Cybersecurity News from Across the Internet
If you live in the UK/EU/Canada/Hong Kong, LinkedIn has given you until Monday to stop AI from training on your profile. You have to opt-out if you don’t want this to happen to your data. Take action now, and tell your friends. Read more in my article on the Hot for Security blog. – Read … Read More “LinkedIn gives you until Monday to stop AI from training on your profile – Graham Cluley” »
Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table. Meanwhile, researchers have found they could poke around an FIA driver portal to pull up the personal details of Formula 1 megastars. All this and more is discussed in … Read More “Smashing Security podcast #441: Inside the mob’s million-dollar poker hack, and a Formula 1 fumble – Graham Cluley” »
A new investigation from mobile security firm Zimperium has revealed a fast-growing cybersecurity threat targeting Android users through… – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
A major Microsoft outage has disrupted Azure, Microsoft 365, Xbox, and Minecraft worldwide after a configuration failure, with services now gradually recovering. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
A 19-year-old California man associated with the nihilistic violent extremist group 764 pleaded not guilty to multiple charges of animal crushing, sexual exploitation of a minor, possession of child sexual abuse material (CSAM), cyberstalking and interstate extortion in a federal court Tuesday. Tony Christopher Long of Porterville, Calif., allegedly committed the various criminal acts in … Read More “Alleged 764 member faces up to 69 years in prison for string of suspected violent crimes – CyberScoop” »
An ex-L3 Harris executive pleaded guilty to two counts of theft of trade secrets Wednesday, admitting to selling eight zero-day exploits to a Russian broker in exchange for millions of dollars. Peter Williams, 39, pleaded guilty in the District Court of the District of Columbia to two counts of theft of trade secrets. Court records … Read More “Ex-L3Harris exec pleads guilty to selling zero-day exploits to Russian broker – CyberScoop” »
The Trump administration’s zeal to stamp out diversity, equity and inclusion programs is affecting national cybersecurity research, as a key open-source security foundation announced it would reject federal grant funding. The Python Software Foundation (PSF), which promotes safe and secure Python coding practices and helps oversee PyPI, the world’s largest open-source code repository for Python, … Read More “Open-source security group pulls out of U.S. grant, citing DEI restrictions – CyberScoop” »
Tel Aviv, Israel, 29th October 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Hackers exploit critical XWiki flaw CVE-2025-24893 to hijack corporate servers for cryptomining, with active attacks confirmed by VulnCheck researchers. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT … Read More “New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts – The Hacker News” »
Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. “These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks,” the Qualys Threat Research Unit (TRU) said … Read More “Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices – The Hacker News” »
Your main rival in the fintech space just raised $20 million in a very successful Series B funding… – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government … Read More “Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics – The Hacker News” »
BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge. Introduction The next major breach won’t be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it’s the “ghost” identity from a 2015 breach lurking … Read More “Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc – The Hacker News” »
Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It’s no longer a future concept—it’s here, and it’s already reshaping how teams operate. AI’s capabilities are profound: it’s speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more … Read More “Discover Practical AI Tactics for GRC — Join the Free Expert Webinar – The Hacker News” »
Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems. “The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer … Read More “10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux – The Hacker News” »
Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck. The vulnerabilities are listed below – CVE-2025-6204 (CVSS score: 8.0) – A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker … Read More “Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack – The Hacker News” »
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru … Read More “Aisuru Botnet Shifts from DDoS to Residential Proxies – Krebs on Security” »
Everest ransomware group leaks alleged AT&T Carrier data, demands $1 million for Dublin Airport files and $2 million for Air Arabia employee records. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
F5 CEO François Locoh-Donou said on a company earnings call that there were two categories of impact on customers following a nation-state attacker’s long-term, persistent access to its systems: widespread emergency updates to BIG-IP software and hardware, and customers whose configuration data was stolen during the attack. “We were very impressed frankly, with the speed … Read More “F5 asserts limited impact from prolonged nation-state attack on its systems – CyberScoop” »
A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment (TEE) in a computer’s main processor, including Intel’s Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX) and AMD’s Secure Encrypted Virtualization with Secure … Read More “New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves – The Hacker News” »
US teen indicted for involvement in extremist “764” network, accused of child exploitation, animal cruelty, and cyberstalking, says the Justice Department. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover (DTO) attacks. “Herodotus is designed to perform device takeover while making first attempts to mimic human behaviour and bypass behaviour biometrics detection,” ThreatFabric said in a report … Read More “New Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems by Typing Like a Human – The Hacker News” »
As AI browser agents enter the market promising to help people shop, hire employees or assist with other online tasks, security researchers are warning that the information these programs collect from the internet can be manipulated and corrupted without anyone ever realizing it. In new research shared exclusively with CyberScoop, AI cybersecurity firm SPLX highlighted … Read More “Exclusive: OpenAI’s Atlas browser — and others — can be tricked by manipulated web content – CyberScoop” »
