Cybersecurity News from Across the Internet
Everest ransomware group claims a breach of AT&T Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. “Although these domains are registered through a Hong Kong-based registrar and use Chinese nameservers, … Read More “Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation – The Hacker News” »
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the … Read More “Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability – The Hacker News” »
The United States needs to counter China’s “attempt to export a surveillance state across planet Earth,” and instead push a “clean American tech stack” globally, National Cyber Director Sean Cairncross said Friday. “It’s important that we send that message and engage with not only partners that we have now, but potential partners who are looking … Read More “National cyber director says U.S. needs to counter Chinese surveillance, push American tech – CyberScoop” »
A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. … Read More “APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign – The Hacker News” »
Paris, France, 24th October 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
New Android malware Baohuo hijacks Telegram X accounts, stealing data and controlling chats. Over 58,000 devices infected, mainly in India and Brazil. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even realize it. This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences what organizations prioritize, where they – … Read More “The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently – The Hacker News” »
In recent years, the cybersecurity industry has made significant strides in securing endpoints with advanced Endpoint Detection and Response (EDR) solutions, and we have been successful in making life more difficult for our adversaries. While this progress is a victory, it has also produced a predictable and dangerous consequence where threat actors are shifting their … Read More “Shifting from reactive to proactive: Cyber resilience amid nation-state espionage – CyberScoop” »
A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads. Active since 2021, the network has published more than 3,000 malicious videos to date, with the volume of such videos tripling … Read More “3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation – The Hacker News” »
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps … Read More “Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack – The Hacker News” »
North Korea’s Lazarus threat group attacked three Europe-based companies with active operations in the defense sector last spring to potentially steal sensitive data about drone components and software, ESET researchers said in a report released Thursday. The attacks initiated by North Korea’s long-running advanced persistent threat group, which specializes in espionage, sabotage and financial gain, … Read More “North Korea’s Lazarus group attacked three companies involved in drone development – CyberScoop” »
Medusa ransomware leaks 186 GB of Comcast data, claiming 834 GB stolen after a $1.2M ransom demand apparently went unpaid. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Operant AI reveals Shadow Escape, a zero-click attack using the MCP flaw in ChatGPT, Gemini, and Claude to secretly steal trillions of SSNs and financial data. Traditional security is blind to this new AI threat. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The New York Department of Financial Services published updates this week to longstanding industry guidance that urges financial services companies to closely watch their third-party providers. While the guidance’s updates are numerous, they are, according to the state, mostly intended to provide clarity as the technology landscape shifts. A department press release notes that the … Read More “New York updates third-party risk guidance, adds AI provisions – CyberScoop” »
Federal prosecutors have accused a former executive at L3Harris Technologies’ cyber division of stealing trade secrets and selling them to an undisclosed buyer in Russia, according to court documents obtained by CyberScoop. The Department of Justice filed charges against Peter Williams, an Australian national who served as general manager of Trenchant, a specialized cybersecurity division … Read More “Ex-L3Harris executive accused of selling trade secrets to Russia – CyberScoop” »
Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. “Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be … Read More “North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets – The Hacker News” »
Palo Alto, California, 23rd October 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target. This week’s ThreatsDay highlights show exactly how those weak points are … Read More “ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More – The Hacker News” »
AI is everywhere—and your company wants in. Faster products, smarter systems, fewer bottlenecks. But if you’re in security, that excitement often comes with a sinking feeling. Because while everyone else is racing ahead, you’re left trying to manage a growing web of AI agents you didn’t create, can’t fully see, and weren’t designed to control. … Read More “Secure AI at Scale and Speed — Learn the Framework in this Free Webinar – The Hacker News” »
Massive Synthient Stealer Log leak adds 183 million stolen usernames and passwords to Have I Been Pwned, exposing new victims worldwide. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
SentinelLABS’ research reveals PhantomCaptcha, a highly coordinated, one-day cyber operation on Oct 8, 2025, targeting the International Red Cross, UNICEF, and Ukraine government groups using fake emails and a Remote Access Trojan (RAT) linked to Russian infrastructure. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability, it creates what security – … Read More “Why Organizations Are Abandoning Static Secrets for Managed Identities – The Hacker News” »
Last week, Cybersecurity and Infrastructure Security Agency officials spoke candidly about the challenges they faced tracking the use of F5 products across the civilian federal government. While CISA knows there are thousands of instances of F5 currently in use, it admitted it wasn’t certain where each instance was deployed. The uncertainty came as the agency … Read More “F5 vulnerability highlights weak points in DHS’s CDM program – CyberScoop” »
Researchers have uncovered a long-running phishing campaign that uses text messages to trick victims, and it’s both bigger and more complex than previously thought. The operation, dubbed Smishing Triad, is managed in Chinese and involves thousands of malicious actors, including dozens of active, high-level participants, Palo Alto Networks’ research unit told CyberScoop. Unit 42 has … Read More “Researchers track surge in high-level Smishing Triad activity – CyberScoop” »
