Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also  – Read More  –...

Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges. “The most severe of ...

A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0. “Langflow contains a missing  – Read More  –...

TM SGNL, a chat app by US-Israeli firm TeleMessage used by Trump officials, halts operations after a breach…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Google addressed 47 vulnerabilities affecting Android devices in its May security update, including an actively exploited software defect that was first disclosed in March. Google said the high-severity vulnerability, CVE-2025-27363, “may be under limited, targeted exploitation.” The out-of-bounds write defect in FreeType versions 2.13.0 and below may result in arbitrary code execution, Facebook said in March when it disclosed the...

Federal prosecutors indicted a man believed to be living in Yemen with deploying ransomware against multiple U.S. and global organizations. Rami Khaled Ahmed, 36, allegedly infected businesses, schools and hospitals with “Black Kingdom” ransomware, U.S. prosecutors said Thursday. The U.S. Attorney’s Office for the Central District of California charged Ahmed, also known as “Black Kingdom,” with conspiracy, intentional damage to...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed. The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions  – Read More  – The...

Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple’s AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo. “These vulnerabilities can be chained by  – Read More  – The Hacker News 

ESET has discovered Spellbinder, a new tool used by the China-linked cyber espionage group TheWizards to conduct AitM…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity threats aren’t just aimed at servers or customer databases. They also target a company’s most vital but…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Are you aiming to develop an innovative startup that will make a boom effect in the modern market?…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Let’s be honest: if you’re one of the first (or the first) security hires at a small or midsize business, chances are you’re also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You’re not running a security department. You are THE security department. You’re getting pinged about RFPs in one area, and reviewing phishing alerts...

Cloudflare’s Q1 2025 DDoS Threat Report: DDoS attacks surged 358% YoY to 20.5M. Germany hit hardest; gaming and…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

What if attackers aren’t breaking in—they’re already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the breach—it’s not knowing who’s still...

The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. “TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information,” Recorded Future Insikt Group said. “TerraLogger, by contrast  – Read More  – The Hacker News 

watchTowr reveals active exploitation of SonicWall SMA 100 vulnerabilities (CVE-2024-38475 & CVE-2023-44221) potentially leading to full system takeover…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Oligo Security uncovers “AirBorne,” a set of 23 vulnerabilities in Apple AirPlay affecting billions of devices. Learn how…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Fake Qantas emails in a sophisticated phishing scam steal credit card and personal info from Australians, bypassing major…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system’s primary disk and render it unbootable. The names of the packages are listed below – github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy “Despite appearing legitimate,  – Read More  – The Hacker News 

An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed “extensive espionage operations and suspected network prepositioning – a tactic often used to maintain persistent access for future ...

The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States. Rami Khaled Ahmed of Sana’a, Yemen, has been charged with one count of conspiracy, one count of intentional damage to a protected computer, and one  –...

SAN FRANCISCO — Threat intelligence sharing is flowing between the private sector and federal government and remains unimpeded thus far by job losses and budget cuts across federal agencies that support the cyber mission, according to executives at major security firms. Top brass at Amazon, CrowdStrike, Google and Palo Alto Networks said there’s been no change to interactions with the...

German police seized the dark web shop Pygmalion, gaining access to customer data linked to over 7,000 drug…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

President Donald Trump’s fiscal 2026 budget proposal would slash $491 million from the budget of the Cybersecurity and Infrastructure Security Agency, according to a summary released Friday. That would amount to a nearly 17% reduction to the agency’s approximately $3 billion budget. The administration did not release a detailed itemization of the cuts, only an outline. “The Budget refocuses CISA...

Luxury retailer Harrods confirms a cyber attack attempt, restricting internet access but keeping its online store running. Learn…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Ireland’s Data Protection Commission (DPC) on Tuesday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users’ data to China. “TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements,” the DPC said in a statement. ”  – Read...

Bitdefender uncovers a massive surge in sophisticated subscription scams disguised as online shops and evolving mystery boxes. Learn…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike  – Read...

The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. “MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts,” Recorded Future’s Insikt Group said in a report shared with The Hacker News. “The malware employs sandbox and virtual machine evasion techniques, a domain  – Read More  – The...

A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default. “Brand new Microsoft accounts will now be ‘passwordless by default,’” Microsoft’s Joy Chik and Vasu Jakkal said. “New users will have several passwordless options for  –...

An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned. Image: Shutterstock, @sdx15. Philippe Caturegli,...

Federal authorities extradited a Ukrainian citizen to the United States on Wednesday to face charges for participating in a series of ransomware cyberattacks on organizations based in the U.S. and multiple European countries.  Artem Stryzhak, 35, was arrested in Spain in June 2024 and was scheduled to appear for arraignment Thursday in the U.S. District Court for the Eastern District...

SAN FRANCISCO — The senior director for cyber at the White House’s National Security Council told an audience Thursday that he wants to “destigmatize” offensive cyber operations, seeing them as a vital tool in the government’s playbook in its battle with foreign adversaries.  Alexei Bulazel told an audience at the RSAC 2025 conference that he views offensive cyber as “one...

Sonatype discovered ‘crypto-encrypt-ts’, a malicious npm package impersonating the popular CryptoJS library to steal crypto and personal data.…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

SAN FRANCISCO — Cryptography experts say the race to fend off future quantum-computer attacks has entered a decisive but measured phase, with companies quietly replacing the internet plumbing that the majority of the industry once considered unbreakable. Speaking at Cloudflare’s Trust Forward Summit on Wednesday, encryption leaders at IBM Research, Amazon Web Services and Cloudflare outlined how organizations are refitting...

SEO: Cybercriminals are using the recent power outages in Spain and Portugal to launch phishing attacks disguised as…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Two alleged leaders of the child sextortion group 764 were arrested and charged for directing and distributing child sexual abuse material, the Department of Justice said Thursday. Leonidas Varagiannis, 21, and Prasan Nepal, 20, face charges that carry a maximum penalty of life in prison.  Varagiannis, also known as “War,” and Nepal, also known as “Trippy,” are accused of running...