Liridon Masurica, the alleged lead administrator of cybercrime marketplace BlackDB.cc, was extradited to the United States on Friday and faces charges that carry a maximum penalty of 55 years in federal prison, the Justice Department said Tuesday.  Masurica, 33, who is also known as “@blackdb,” was arrested by authorities in Kosovo on Dec. 12. He made his initial appearance in...

Zoom fixes multiple security bugs in Workplace Apps, including a high-risk flaw. Users are urged to update to…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

It’s the second Tuesday of the month, and the final patch Tuesday before Pwn2Own Berlin. I know several contestants are sweating it out and hoping their entries are patched out. While they quiver with anticipation, take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the...

In episode 50 of The AI Fix, AI brings a slain man back from the dead so he can appear at his killer’s trial, Mark gets a mysterious phone call, Trump uses AI to become Pope Donald the First, Zuck ponders the nature of friendship, Apple says the quiet part out loud, xAI springs a leak, and a philosophy professor...

Popular student engagement platform iClicker’s website was compromised with a ClickFix attack. A fake “I’m not a robot”…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A security lapse on PrepHero, a college recruiting platform, exposed millions of unencrypted records, including sensitive personal details…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A man has been jailed in Ireland for two years after pleading guilty to offences related to his illegal online business that sold ransomware and other malware, as well as stolen credit card details, and false bank accounts. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first  –...

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. “Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign  – Read More  – The Hacker News 

Apple rolled out a series of substantial security updates Monday for its major software platforms, with advisories covering iOS, iPadOS, and two versions of macOS lines, addressing more than 30 vulnerabilities in total.  Among the numerous fixes, iOS 18.5 and iPadOS 18.5 introduce the first security update for Apple’s in-house C1 modem, featured in the newly released iPhone 16e. The...

As the Trump administration takes a hatchet to the federal government’s election security work and attempts to place conditions on funding to states, state and local election officials are pleading with lawmakers to provide robust support  they say  is crucial to keeping American elections secure. In a letter sent to leaders on the House and Senate Appropriations committees this week,...

The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.” “The group’s interest in Ukraine follows historical targeting  – Read...

The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale.  Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them.  The Most Powerful Person on the  – Read More ...

Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. “He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands,” officials said in a statement Monday. In conjunction with the  – Read More  – The Hacker...

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. “These exploits have resulted in a collection of related user data from targets in Iraq,” the Microsoft Threat Intelligence team said. “The targets of the attack are associated with the Kurdish ...

A hacker group claiming affiliation with Anonymous says it breached GlobalX Airlines, leaking sensitive flight and passenger data…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Federal authorities seized two domains and indicted four foreign individuals for alleged involvement in a long-running botnet service that infected older wireless internet routers, the Justice Department said Friday.  The malware created for the botnet allowed infected routers to be reconfigured, which granted unauthorized access to third parties and made the routers available for sale as proxy servers on Anyproxy.net...

Federal authorities seized two domains and indicted four foreign individuals for alleged involvement in a long-running botnet service that infected older wireless internet routers, the Justice Department said Friday.  The malware created for the botnet allowed infected routers to be reconfigured, which granted unauthorized access to third parties and made the routers available for sale as proxy servers on Anyproxy.net...

Check Point’s April 2025 malware report reveals increasingly sophisticated and hidden attacks using familiar malware like FakeUpdates, Remcos,…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that’s designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a  – Read...

What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It’s not just clever—it’s  – Read More  –...

With the digital transformation movement sweeping the world and cyber threats evolving simultaneously to pose greater and greater…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian’s State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack  – Read More ...

Varonis reveals attackers are using SEO poisoning to trick IT admins into downloading malware, alongside a critical root…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. “Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns,”  – Read More  – The Hacker News 

Germany’s Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform. The operation was carried out on April 30, 2025, authorities said, adding they also confiscated 8 terabytes worth of data and cryptocurrency assets  – Read More  –...

Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users’ personal location and maintaining their facial recognition data without consent. The $1.375 billion payment dwarfs the fines the tech giant has paid to settle similar lawsuits brought by other U.S. states. In November 2022, it paid...