Congress needs to reauthorize an expiring law that provides legal protections to companies for sharing cyber threat information with the federal government and each other, the staff director for Democrats on the Senate Homeland Security and Governmental Affairs Committee said Wednesday. The 2015 Cybersecurity and Infrastructure Security Act is due to lapse at the end of September. It provides defenses...
Researchers have identified suspected government customers of spyware company Paragon Solutions in six more countries that hadn’t previously been publicly identified, according to a report published Wednesday. The University of Toronto’s Citizen Lab said it mapped the infrastructure of Paragon’s Graphite tool after a tip from a collaborator, and found a subset of suspected Paragon deployments linked to Australia, Canada,...
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month. According to an analysis of the messages by cybersecurity company – Read...
A surge in browser-based phishing attacks has been recorded over the past year, with a 140% increase compared to 2023 according to Menlo Security – Read More –
Hackers are using .VHD files to spread VenomRAT malware, bypassing security software, reveals Forcepoint X-Labs. Learn how this stealthy attack works and how to protect yourself. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector....
In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place? Our upcoming – Read More – The...
Top 10 Passwords hackers use to breach RDP revealed! Weak credentials cause successful cyberattacks- check if yours is on the list and secure your system now. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Austin, TX, United States, 19th March 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
World-renowned physicist, Professor Brian Cox, will headline day one of Infosecurity Europe, analyzing the science behind quantum computing and the challenges it brings – Read More –
The US Cybersecurity and Infrastructure Security Agency added flaws in Fortinet and a popular GitHub Action to its Known Exploited Vulnerabilities catalog – Read More –
Security firm Barracuda said it has detected more than a million phishing-as-a-service (PhaaS) attacks in 2025 – Read More –
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small – Read More – The Hacker...
Gartner has claimed that AI agents will reduce the time it takes to exploit exposed accounts – Read More –
Europol’s annual report warns of a growing threat from aligned state and cybercrime groups, enabled by AI technologies – Read More –
Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. “These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially – Read More – The Hacker News
Sydney, Australia, 19th March 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote – Read More – The...
A vulnerability has been discovered in Apache Tomcat, which could allow for remote code execution. Apache Tomcat is an open-source Java servlet container and web server used to host Java-based web applications and implement Java Servlet and JavaServer Pages (JSP) specifications, providing a platform for running dynamic web content. Successful exploitation of the of this vulnerability could allow for remote...
Commissioners Alvaro Bedoya and Rebecca Slaughter of the Federal Trade Commission confirmed reports that President Donald Trump is attempting to fire them, marking a direct challenge to the agency’s independence and potentially crippling a host of its tech-related investigation and enforcement actions. On X, Bedoya posted a note saying he had just been “illegally fired” by the president. He referenced...
$32B Wiz acquisition: Google ramps up cloud security. Following Mandiant, this deal signals major GCP defense upgrade. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report. Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a report released Tuesday. By targeting...
Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report. Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a report released Tuesday. By targeting...
Google Play Store hit by 300+ fake Android apps, downloaded more than 60 million times pushing ad fraud and data theft. Learn how to spot and remove these threats. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
In episode 42 of the AI Fix, our hosts discover why ads for the Neo Gamma robot are so sinister, Graham plays peek-a-boo with a crow, humans give up writing, an AI designs a drug, an upstart AI agent gets everyone’s attention, and a talking fish offers our hosts some sage advice. Graham wonders if … Continue reading “The AI...
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. “This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent – Read More – The Hacker News
A Cato Networks researcher discovered a new LLM jailbreaking technique enabling the creation of password-stealing malware – Read More –
Google announced Tuesday it will acquire cloud security firm Wiz for $32 billion. The move pairs Google — among the world’s largest cloud service providers — with one of the most promising cloud security startups. The purchase comes less than a year after Wiz rejected a previous $23 billion bid from Google, with executives saying at the time that they...
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
A critical security vulnerability has been disclosed in AMI’s MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. “A local or remote attacker can exploit the vulnerability by accessing the – Read More – The...
Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. “This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud),” the tech giant said today. It added...
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden ...
Report reveals common password use in RDP attacks, highlighting weak credentials remain a major security flaw – Read More –
Leaked chat logs have exposed connections between the BlackBasta ransomware group and Russian authorities, according to new analysis by Trellix – Read More –
Palo Alto, USA, 18th March 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Cybercriminals exploit AI hype with SEO poisoning, tricking users into downloading malware disguised as DeepSeek software, warns McAfee Labs in a new report. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Flashpoint data points to a surge in data breaches fueled by compromised credentials, ransomware and exploits – Read More –
Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. “The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks,” Bitdefender said in a report shared with ...
Google is set to acquire Wiz, a cloud security platform founded in 2020, for $32bn in an all-cash deal – Read More –
Bitdefender said the malicious app campaign has resulted in more than 60 million downloads of malicious apps from the Google Play Store – Read More –
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in –...
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to...
While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this – Read More – The...
Bitsight reveals that UK companies are more exposed to cyber risk than global peers via their digital supply chains – Read More –
An ingenious phishing scam is targeting cryptocurrency investors, by posing as a mandatory wallet migration. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to “steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored – Read...
Do you need to permanently and securely delete photos from an iPhone to prevent unauthorized access? Simply deleting… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
ChatGPT Down: Users report “Gateway time-out” errors. OpenAI’s popular AI chatbot is experiencing widespread outages. Stay updated on the service disruption. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
StilachiRAT: Sophisticated malware targets crypto wallets & credentials. Undetected, it maps systems & steals data. Microsoft advises strong security measures. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within OpenAI’s ChatGPT… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