Researchers have uncovered a long-running phishing campaign that uses text messages to trick victims, and it’s both bigger and more complex than previously thought. The operation, dubbed Smishing Triad, is managed in Chinese and involves thousands of malicious actors, including dozens of active, high-level participants, Palo Alto Networks’ research unit told CyberScoop. Unit 42 has … Read More “Researchers track surge in high-level Smishing Triad activity – CyberScoop” »
Welcome to the third and final day of Pwn2Own Ireland 2025. So far, we’ve awarded $792,750 for 56 unique 0-day bugs, and we still have 17 attempts to go! We’ll be updating this blog with live results as we have them, so refresh often. WITHDRAW – CyCraft Technology has withdrawn their attempt against the Amazon … Read More “Pwn2Own Ireland 2025: Day Three and Master of Pwn – Zero Day Initiative – Blog” »
Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. “Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards,” Palo Alto Networks Unit 42 … Read More ““Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards – The Hacker News” »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client – Read More … Read More “Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms – The Hacker News” »
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation … Read More “Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw – The Hacker News” »
South Asian hacking group Bitter (APT-Q-37) is deploying a C# backdoor using two new methods: a WinRAR flaw and malicious Office XLAM files, targeting government and military sectors. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine’s war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2). The activity, which took place on October 8, 2025, targeted individual members of the International Red Cross, Norwegian Refugee – Read More … Read More “Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files – The Hacker News” »
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities. The end goal of the campaign is to infiltrate high-value targets … Read More “Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign – The Hacker News” »
Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency … Read More “Canada Fines Cybercrime Friendly Cryptomus $176M – Krebs on Security” »
An open letter released Wednesday has called for a ban on the development of artificial intelligence systems considered to be “superintelligent” until there is broad scientific consensus that such technologies can be created both safely and in a manner the public supports. The statement, issued by the nonprofit Future of Life Institute, has been signed … Read More “Open letter calls for prohibition on superintelligent AI, highlighting growing mainstream concern – CyberScoop” »
Rival hackers expose the alleged operators behind Lumma Stealer, a major data-theft malware, causing leaks and internal chaos that have slowed its growth. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
New research on SocGholish (FakeUpdates) reveals how this MaaS platform is used by threat actors like Evil Corp and RansomHub to compromise websites, steal data, and launch high-impact attacks on healthcare and businesses worldwide. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims’ cryptocurrency wallet keys. The package, Netherеum.All, has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and – Read … Read More “Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys – The Hacker News” »
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025. Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., … Read More “Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July Patch – The Hacker News” »
From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels, metadata, and context. What’s missing is a system … Read More “Bridging the Remediation Gap: Introducing Pentera Resolve – The Hacker News” »
The Trump administration should reverse cyber personnel and budget cuts, strengthen the Office of the National Cyber Director and expand federal workforce initiatives, the successor organization to the Cyberspace Solarium Commission recommended in a report published Wednesday. The annual implementation report from CSC 2.0 is the first of five iterations to actually determine that the … Read More “US ‘slipping’ on cybersecurity, annual Cyberspace Solarium Commission report concludes – CyberScoop” »
The advice didn’t change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But more recent guidance shows our focus should be on password length, rather than complexity. Length is the more important security factor, and passphrases are … Read More “Why You Should Swap Passwords for Passphrases – The Hacker News” »
Welcome to Day Two of Pwn2Own Ireland 2025. Yesterday, we awarded $522,500 for 34 unique 0-day bugs. The Summoning Team took a slim lead in the Master of Pwn, but big changes could happen today as we have 19 more attempts today. We’ll be updating this blog with results as they come in, so refresh … Read More “Pwn2Own Ireland 2025 – Day Two Results – Zero Day Initiative – Blog” »
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky. The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America … Read More “Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware – The Hacker News” »
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been codenamed TARmageddon by Edera, which discovered the issue in late August 2025. It impacts several … Read More “TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution – The Hacker News” »
TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution. The vulnerabilities in question are listed below – CVE-2025-6541 (CVSS score: 8.6) – An operating system command injection vulnerability that could be exploited by an attacker who can log in … Read More “TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution – The Hacker News” »
Blockchain has finally made its way into traditional banking. For years, major banks wrote it off as a… – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Security specialists at Edera discovered and disclosed a high-severity vulnerability in an early and since-abandoned code for an open-source async tar archive library for the Rust programming language. Researchers warned that potential exploitation, which allows for remote code execution, could bear major impacts due to widespread forking and a lack of visibility into the code’s … Read More “Researchers uncover remote code execution flaw in abandoned Rust code library – CyberScoop” »
The federal government is shut down and the House remains out of session, but work in the Senate continues, as a bipartisan bill designed to crack down on overseas robocalls advanced through a key committee Tuesday. The Foreign Robocall Elimination Act, sponsored by Sens. Ted Budd, R-N.C., and Peter Welch, D-Vt., would create a new … Read More “Robocalling task force bill advances in Senate – CyberScoop” »
