Palo Alto, USA, 18th March 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Cybercriminals exploit AI hype with SEO poisoning, tricking users into downloading malware disguised as DeepSeek software, warns McAfee Labs in a new report. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. “The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks,” Bitdefender said in a report shared with ...
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in –...
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to...
While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this – Read More – The...
An ingenious phishing scam is targeting cryptocurrency investors, by posing as a mandatory wallet migration. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to “steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored – Read...
Do you need to permanently and securely delete photos from an iPhone to prevent unauthorized access? Simply deleting… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
ChatGPT Down: Users report “Gateway time-out” errors. OpenAI’s popular AI chatbot is experiencing widespread outages. Stay updated on the service disruption. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
StilachiRAT: Sophisticated malware targets crypto wallets & credentials. Undetected, it maps systems & steals data. Microsoft advises strong security measures. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within OpenAI’s ChatGPT… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
It’s not just you. Seemingly everyone is getting those text messages that serve as a notification of an unpaid toll road violation. The past due is usually less than $25, but is often paired with threats of excessive penalties, suspended vehicle registrations and threats to report the fare to state motor vehicle agencies. None of it is legitimate. What is...
Educational institutions and businesses looking to implement technology-driven learning solutions often face a key decision: should they invest… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions – Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.98 It concerns a –...
A staffer for the Department of Government Efficiency (DOGE) violated security policies at the Treasury Department by improperly sharing sensitive personal information outside the agency, according to a court filing. The filing last week came in a case state attorneys general brought against President Donald Trump and Treasury Secretary Scott Bessent challenging DOGE access to Treasury records. DOGE staffer Marko...
GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Following the success of the Neuro Nostalgia Hackathon that closed out in 2024, Hackathon Raptors has completed its… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Scammers are sending fake extortion and ransom demands while posing as ransomware gangs, including the notorious Cl0p ransomware.… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Amsterdam, Netherlands, 17th March 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users’ actions. That’s according to new findings from Cisco Talos, which said such malicious activities can compromise a victim’s security and privacy. “The features available in CSS allow attackers and spammers to track users’...
An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of...
Internet security company Cloudflare, the world’s largest DDoS-mitigation service, plans to shift a sizable chunk of its traffic through post-quantum encrypted services over the next year. Approximately 35% of human-directed web traffic to Cloudflare’s network is currently protected through advanced encryption algorithms. These algorithms are theoretically designed to withstand attacks from significantly more powerful quantum computers in the future. This...
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider’s storage security controls and default settings. “In just the past few months, I have witnessed...
From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source – Read More – The Hacker...
Frankfurt am Main, Germany, 17th March 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It’s used to track and retrieve all – Read More – The Hacker News
Whether you’re downloading a video from YouTube or converting a Word document into a PDF file, there’s a chance that you might be unwittingly handing control of your PC straight into the hands of cybercriminals. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
The news can’t have come too soon for the many Chromecast users who have found themselves unable to stream their favourite TV shows, movies, and other media. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
Did you know that 43% of cyberattacks target small businesses, yet only 14% are prepared to defend themselves?… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The US extradites LockBit ransomware developer, Rostislav Panev, from Israel. Learn how his arrest impacts the fight against… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Understanding Common Misconceptions Digital security is a growing concern, and many Apple users suspect their iPhones or MacBooks have been hacked. However, in most cases, these fears stem from new features, security alerts, or misinterpretations of system behaviour rather than actual cyberattacks. This article explores common reasons why people believe their Apple devices are compromised […] The post Are your...
Cybersecurity tips to protect your cryptocurrency from hackers, scams, and fraud. Learn best practices for securing digital assets… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages – Read More ...
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. ClickFix attacks mimic the “Verify You are a Human”...
Symantec demonstrates OpenAI’s Operator Agent in PoC phishing attack, highlighting AI security risks and the need for proper cybersecurity. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The attorney general for California announced this week a wide-ranging investigation into the way companies collect, process and use consumer location data. The investigation will include scrutiny of advertising networks, mobile app providers and data brokers whose practices may violate the California Consumer Privacy Act (CCPA), one of the strictest state privacy laws in the nation. Specifically, the attorney general’s...
A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been working as a developer for...
Small water and wastewater utilities would get a boost to their cybersecurity defenses under a bipartisan Senate bill that a pair of lawmakers re-introduced Thursday. Sens. Catherine Cortez Masto, D-Nev., and Mike Rounds, R-S.D., are taking another swing at the Cybersecurity for Rural Water Systems Act after the legislation stalled out in the 118th Congress. The bill would update and...
The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol – Read More – The...
New Microsoft 365 phishing scam exploits fake support numbers to steal credentials. Learn how attackers bypass security and how to stay protected. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn’t have to be that way. Microsegmentation: The Missing Piece in Zero Trust Security Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no – Read More – The Hacker...
Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea’s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how –...
Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware (as coined by Microsoft) that’s designed to monitor a victim’s clipboard content and facilitate cryptocurrency theft by substituting copied cryptocurrency wallet addresses – Read More –...
A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It’s currently not known who is behind the campaign. The rootkit “has the ability to cloak or mask any file, registry key or task ...
Tenable Research reveals that AI chatbot DeepSeek R1 can be manipulated to generate keyloggers and ransomware code. While… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
FBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa’s tactics, prevention tips, and… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The post US must prioritize cybersecurity training for the military’s engineers appeared first on CyberScoop. – Read More – CyberScoop
February 2025 saw a record 126% surge in ransomware attacks, with Cl0p leading the charge. Hackers exploited file… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
A misconfigured database exposed 108.8 GB of sensitive data, including information on over 86,000 healthcare workers affiliated with… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
