In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric Light Company, and a California landlord’s hidden camera scandal. Find out about this, and more, in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault. – Read More – Graham Cluley
Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds. “A vulnerability allowing remote code execution (RCE) by authenticated domain users,” the –...
Cybersecurity isn’t just another checkbox on your business agenda. It’s a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model, exemplified through Microsoft 365’s approach, offers a framework for comprehending and implementing effective cybersecurity – Read More – The Hacker News
Bridewell has released its annual report on critical infrastructure security leaders’ perceived cybersecurity maturity and threats – Read More –
The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab. Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that’s capable of harvesting sensitive data from instant messaging applications –...
February’s Operation Henhouse resulted in hundreds of arrests and the seizure of £7.5m – Read More –
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to – Read More – The Hacker News
Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses (SMBs) are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain compliance due to limited IT resources, evolving regulatory requirements, and complex security challenges – Read More –...
A security researcher has discovered that the websites of over 100 car dealerships have been compromised in a supply-chain attack that attempted to infect the PCs of internet visitors. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
The Pennsylvania State Education Association (PSEA) has sent breach notifications to over 500,000 current and former members – Read More –
New NCSC guidance sets out a three-phase migration to post-quantum cryptography, designed to ensure all systems are protected from quantum attacks by 2035 – Read More –
Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC’s Technical Director, explains why. – Read More – NCSC Feed
NCSC Technical Director Dr Ian Levy explains the technical impact of the recent US sanctions on the security of Huawei equipment in the UK. – Read More – NCSC Feed
The NCSC’s technical director outlines the challenges that TLS 1.3 presents for enterprise security. – Read More – NCSC Feed
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found to target both employees of enterprises of the defense-industrial complex and individual representatives of the Defense Forces of Ukraine. The activity involves – Read More –...
On March 19, the Cyber Threat Alert Level was evaluated and is remaining at Blue (Guarded) due to multiple vulnerabilities in Santesoft and Apache products. On March 14, the MS-ISAC released an advisory for multiple vulnerabilities in Sante PACS Server, the most severe of which could allow for remote code execution. On March 18, the MS-ISAC released an advisory for...
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number...
Why the key milestones for PQC migration are part of building and maintaining good cyber security practice. – Read More – NCSC Feed
Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years. – Read More – NCSC Feed
A federal appeals court overruled a district court judge’s sentence for Capital One hacker Paige Thompson this week, deciding that the sentence of five years’ probation plus time served was too lenient. Describing the hack as the “second largest data breach in the United States at the time, causing tens of millions of dollars in damage and emotional and reputational...
Microsoft refuses to patch serious Windows shortcut vulnerability abused in global espionage campaigns! – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Department of Homeland Security officials in charge of the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) have pushed the program to evolve from a compliance-focused initiative to a real-time threat detection and response platform. First launched in 2013, the program is now tracking approximately 6.5 million devices, which includes operational technology and internet-connected devices alongside traditional...
Bengaluru, India, 19th March 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Researching and reverse engineering Level 2 Electric Vehicle Supply Equipment (EVSE or loosely “charger”) efforts might require the equipment to be placed beyond the idle state. The idle state is straightforward and usually involves nothing more than powering up the charger. Indeed, this is a very useful state for research where the user interface is in operation, communications both wired...
New Immersive World LLM jailbreak lets anyone create malware with GenAI. Discover how Cato Networks researchers tricked ChatGPT, Copilot, and DeepSeek into coding infostealers – In this case, a Chrome infostealer. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
In today’s digital landscape, data privacy is no longer optional—it is an essential pillar of trust and compliance. The… The post Data Masking in the Age of AI: Balancing Innovation and Privacy appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
Newly discovered vulnerability ZDI-CAN-25373 takes advantage of Windows shortcuts has been exploited by 11 state-sponsored groups since 2017 – Read More –
Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code. Cybersecurity company – Read More – The...
Congress needs to reauthorize an expiring law that provides legal protections to companies for sharing cyber threat information with the federal government and each other, the staff director for Democrats on the Senate Homeland Security and Governmental Affairs Committee said Wednesday. The 2015 Cybersecurity and Infrastructure Security Act is due to lapse at the end of September. It provides defenses...
Researchers have identified suspected government customers of spyware company Paragon Solutions in six more countries that hadn’t previously been publicly identified, according to a report published Wednesday. The University of Toronto’s Citizen Lab said it mapped the infrastructure of Paragon’s Graphite tool after a tip from a collaborator, and found a subset of suspected Paragon deployments linked to Australia, Canada,...
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month. According to an analysis of the messages by cybersecurity company – Read...
A surge in browser-based phishing attacks has been recorded over the past year, with a 140% increase compared to 2023 according to Menlo Security – Read More –
Hackers are using .VHD files to spread VenomRAT malware, bypassing security software, reveals Forcepoint X-Labs. Learn how this stealthy attack works and how to protect yourself. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector....
In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place? Our upcoming – Read More – The...
Top 10 Passwords hackers use to breach RDP revealed! Weak credentials cause successful cyberattacks- check if yours is on the list and secure your system now. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Austin, TX, United States, 19th March 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
World-renowned physicist, Professor Brian Cox, will headline day one of Infosecurity Europe, analyzing the science behind quantum computing and the challenges it brings – Read More –
The US Cybersecurity and Infrastructure Security Agency added flaws in Fortinet and a popular GitHub Action to its Known Exploited Vulnerabilities catalog – Read More –
Security firm Barracuda said it has detected more than a million phishing-as-a-service (PhaaS) attacks in 2025 – Read More –
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small – Read More – The Hacker...
Gartner has claimed that AI agents will reduce the time it takes to exploit exposed accounts – Read More –
Europol’s annual report warns of a growing threat from aligned state and cybercrime groups, enabled by AI technologies – Read More –
Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. “These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially – Read More – The Hacker News
Sydney, Australia, 19th March 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote – Read More – The...
A vulnerability has been discovered in Apache Tomcat, which could allow for remote code execution. Apache Tomcat is an open-source Java servlet container and web server used to host Java-based web applications and implement Java Servlet and JavaServer Pages (JSP) specifications, providing a platform for running dynamic web content. Successful exploitation of the of this vulnerability could allow for remote...
Commissioners Alvaro Bedoya and Rebecca Slaughter of the Federal Trade Commission confirmed reports that President Donald Trump is attempting to fire them, marking a direct challenge to the agency’s independence and potentially crippling a host of its tech-related investigation and enforcement actions. On X, Bedoya posted a note saying he had just been “illegally fired” by the president. He referenced...
$32B Wiz acquisition: Google ramps up cloud security. Following Mandiant, this deal signals major GCP defense upgrade. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report. Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a report released Tuesday. By targeting...
