Cybersecurity News from Across the Internet
AI is transforming the video-making process of creators. Learn how WondershareFilmora V15 helps individual creators edit smarter using powerful AI. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Torrance, California, USA, 5th December 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The dangerous ClayRat Android spyware has evolved, gaining the ability to steal PINs, record screens, and disable security by abusing Accessibility Services. Users must beware of fake apps spreading through phishing sites and Dropbox. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Madison, United States, 5th December 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Madison, United States, 5th December 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and … Read More “Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability – The Hacker News” »
Aikido Security exposes a new AI prompt injection flaw in GitHub/GitLab pipelines, letting attackers steal secrets. Major companies affected. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That’s why we created ”Getting to Yes”: An Anti-Sales Guide for MSPs. This guide helps service providers transform … Read More ““Getting to Yes”: An Anti-Sales Guide for MSPs – The Hacker News” »
A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa’s Predator spyware, Amnesty International said in a report. The link, the non-profit organization said, is a “Predator attack attempt based on the … Read More “Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery – The Hacker News” »
Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That’s why we created ”Getting to Yes”: An Anti-Sales Guide for MSPs. This guide helps service providers transform … Read More ““Getting to Yes”: An Anti-Sales Guide for MSPs – The Hacker News” »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems. “BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said. … Read More “CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems – The Hacker News” »
A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It’s rooted in Array’s DesktopDirect, a remote … Read More “JPCERT Confirms Active Command Injection Attacks on Array AG Gateways – The Hacker News” »
Qilin ransomware claims it stole internal data from the Church of Scientology, sharing 22 screenshots as proof. The breach remains unconfirmed by the organization. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Cybersecurity authorities and threat analysts unveiled alarming details Thursday about a suspected China state-sponsored espionage and data theft campaign that Google previously warned about in September. The outlook based on their limited visibility into China’s sustained ability to burrow into critical infrastructure and government agency networks undetected, dating back to at least 2022, is grim. … Read More “Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware – CyberScoop” »
Leaked training videos suggest that Intellexa retained the ability to remotely access the systems of customers who had used its Predator spyware, raising questions about human rights safeguards, according to an investigation published Thursday. That was just one finding from a series of separate but overlapping probes released over the past 24 hours. The training … Read More “Intellexa remotely accessed Predator spyware customer systems, investigation finds – CyberScoop” »
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say … Read More “SMS Phishers Pivot to Points, Taxes, Fake Retailers – Krebs on Security” »
Sen. Mark Kelly, D-Ariz., called for robust safeguards in U.S.-developed AI systems to prevent abuse and misuse, arguing that both the technology and its development standards should reflect “American” values. In a speech Thursday at the Center for American Progress, a left-leaning think tank, Kelly called for massive investment in data centers, water and electricity … Read More “Sen. Mark Kelly: Investing in safe, secure AI is key to U.S. dominance – CyberScoop” »
LummaC2 infostealer infects North Korean hacker’s device, exposing ties to $1.4B Bybit heist and revealing tools, infrastructure and OPSEC failures. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
A new warning about the threat posed by Distributed Denial of Service (DDoS) attacks should make you sit up and listen. Read more in my article on the Fortra blog. – Read More – Graham Cluley
Sean Plankey’s nomination to lead the Cybersecurity and Infrastructure Security Agency looks to be over following his exclusion from a Senate vote Thursday to move forward on a panel of Trump administration picks. Multiple senators placed holds or threatened holds on his nomination, none related to cybersecurity. But the hold from Sen. Rick Scott, R-Fla., appeared … Read More “Sean Plankey nomination to lead CISA appears to be over after Thursday vote – CyberScoop” »
Cloudflare’s Q3 2025 DDoS Threat Report reveals the Aisuru botnet launched a record 29.7 Tbps attack. Learn which sectors were the most targeted, and the key drivers behind the surge in attacks. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT … Read More “Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China – The Hacker News” »
Austin, TX, USA, 4th December 2025, CyberNewsWire – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The Trump administration is aiming to release its six-part national cybersecurity strategy in January, according to multiple sources familiar with the document. The document, which is a mere five pages long, will possibly be followed by an executive order to implement the new strategy. The administration has been soliciting feedback in recent days, which one … Read More “Five-page draft Trump administration cyber strategy targeted for January release – CyberScoop” »
Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds … Read More “ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories – The Hacker News” »
Cleafy analysis reveals Albiriox, a new Android Malware-as-a-Service (MaaS) RAT that targets over 400 global banking and crypto apps. Learn how ODF fraud enables full device takeover. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies. Here are the five threats that reshaped web security this year, … Read More “5 Threats That Reshaped Web Security This Year [2025] – The Hacker News” »