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster … Read More “Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains – The Hacker News” »
A new Python-based infostealer called RedTiger is targeting Discord gamers to steal authentication tokens, passwords, and payment information. Learn how the malware works, its evasion tactics, and essential security steps like enabling MFA. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
In episode 74 of The AI Fix, we meet Amazon’s AI-powered delivery glasses, an AI TV presenter who doesn’t exist, and an Ohio lawmaker who wants to stop people from marrying their chatbot. Also, we learn how Geoffrey Hinton and Steve Wozniak have teamed up with the unlikely coupling of will.i.am and Steve Bannon to … Read More “The AI Fix #74: AGI, LLM brain rot, and how to scam an AI browser – Graham Cluley” »
In cybersecurity, speed isn’t just a win — it’s a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more confidently your business keeps scaling. Early threat detection isn’t about preventing a breach someday: it’s about protecting the revenue you’re supposed to earn … Read More “Why Early Threat Detection Is a Must for Long-Term Business Growth – The Hacker News” »
As more of our communication and work move online, keeping large file transfers secure has become a serious… – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Mass exploitation attacks are once again targeting WordPress websites, this time through serious vulnerabilities in two popular plugins,… – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The New Reality for Lean Security Teams If you’re the first security or IT hire at a fast-growing startup, you’ve likely inherited a mandate that’s both simple and maddeningly complex: secure the business without slowing it down. Most organizations using Google Workspace start with an environment built for collaboration, not resilience. Shared drives, permissive settings, … Read More “Is Your Google Workspace as Secure as You Think it is? – The Hacker News” »
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky. The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 … Read More “Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware – The Hacker News” »
A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025. The activity “reveals a notable evolution in SideWinder’s TTPs, particularly the adoption of … Read More “SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats – The Hacker News” »
Serverless architectures have fundamentally altered the cybersecurity landscape, creating attack vectors that traditional security models cannot address. After… – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Attackers are actively exploiting a critical vulnerability in Windows Server Update Services, bypassing a patch Microsoft issued earlier this month that failed to mitigate the issue affecting software versions dating back to 2012. Microsoft released an emergency, out-of-band security update for CVE-2025-59287 on Thursday. Multiple research firms detected in-the-wild exploitation by Friday, yet Microsoft has … Read More “Attackers bypass patch in deprecated Windows Server update tool – CyberScoop” »
LayerX Security found a flaw in OpenAI’s ChatGPT Atlas browser that lets attackers inject commands into its memory, posing major security and phishing risks. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Kaspersky researchers said Monday that they’ve unearthed a malware campaign they’re linking to the successor company of the infamous Italy-based surveillance tech firm Hacking Team, and at the same time discovered new commercial malware tied to the same firm. The malware campaign that Kaspersky dubbed Operation ForumTroll targeted government organizations, media outlets, financial institutions, universities, … Read More “Hacking Team successor linked to malware campaign, new ‘Dante’ commercial spyware – CyberScoop” »
New York, New York, USA, 27th October 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Unsecured House Democrats’ resume bank (DomeWatch) exposed 7,000 records, including PII and “top secret” clearance status, raising identity theft fears. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Social media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure continued access to the service. To that end, users are being asked to complete the re-enrollment, either using their existing security key or enrolling a new one, … Read More “X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts – The Hacker News” »
Cybersecurity researchers have discovered a new vulnerability in OpenAI’s ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant’s memory and run arbitrary code. “This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware,” LayerX – Read More … Read More “New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands – The Hacker News” »
Researchers have uncovered HyperRat, a new Android malware sold as a service, giving attackers remote control, data theft tools, and mass phishing features. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
London, United Kingdom, 27th October 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far … Read More “⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens – The Hacker News” »
X (formerly Twitter) is asking users with security keys to re-enroll by Nov 10 as it moves logins from twitter.com to x.com for continued 2FA access. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June. The development comes as the ransomware-as-a-service (RaaS) operation has … Read More “Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack – The Hacker News” »
The newly released OpenAI Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to visit. “The omnibox (combined address/search bar) interprets input either as a URL to navigate to, or as a natural-language command … Read More “ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands – The Hacker News” »
Everest ransomware group claims to have stolen 1.5 million passenger records from Dublin Airport and personal data of 18,000 Air Arabia employees in latest breaches. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Hackers earned over $1 million at Pwn2Own Ireland 2025 in Cork, breaching printers, routers, NAS devices, and more as Summoning Team claimed Master of Pwn. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The financial industry is transforming as artificial intelligence (AI) is becoming an integral tool for managing operations, improving… – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
