Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to  – Read More  –...

The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-old CVE program is a valuable tool for vulnerability management, offering a de facto standard to  – Read More ...

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program — which is traditionally funded each year by the Department of...

Keeping up with crypto tax laws in Europe feels like a constant hurdle. Regulations evolve, tax authorities demand…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

4chan is down amid claims from a rival Soyjak forum user who says they’ve breached the site and…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Intelligence from encrypted platforms like Sky ECC and ANOM has led to the arrest of 232 individuals and…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

China stepped up its allegations of U.S. cyberattacks Tuesday, with local law enforcement saying they were investigating three National Security Agency operatives they had placed on a wanted list and a national official condemning the alleged attacks. State media outlet Xinhau advanced the claims in two stories, one detailing a hacking campaign during the Asian Winter Games alleged by the...

CloudSEK uncovers a sophisticated malware campaign where attackers impersonate PDFCandy.com to distribute the ArechClient2 information stealer. Learn how…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

RansomHouse is a cybercrime operation that follows a Ransomware-as-a-Service (RaaS) business model, where affiliates (who do not require technical skills of their own) use the ransomware operator’s infrastructure to extort money from victims. Read more in my article on the Fortra blog.  – Read More  – Graham Cluley 

8M UK healthcare worker records, including IDs and financial data, exposed due to a misconfigured staff management database…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In episode 46 of The AI Fix, China trolls US tariffs, a microscopic pogoing flea-bot makes a tiny leap forward for robotics, Google unveils the Agent2Agent protocol, a robot dog is so cute it ruins Graham’s entire day, and Europe commits €20 billion and all of its buzzwords to five moonshot AI gigafactories. Graham brings his clone to work for...

A Chinese state-sponsored hacking group has been observed using recently released open-source offensive security tools and other tactics in an effort to blend in with more common cybercriminal activity. The group, UNC5174, is an espionage-minded hacking group that is believed to have ties to the Chinese government and targets Western governments, technology companies, research institutions and think tanks. In a...

A Chinese state-sponsored hacking group has been observed using recently released open-source offensive security tools and other tactics in an effort to blend in with more common cybercriminal activity. The group, UNC5174, is an espionage-minded hacking group that is believed to have ties to the Chinese government and targets Western governments, technology companies, research institutions and think tanks. In a...

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading),  – Read More ...

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4.  – Read More ...

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. “Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in...

AI code tools often hallucinate fake packages, creating a new threat called slopsquatting that attackers can exploit in…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to...

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is...

Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. “This training will better support millions of people and businesses in Europe, by teaching our generative AI...

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks  – Read More  – The Hacker...

President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs’s employer SentinelOne, comes as CISA is facing huge funding...

NVIDIA’s incomplete security patch, combined with a Docker vulnerability, creates a serious threat for organizations using containerized environments. This article explains the risks and mitigation strategies.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking...

Cheap Android phones with preinstalled malware use fake apps like WhatsApp to hijack crypto transactions and steal wallet recovery phrases.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. “The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link,” Morphisec Labs researcher Nadav Lorber said in a report shared with The  – Read More  – The Hacker...

Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens. “This tactic not  –...

Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week’s events show a hard truth: it’s not enough to react after an attack. You have to assume that any system you trust...

AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to  – Read More  – The...

Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any other vendor in this space...