SAN FRANCISCO — Leaders of various federal research agencies and departments outlined a vision Tuesday for the future of critical infrastructure security, emphasizing the promise of combining formal software development methods with large language models (LLMs).  Acting DARPA Director Rob McHenry told an audience at the RSAC 2025 Conference that such a combination could “virtually eliminate software vulnerabilities” across foundational...

A high court in the Indian state of Karnataka has ordered the blocking of end-to-end encrypted email provider Proton Mail across the country. The High Court of Karnataka, on April 29, said the ruling was in response to a legal complaint filed by M Moser Design Associated India Pvt Ltd in January 2025. The complaint alleged its staff had received...

SAN FRANCISCO — Homeland Security Secretary Kristi Noem outlined her plans Tuesday to refocus the Cybersecurity and Infrastructure Security Agency (CISA) on protecting critical infrastructure from increasingly sophisticated threats — particularly from China — while distancing the agency from what she characterized as mission drift under previous leadership. Speaking at the 2025 RSAC Conference, Noem provided the most detailed vision...

Cyber experts are urging Congress to ensure that a planned reorganization of the State Department continues to integrate cyber diplomacy at the highest levels of decision-making, while providing the resources, staffing and structure necessary to project American digital security policy abroad with both allies and adversaries. Secretary of State Marco Rubio’s reorganization plan would split up the Bureau of Cyberspace...

SAN FRANCISCO — Threat intelligence flowing from private companies to cybersecurity authorities and law enforcement agencies is critical to the disruption of malicious activities and the arrests of cybercriminals, security leaders at Amazon and CrowdStrike said Monday during the RSAC 2025 Conference.  When the private sector and governments interact well, actively participating and sharing resources to advance the common goal...

The cyberattack on Marks & Spencer (M&S) is linked to the notorious Scattered Spider group. Explore the severe…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Various generative artificial intelligence (GenAI) services have been found vulnerable to two types of jailbreak attacks that make it possible to produce illicit or dangerous content. The first of the two techniques, codenamed Inception, instructs an AI tool to imagine a fictitious scenario, which can then be adapted into a second scenario within the first one where there exists no...

Popular messaging app WhatsApp on Tuesday unveiled a new technology called Private Processing to enable artificial intelligence (AI) capabilities in a privacy-preserving manner. “Private Processing will allow users to leverage powerful optional AI features – like summarizing unread messages or editing help – while preserving WhatsApp’s core privacy promise,” the Meta-owned service said in a  – Read More  – The...

San Francisco, United States, 29th April 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

In episode 48 of The AI Fix, OpenAI releases the first AI models capable of novel scientific discoveries, ChatGPT users are sick of its relentlessly positive tone, our hosts say “Alexa” a lot, OpenAI eyes a social network of its own, and some robots run a half-marathon. Graham discovers AI Jesus and a great offer on some Casper mattresses, and...

The House passed a bill Monday evening that would criminalize using a person’s likeness to create nonconsensual deepfake pornography. The Take It Down Act sailed through the chamber on a vote of 402-2, marking one of the first major pieces of legislation passed by Congress to address AI-generated deepfakes. The bill makes it a federal crime to publicize nonconsensual imagery...

Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers. “We first became aware of this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees,” security  – Read More  – The Hacker News 

If you thought only your boss was peeking at your work screen, think again. Employee-monitoring tool Work Composer has committed a jaw-dropping blunder, leaving a treasure trove of millions of workplace screenshots openly accessible on the internet with no encryption in place, and no password required. Read more in my article on the Hot for Security blog.  – Read More ...

The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024, with complaints of ransomware attacks against critical sectors jumping 9% over the previous year. Read more in my article on the Tripwire State of Security blog.  – Read More  – Graham Cluley 

Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023.  Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances. “Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by...

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats – all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can generate reports, comb through data, or get instant answers just by asking Copilot.  However,  – Read More ...

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2025-1976 (CVSS score: 8.6) – A code injection flaw  – Read More  –...

British defence firms have reportedly warned staff not to connect their phones to Chinese-made EVs Mobile phones and desktop computers are longstanding targets for cyber spies – but how vulnerable are electric cars? On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with Chinese-made electric...

Postal codes now play a key role in cybersecurity, fraud prevention, and digital identity verification, raising new concerns…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A bill requiring the Department of Commerce to study national security issues posed by routers and modems controlled by U.S. adversaries passed the House on Monday, advancing legislation that lawmakers say is “crucial” to understanding the devices’ cybersecurity risks. The House has moved quickly on the Removing Our Unsecure Technologies to Ensure Reliability and Security (ROUTERS) Act, which was introduced...

SAN FRANCISCO — A sweeping public statement signed by more than 30 prominent cybersecurity professionals and academics has condemned what they describe as political retaliation against Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) and his employer, SentinelOne.  The letter, released Monday, comes in the wake of an executive order by President Donald Trump that...

BreachForums posts a PGP-signed message explaining the sudden April 2025 shutdown. Admins cite MyBB 0day vulnerability impacting the…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity companies don’t just defend their customers against cyberattacks — they also have to defend themselves, and a SentinelOne report published Monday examines some of the biggest threats they’re facing. Those include ransomware, Chinese government-sponsored hackers and North Korean IT workers posing as job applicants, according to the report from SentinelOne’s SentinelLabs. “In recent months, SentinelOne has observed and defended...

Darcula phishing platform adds AI to create multilingual scam pages easily. Netcraft warns of rising risks from Darcula-Suite…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Toronto, Canada, 28th April 2025, CyberNewsWire  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they’re not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip...

JokerOTP dismantled after 28,000 phishing attacks across 13 countries; UK and Dutch police arrest two suspects linked to £7.5M cyber fraud.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Not every security vulnerability is high risk on its own – but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder’s bug-hunting team, reveal how attackers turn overlooked flaws into serious security incidents. 1. Stealing AWS Credentials with a Redirect Server-Side Request Forgery (SSRF) is a  –...

Government and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the  – Read More  –...