Authorities arrest 5 Smokeloader botnet customers after Operation Endgame; evidence from seized data links customers to malware, ransomware, and more. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff. An...
Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for – Read More – The...
Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what’s seen as a sneakier attempt to stage a software supply chain attack. The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But,...
Cybersecurity professionals who participated in discussions over a code of conduct for nations to use commercial hacking tools said the final voluntary guidelines offer modest promise, even if they fall short of what some wanted. The next step for the joint France/U.K.-led Pall Mall Process, which last week got 21 signatories to the code, is to establish parallel guidance for...
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first signs of the malicious...
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They’re no longer just tools, – Read More – The Hacker...
Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days. As before, all the...
Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. “In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar,’ faced consequences such as arrests, house searches, arrest warrants or ‘knock and talks,’” Europol said in a – Read More ...
Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO. “AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September – Read More – The Hacker...
QR codes are being weaponised by scammers — so maybe think twice before scanning that parking meter. And in a blunder so dumb it makes autocorrect look smart, the White House explains how it leaked war plans on Signal because an iPhone mistook a journalist for a government insider. Plus! Don’t miss our featured interview with Josh Donelson of Material,...
Stay secure on the move. Protect your devices, data, and privacy with smart habits, reliable gear, updated software… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
President Donald Trump signed a memorandum Wednesday revoking the security clearance of former CISA leader Chris Krebs, with the White House saying he was a “significant bad-faith actor who weaponized and abused his government authority” during his time leading the agency. The order also suspends any active security clearance held by employees at SentinelOne, where Krebs is currently employed as...
A hacker using the alias “Satanic” claims a WooCommerce data breach via a third party, selling data on… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Two spyware variants are targeting Uyghur, Taiwanese and Tibetan groups and individuals, the U.K.’s National Cyber Security Centre warned in a joint alert Wednesday with Western allies. Cybersecurity researchers have previously linked the BADBAZAAR and MOONSHINE spyware to the Chinese government. The variants mentioned in Wednesday’s alert trojanize apps that are of interest to the target communities, such as a...
Cybersecurity researchers have identified a new spam campaign driven by ‘AkiraBot,’ an AI-powered bot that targets small business… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Another day, another data breach claim involving a high-profile company! – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The Office of the Comptroller of the Currency has notified Congress that a February breach of its email system is classified as a major cybersecurity incident. The incident was first disclosed Feb. 26, though the OCC provided virtually no details at the time, only saying that it had resolved a security incident “involving an administrative account in the OCC email...
Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages. “As a purpose-built tool for creating and deploying web apps, its capabilities line up perfectly – Read More –...
A federal study into the national security risks posed by routers, modems and similar devices controlled by U.S. adversaries moved one step closer to law Tuesday by advancing out of the House Energy and Commerce Committee. The Removing Our Unsecure Technologies to Ensure Reliability and Security (ROUTERS) Act from Reps. Bob Latta, R-Ohio, and Robin Kelly, D-Ill., would require the...
A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. “Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device,” Kaspersky said in an – Read More ...
GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which have been outnumbering human users for years. We need to get ahead of it and prepare security measures and governance for these machine identities as they continue to be deployed,...
Luxembourg, Luxembourg, 9th April 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote – Read More –...
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. “The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail...
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified as privilege escalation, 34 as...
Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product, 11 are rated Critical in severity – CVE-2025-24446 (CVSS score: 9.1) – An improper input validation vulnerability that could result...
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users. The zero-day flaw already seeing exploitation is...
In episode 45 of The AI Fix, our hosts discover that ChatGPT is running the world, Mark learns that mattress companies have scientists, Gen Z has nightmares about AI, OpenAI gets a bag, Graham eats too many cheese sandwiches, and too much training makes AIs over-sensitive. Mark reveals why he’s got beef with cows, GPT-4.5 beats the Turing test, and...
Medusa ransomware hits NASCAR, demands $4M ransom, leaks internal files. Group also claims Bridgebank, McFarland, and Pulse Urgent Care. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Microsoft addressed 126 vulnerabilities affecting its systems and core products, including a zero-day in the Windows Common Log File System (CLFS) that’s been actively exploited in a series of ransomware attacks, the company said in its latest security update Tuesday. A group Microsoft tracks as Storm-2460 has exploited CVE-2025-29824 to initiate ransomware attacks “against a small number of targets,” Microsoft...
Technology experts pressed Congress to maintain export controls on semiconductor chips and other technologies, telling lawmakers Tuesday that the restrictions are among the most effective strategies to slow China and other rival countries in the AI race, thereby helping U.S. companies hold a competitive edge. Placing export controls on these technologies is not new: both the Trump and Biden administrations...
Technology experts pressed Congress to maintain export controls on semiconductor chips and other technologies, telling lawmakers Tuesday that the restrictions are among the most effective strategies to slow China and other rival countries in the AI race, thereby helping U.S. companies hold a competitive edge. Placing export controls on these technologies is not new: both the Trump and Biden administrations...
Lawmakers on the House Judiciary Committee say privacy protections under a bill Congress passed to re-up a major surveillance law aren’t strong enough, and are gearing up for additional changes for when the legislation is set to expire next year. Legislative battles over Section 702 of the Foreign Intelligence Surveillance Act (FISA) — under which feds can warrantlessly search a...
If you use WhatsApp Desktop on Windows, listen up! A flaw in WhatsApp for Windows (CVE-2025-30401) let attackers disguise malicious files as safe ones. Update to version 2.2450.6 or later to stay secure. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. “An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify – Read More ...
It’s the second Tuesday of the month, and, as expected, Microsoft and Adobe have released their latest security offerings – all tariff free. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out the...
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. “One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a – Read More – The Hacker News
Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges, – Read More – The...
HellCat ransomware hits 4 companies by exploiting Jira credentials stolen through infostealer malware, continuing their global attack spree. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Online gaming has become an integral part of modern entertainment, with millions of players connecting from all over… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine’s eastern border, the agency said. The attacks involve distributing phishing emails – Read More – The Hacker News
Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term “AI” often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many – Read More – The...
A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has – Read More ...
Internet users in Romania are finding their social media posts and online news articles bombarded with comments promoting blatant propaganda, inciting hatred towards the EU and NATO, and support for Vladimir Putin’s Russia. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below – CVE-2024-53150 (CVSS score: 7.8) – An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure CVE-2024-53197 (CVSS score: 7.8) – A privilege escalation flaw in the USB sub-component of...
Google has built a cybersecurity assistant for information security professionals, and now they’re looking for researchers to play with it. Sec Gemini V1 is a new cybersecurity AI reasoning model that Google rolled out last week on an experimental basis. It is designed to function as an AI assistant for security practitioners, capable of handling data analysis and other lower-level...
Google has built a cybersecurity assistant for information security professionals, and now they’re looking for researchers to play with it. Sec Gemini V1 is a new cybersecurity AI reasoning model that Google rolled out last week on an experimental basis. It is designed to function as an AI assistant for security practitioners, capable of handling data analysis and other lower-level...
A new Neptune RAT variant is being shared via YouTube and Telegram, targeting Windows users to steal passwords and deliver additional malware components. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
