Qrator Labs reports it mitigated a massive record 965 Gbps DDoS attack in April 2025, the largest incident…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A House panel has concluded that the U.S. government should double down on export controls and other tools to slow down the progress of Chinese AI companies like DeepSeek, while also preparing for a future where those efforts fail. In a report released Wednesday, the House Select Committee on the Chinese Communist Party further fleshes out the financial and technological...

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement  – Read...

Chris Krebs has resigned from SentinelOne, saying he needs to devote himself fully to fighting the executive order President Donald Trump signed to target his former director of the Cybersecurity and Infrastructure Security Agency. The executive order was a key touchpoint in Trump’s unprecedented campaign to punish those he views as his enemies. While at CISA, Krebs’ agency asserted that...

MetaTrader is a key tool for traders, offering a comprehensive platform that supports various financial instruments. Understanding its…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Researchers reveal a large-scale ransomware campaign leveraging over 1,200 stolen AWS access keys to encrypt S3 buckets. Learn…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

U.S. allies are among the 35 countries where mobile providers employ China-based networks for transporting user traffic, opening travelers and residents in those nations to potential surveillance, an analysis published Thursday concludes. “Everyone knows that they have to be careful with their phones when they travel to China,” Rocky Cole, chief operating officer at iVerify, told CyberScoop. “But what we’ve...

Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine  – Read More  – The Hacker...

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater,  – Read More  – The...

Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works  Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.  – Read More  – The Hacker...

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or  – Read More ...

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. “The vulnerability allows an attacker with network access to an Erlang/OTP SSH  – Read More  –...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection  – Read More  – The Hacker...

Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2025-31200 (CVSS score: 7.5) – A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an...

A cybersecurity firm is buying access to underground crime forums to gather intelligence. Does that seem daft to you? And over in Nigeria, even if romance scammers would like to update their LinkedIn profiles, just how easy is it to turn a new leaf after a sweet-talking career in cybercrime? All this and more is discussed in the latest edition...

MITRE avoids CVE program shutdown with last-minute contract extension. Questions remain about long-term funding and the future of…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named “schtasks.exe,” which enables an administrator to create, delete, query, change,  – Read More ...

BidenCash dumps almost a million stolen credit card records on Russian forum, exposing card numbers, CVVs, and expiry dates in plain text with no cardholder names.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In a last-minute switch, the Cybersecurity and Infrastructure Security Agency said it will continue funding a contract for MITRE to manage the CVE program and other vulnerability databases. In a statement sent to CyberScoop, a spokesperson said the agency executed an option to extend the contract and avoid a potential lapse in a program that has become essential to the...

Palo Alto, California, 16th April 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages last year....

A bipartisan pair of senators are kicking off the race Wednesday to reauthorize a 2015 cyber threat information sharing law, a move that industry groups and cyber experts are eager to see happen before it’s set to expire in September. Advocates say the 10-year-old Cybersecurity Information Sharing Act has been vital to sharing threat information by providing legal protections to...

Hertz confirms data breach linked to Cleo software flaw; Cl0p ransomware group leaked stolen data, exposing names, driver’s…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected  – Read More  – The Hacker News 

Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. “Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal,” Abnormal Security researchers Hinman Baron and Piotr Wojtyla said in  – Read More  – The...

A data breach at insurance firm Lemonade left the details of thousands of drivers’ licenses exposed for 17 months. According to the company, on March 14 2025 Lemonade learnt that a vulnerability in its online car insurance application process contained a vulnerability that was likely to have exposed “certain driver’s license numbers for identifiable individuals.” Read more in my article...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity...

Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. “The controller could open a reverse shell,” Trend Micro researcher Fernando Mercês said in a technical report published earlier in  – Read More ...