Cybercriminals aren’t so different from the rest of us — they live in the real world, and their spending and investment habits, though funded through crime, can look surprisingly ordinary. Luxury cars and lavish vacations may still grab headlines, but those perks are reserved for the most elite cybercriminals. In reality, everyday businesses — like pizza delivery, construction supplies, or tattoo...

Police in Europe have shut down a fake online trading platform that scammed hundreds of victims out of…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn’t theoretical: it  – Read More  – The...

Over the years, many different technologies have transitioned to Cloud-based solutions, including ERP systems and email management platforms.…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have discovered a malicious package named “os-info-checker-es6” that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. “This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final  – Read More  – The Hacker...

A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has  – Read More  –...

Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive  – Read More  – The Hacker...

Welcome to the first day of Pwn2Own Berlin 2025! We have 11 different attempts, including our first ever AI attempts. We’ll be updating this blog with results as we have them. SUCCESS – Pumpkin (@u1f383) from DEVCORE Research Team used an integer overflow to escalate privs on Red Hat Linux. He earns $20,000 and 2 Master of Pwn points. Going...

Fancy Bear, the hacking group linked to Russia’s Main Intelligence Directorate (GRU), has been targeting the email accounts of high-ranking Ukrainian officials as well as executives at defense contractors located in other countries who sell weapons and equipment to Kyiv, according to new research from ESET. The campaign, ongoing since at least 2023, has taken advantage of spearphishing and cross-site...

Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. “Insufficient policy enforcement in Loader in Google  –...

Don’t get duped, doxxed, or drained! In this episode of “Smashing Security” we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger’s Discord server was hijacked in an attempt to phish for cryptocurrency recovery phrases. All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security...

The Consumer Financial Protection Bureau is set to withdraw a Biden-era rule aimed at cracking down on data brokers and their selling of Americans’ personal and financial information. In a notice set to publish Thursday in the Federal Register, the CFPB said legislative rulemaking on the data broker industry “is not necessary or appropriate at this time,” and the agency...

There is a lot of money in cyberattacks like ransomware, and unfortunately for organizations of all sizes, the…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The Department of Homeland Security won’t tell Congress how many employees at the Cybersecurity and Infrastructure Security Agency it has fired or pushed to leave, a top congressional Democrat said Wednesday. “You’ve overseen mass reductions in the workforce at CISA and” the Federal Emergency Management Agency, Mississippi Rep. Bennie Thompson, the top Democrat on the House Homeland Security Committee, told...

Flashpoint uncovers how North Korean hackers used fake identities to secure remote IT jobs in the US, siphoning…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the RansomExx ransomware  – Read...

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. “Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to ...

A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee. According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering  – Read More  –...

Willkommen and welcome to the inuaguaral Pwn2Own Berlin! Not only is this our first time at the OffensiveCon conference, but it’s also our first time including an AI category in the event. We’ve assembled some of the finest security researchers in the world to test the security of these systems, and we can’t wait to see what happens. We had...

Weak passwords continue to be a major vulnerability for FTP servers. Specops’ latest report highlights the most frequent…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A new global phishing threat called “Meta Mirage” has been uncovered, targeting businesses using Meta’s Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing  – Read More  – The Hacker News 

Did Siri record you? Apple is paying $95 million over Siri snooping allegations. Find out if you’re eligible…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available. Microsoft and several security firms have disclosed that...

Cybersecurity researchers have discovered a new phishing campaign that’s being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina. The campaign is “using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email  – Read More  – The Hacker...

Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%.  As attacks rise  – Read More  – The Hacker News 

A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers, while  – Read More ...

Scammers impersonate government agencies on WhatsApp to target job seekers with fake offers, phishing sites, and identity theft…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cary, North Carolina, 14th May 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In late March, the nonprofit research organization MITRE celebrated the 25th anniversary of the Common Vulnerability and Exposures (CVE) program, a widely hailed scientific achievement funded by the U.S. government and administered by MITRE. The CVE program is the global bedrock of contemporary vulnerability management, cataloging and assigning unique identifiers to software vulnerabilities. Until April 15, cybersecurity defenders and data...

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities...

Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below – CVE-2025-4427 (CVSS score: 5.3) – An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials  – Read More ...

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. “A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to  – Read More  –...

Microsoft addressed 72 vulnerabilities affecting its core products and underlying systems, including five actively exploited zero-days across various Windows components, the company said in its latest security update Tuesday. “This is now the eight consecutive Patch Tuesday on which Microsoft has published zero-day vulnerabilities without evaluating any of them as critical severity at time of publication,” Adam Barnett, lead software...

CISA adds TeleMessage flaw to KEV list, urges agencies to act within 3 weeks after a breach exposed…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

President Donald Trump’s firing over the weekend of Shira Perlmutter, director of the U.S. Copyright Office, has drawn strong criticism from Democrats and tech experts who believe her dismissal is related to a report on generative AI and copyright law that the register of copyrights released a day earlier. That report, overseen by Perlmutter, questioned whether AI companies can legally...

Google is rolling out new security features for Android devices as part of its latest operating system update, Android 16, reinforcing its ongoing efforts to guard users against ever-changing threats.  The measures target a spectrum of risks, from financial scams and impersonation attacks to theft protection and malware. One of the central advancements highlighted Tuesday is the enhancement of scam...