Ukraine follows historical targeting – Read...
The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale. Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them. The Most Powerful Person on the – Read More ...
Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. “He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands,” officials said in a statement Monday. In conjunction with the – Read More – The Hacker...
A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. “These exploits have resulted in a collection of related user data from targets in Iraq,” the Microsoft Threat Intelligence team said. “The targets of the attack are associated with the Kurdish ...
Optimizing your online productivity is more important than ever. Whether you’re a business owner, freelancer, or simply someone… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Roblox hit with class action over alleged secret tracking of kids’ data; lawsuit claims privacy law violations and… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A hacker group claiming affiliation with Anonymous says it breached GlobalX Airlines, leaking sensitive flight and passenger data… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Federal authorities seized two domains and indicted four foreign individuals for alleged involvement in a long-running botnet service that infected older wireless internet routers, the Justice Department said Friday. The malware created for the botnet allowed infected routers to be reconfigured, which granted unauthorized access to third parties and made the routers available for sale as proxy servers on Anyproxy.net...
Federal authorities seized two domains and indicted four foreign individuals for alleged involvement in a long-running botnet service that infected older wireless internet routers, the Justice Department said Friday. The malware created for the botnet allowed infected routers to be reconfigured, which granted unauthorized access to third parties and made the routers available for sale as proxy servers on Anyproxy.net...
Check Point’s April 2025 malware report reveals increasingly sophisticated and hidden attacks using familiar malware like FakeUpdates, Remcos,… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that’s designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a – Read...
What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It’s not just clever—it’s – Read More –...
With the digital transformation movement sweeping the world and cyber threats evolving simultaneously to pose greater and greater… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
