The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. “Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software...
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09. “The vulnerability was –...
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let’s...
There is a line of thought among the public that “the internet is forever.” A security company published research Tuesday that showed why “forever” can be a security nightmare. Over the course of four months, cybersecurity researchers at watchTowr monitored and ultimately took control of what they referred to as “abandoned” digital infrastructure, focusing on Amazon Web Services S3 buckets...
A security vulnerability has been disclosed in AMD’s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity. “Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local –...
Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek’s Artificial Intelligence (AI) platform, citing security risks. “Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security,” according to a statement released by Taiwan’s Ministry of Digital Affairs, per Radio Free Asia. “DeepSeek – Read More – The Hacker News
Crypto currencies are the promise of profit to the unsuspecting and scammers know that those that are vulnerable are willing to fall for their scams. Unregulated, crypto currencies are everywhere and threat actors are keen to dangle the dreams of fast profit to people that typically know little or nothing about this digital currency. It […] The post Crypto Scams on...
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. Successful exploitation of...
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below – CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) – Azure AI Face Service – Read More ...
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user’s credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf – Read More –...
Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself. – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
The healthcare industry has become increasingly reliant on technology to enhance patient care, from advanced image-guided surgery to… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
Children love online gaming, and it’s no surprise they do it, considering it offers them fun and interactive… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
DeepSeek R1, a cost-efficient AI model, achieves impressive reasoning but fails all safety tests in a new study… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
Dubai UAE, UAE, 3rd February 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as “another banner year for threat actors targeting the exploitation of vulnerabilities,” VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before ...
A cybercriminal organization that has been operating for over a decade has moved from credit-card skimming to exploiting zero-day vulnerabilities, according to a joint investigation by cybersecurity firms Solis Security and Intezer. The group, tracked as XE Group, now poses heightened risks to global supply chains, particularly in manufacturing and distribution sectors, by leveraging stealthier tactics and long-term system access....
The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. “Maintainers can now archive a project to let users know that the project is not expected to receive any more updates,” Facundo Tuesca, senior engineer at Trail of Bits,...
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what’s exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more...
Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. “Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials,” Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week. The – Read More – The...
This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are...
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer. “Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a –...
WhatsApp recently revealed a targeted spyware campaign linked to the Israeli firm Paragon, which affected 90 individuals, including… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
The Importance of Balancing Cost and Security! – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
Researchers uncover a double-entry website skimming attack targeting Casio and 16 other sites. Learn how cybercriminals exploited vulnerabilities to steal sensitive payment data and evade detection. – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker. The vast array of sites in question peddled phishing toolkits and fraud-enabling tools...
BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company’s Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was...
Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024. In a statement to The Guardian, the encrypted messaging app said...
Cybersecurity researchers have discovered a malvertising campaign that’s targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials. “These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft’s advertising platform,” Jérôme Segura, senior – Read More – The...
AI-generated content is empowering even novice hackers to elevate phishing attacks, enabling highly personalized and convincing scams targeting… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
Bipartisan legislation to close a loophole in federal cybersecurity standards by requiring vulnerability disclosure policies for government contractors is getting another shot at passage in this Congress. The Federal Contractor Cybersecurity Vulnerability Reduction Act, a bicameral, bipartisan bill that stalled out last year in the Senate, was reintroduced Friday in the House by Reps. Nancy Mace, R-S.C., and Shontel Brown,...
Global law enforcement seizes 12 domains including Sellix, Cracked and Nulled, €300,000 in cash and cryptocurrencies, and multiple… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
WhatsApp said Friday that it had disrupted a spyware campaign that targeted 90 people, including journalists and activists. The company tied to the campaign, according to WhatsApp, is Israeli firm Paragon, which last fall signed a $2 million contract with Immigration and Customs Enforcement and recently was purchased by U.S. private equity giant AE International. “We’ve reached out directly to...
The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime...
Massive Pakistani cybercrime network HeartSender has been shut down in a joint US-Dutch operation. Learn how their phishing… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
Discover how cybercriminals use ‘Infrastructure Laundering’ to exploit AWS and Azure for scams, phishing, and money laundering. Learn about FUNNULL CDN’s tactics and their global impact on businesses and cybersecurity. – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
The post Even the US government can fall victim to cryptojacking appeared first on CyberScoop. – Read More – CyberScoop
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to...
Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period...
Italy’s data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek’s service within the country, citing a lack of information on its use of users’ personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data. In particular, it...
Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems. – Read...
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below – CVE-2025-22218 (CVSS score: 8.5) – A malicious actor with View Only...
DeepSeek, a Chinese AI startup, exposed sensitive data by leaving a database open. Wiz Research found chat logs, keys, and backend details accessible. – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
A senator on Thursday questioned whether the president’s pick to lead the FBI might harm cybercrime investigations with his plans for the bureau. At a nomination hearing of the Senate Judiciary Committee, Amy Klobuchar, D-Minn., asked Kash Patel about comments he made in September. “I’d shut down the FBI Hoover building on day one and open it the next day...
Authorities in the United States and the Netherlands have dismantled a sophisticated Pakistan-based cybercrime network known as Saim Raza. The operation, dubbed “Operation Heart Blocker,” culminated Wednesday with the coordinated seizure of 39 domains and servers. Also known as HeartSender, Saim Raza was responsible for developing and selling phishing kits, with the Department of Justice claiming the software resulted in...
Tulsi Gabbard, President Donald Trump’s nominee for director of national intelligence, told the Senate Intelligence Committee on Thursday that she would leave her own political views “at the door” and deliver “intelligence that is collected, analyzed and reported without bias, prejudice or political influence.” But she also accused the Biden administration and other national security officials of politicizing intelligence to...
A bipartisan pair of House lawmakers are seeking to improve private-public coordination for financial institutions amid a surge of ransomware attacks on the sector. The Public and Private Sector Ransomware Response Coordination Act, introduced this week by Reps. Zach Nunn, R-Iowa, and Josh Gottheimer, D-N.J., would direct the Treasury secretary to deliver a report on existing collaboration between federal agencies...
Imagine, for a moment, that your network is hit with ransomware. One of your employees clicked on a malicious link and now your network is compromised, data is encrypted and most of the organization’s systems are locked or offline. Then imagine if instead of assembling an incident response team, notifying the board and contacting law enforcement, the forensic sensors in...
A security issue at Chinese artificial intelligence firm DeepSeek exposed over a million lines of sensitive internal data, including user chat histories, API secrets, and backend operational details, according to research published Wednesday by cloud security firm Wiz. The exposure, discovered earlier this month, stemmed from a publicly accessible ClickHouse database linked to DeepSeek’s systems. The database — hosted on...
Image: Shutterstock, ArtHead. In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and aptly named “Funnull” — highlights...
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