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical … Read More “GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections – The Hacker News” »
Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year. … Read More “Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts – The Hacker News” »
A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer… and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025. Plus, … Read More “Smashing Security podcast #446: A hacker doxxes himself, and social engineering-as-a-service – Graham Cluley” »
Twin brothers Muneeb and Sohaib Akhter were arrested in Alexandria, Va., Wednesday for allegedly stealing and destroying government data held by a government contractor minutes after they were fired from the company earlier this year, the Justice Department said. Prosecutors accuse the 34-year-old brothers of the crimes during a weeklong spree in February, compromising data … Read More “Twins with hacking history charged in insider data breach affecting multiple federal agencies – CyberScoop” »
Cybersecurity today is about a lot more than just firewalls and antivirus software. As organisations adopt cloud computing,… – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Cybersecurity researchers have uncovered a critical ChatGPT Atlas browser attack, confirming the danger of the ongoing surge in the ClickFix threat. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. It allows “unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints,” the … Read More “Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution – The Hacker News” »
Security researchers and code developers are scrambling to patch and investigate a critical vulnerability affecting React Server Components, an open-source library used widely across the internet and embedded into many essential software frameworks. The rapid response underscores the potential consequences of exploitation. Although no attacks have been observed or reported, researchers expect them soon and … Read More “Developers scramble as critical React flaw threatens major apps – CyberScoop” »
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration. It affects versions … Read More “WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts – The Hacker News” »
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates, according to ACROS Security’s 0patch. The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK) file UI misinterpretation vulnerability that … Read More “Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation – The Hacker News” »
Guide to scale ready code security with event driven scans unified data and API first design for large teams seeking strong growth aligned control. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The FBI has recently issued a public service announcement that warns that since January 2025 there have been more than 5,100 complaints of account takeover fraud, and total reported losses in excess of US $262 million. Read more in my article on the Fortra blog. – Read More – Graham Cluley
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate a worm that deploys a banking trojan via WhatsApp in attacks targeting users in Brazil. The latest wave is characterized by the attackers shifting from … Read More “Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud – The Hacker News” »
Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a “Prince” in a distant country? Those days are over. Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers. They don’t need to be smart; they just need to subscribe … Read More “Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar – The Hacker News” »
Smarter SOC performance with faster triage, proactive defence, and a unified stack powered by instant alert context from ANY.RUN to cut MTTD and MTTR. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage. – Read More – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not losing the contest. His mistake was assuming that … Read More “Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage – The Hacker News” »
Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool. The Rust crate, named “evm-units,” was uploaded to crates.io in mid-April 2025 by a user named “ablerust,” … Read More “Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems – The Hacker News” »
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool’s protections. Picklescan, developed and maintained by Matthieu Maitre (@mmaitre314), is a security scanner that’s designed to parse Python pickle files and detect suspicious – … Read More “Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code – The Hacker News” »
In episode 79 of The AI Fix, Gemini 3 roasts the competition, scares Nvidia, and can’t remember what year it is. Meanwhile, Graham investigates a fight between a fridge and robot, and Mark discovers that poetry could be a universal jailbreak for LLMs. Also in this episode, our hosts ponder whether Mark Zuckerberg’s underground bunker … Read More “The AI Fix #79: Gemini 3, poetry jailbreaks, and do we even need safe robots? – Graham Cluley” »
Asahi Group Holdings, the makers of the popular Japanese beer Asahi Super Dry, has confirmed that the ransomware attack that disrupted its operations in late September also saw a significant data breach that affects more than 1.5 million customers and approximately 275,000 current and former employees and their families. Read more in my article on … Read More “Asahi cyber attack spirals into massive data breach impacting almost 2 million people – Graham Cluley” »
When news broke approximately a year ago that Chinese hackers had systemically penetrated at least nine major U.S. communications networks, the level of alarm from policymakers was clear. At a hearing held Tuesday by the Senate Committee on Commerce, experts offered differing assessments of the threat. While intelligence officials have characterized the Salt Typhoon operation’s … Read More “The Congressional remedy for Salt Typhoon? More information sharing with industry – CyberScoop” »
![5 Threats That Reshaped Web Security This Year [2025] – The Hacker News](https://attackfeed.com/wp-content/uploads/2025/12/reflectiz-rUVNK0.jpg)
