Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

Ransomware kingpin “Stern” apparently IDed by German law enforcement

BSA names Vi ta ly Ni ko lae vich Kovalev is "Stern," the leader of Trickbot. For years, members of the Russian cybercrime cartel Trickbot unleashed a relentless hacking spree

Published: 2025-05-31T13:32:08



Biz & IT Ars Technica

Thousands of Asus routers are being hit with stealthy, persistent backdoors

Backdoor giving full administrative control can survive reboots and firmware updates. Thousands of home and small office routers manufactured by Asus are being infected with a

Published: 2025-05-28T22:12:07



The Register - Software

Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion, Google warns

Victims include hospitality, retail and education sectors A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations into installing a modifi

Published: 2025-06-04T15:05:38



The Register - Software

Microsoft patches the patch that put Windows 11 in a coma

Out-of-band is becoming the norm rather than the exception Microsoft is patching another patch that dumped some PCs into recovery mode with an unhelpful error code.

Published: 2025-06-03T13:33:05



The Register - Software

Crims defeat human intelligence with fake AI installers they poison with ransomware

Take care when downloading AI freebies, researcher tells The Register Criminals are using installers for fake AI software to distribute ransomware and other destructive malware.

Published: 2025-05-30T10:25:11



The Register - Software

Microsoft's May Patch Tuesday update fails on some Windows 11 VMs

'The operating system couldn't be loaded' is never a great message Microsoft's latest Patch Tuesday update is failing to install on some Windows 11 machines, mostly virtual ones, and dumping them into recovery mode with a boot error. Its only recomme

Published: 2025-05-29T21:46:42



Security | The Verge

LexisNexis leaked social security numbers and other personal data of over 364,000 people

The data analytics firm LexisNexis Risk Solutions says it suffered a breach that could have exposed the names, Social Security numbers, contact information, and driver's license numbers of over 364,000 people, as reported earlier by TechCrunch. In a notice filed with the state of Maine, LexisNexis says an unauthorized third party accessed its data through […] The data analytics firm LexisNexis Risk Solutions says it suffered a breach that could have exposed the names, Social Security numbers, contact information, and driver’s license numbers of over 364,000 people, as reported earlier by TechCrunch. In ...

Published: 2025-05-28T12:44:57



BleepingComputer

New Mirai botnet infect TBK DVR devices via command injection flaw

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. [...]

Published: 2025-06-08T10:17:27



BleepingComputer

Malware found in NPM packages with 1 million weekly downloads

A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). [...]

Published: 2025-06-07T15:31:21



BleepingComputer

Malicious npm packages posing as utilities delete project directories

Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. [...]

Published: 2025-06-07T10:11:21



BleepingComputer

Tax resolution firm Optima Tax Relief hit by ransomware, data leaked

U.S. tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company. [...]

Published: 2025-06-06T13:14:17



BleepingComputer

Kettering Health confirms Interlock ransomware behind cyberattack

Healthcare giant Kettering Health, which manages 14 medical centers in Ohio, confirmed that the Interlock ransomware group breached its network and stole data in a May cyberattack. [...]

Published: 2025-06-06T11:26:10



BleepingComputer

New PathWiper data wiper malware hits critical infrastructure in Ukraine

A new data wiper malware named 'PathWiper' is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. [...]

Published: 2025-06-06T10:40:31



BleepingComputer

Critical Fortinet flaws now exploited in Qilin ransomware attacks

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. [...]

Published: 2025-06-06T09:53:40



BleepingComputer

FBI: BADBOX 2.0 Android malware infects millions of consumer devices

The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. [...]

Published: 2025-06-05T17:35:43



Threat Intelligence

The Cost of a Call: From Voice Phishing to Data Extortion

Introduction Google Threat Intelligence Group (GTIG) is tracking UNC6040, a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns specifically designed to compromise organizations' Salesforce instances for large

Published: 2025-06-04T14:00:00



Threat Intelligence

Mark Your Calendar: APT41 Innovative Tactics

Written by: Patrick Whitsell Google Threat Intelligence Group’s (GTIG) mission is to protect Google’s billions of users and Google’s multitude of products and services. In late October 2024, GTIG discovered an exploited government website hosting m

Published: 2025-05-28T14:00:00



Threat Intelligence

Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites

Written by: Diana Ion, Rommel Joven, Yash Gupta Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, in particular those tools which can be used to generate videos bas

Published: 2025-05-27T05:00:00



Krebs on Security

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime g...

Published: 2025-05-28T17:41:47



The Register - Security

Enterprises are getting stuck in AI pilot hell, say Chatterbox Labs execs

Security, not model performance, is what's stalling adoption Interview Before AI becomes commonplace in enterprises, corporate leaders have to commit to an ongoing security testing regime tuned to the nuances of AI models.

Published: 2025-06-08T13:00:12



The Register - Security

ChatGPT used for evil: Fake IT worker resumes, misinfo, and cyber-op assist

OpenAI boots accounts linked to 10 malicious campaigns Fake IT workers possibly linked to North Korea, Beijing-backed cyber operatives, and Russian malware slingers are among the baddies using ChatGPT for evil, according to OpenAI's latest threat report.

Published: 2025-06-06T19:56:37



The Register - Security

Fresh strain of pro-Russian wiper flushes Ukrainian critical infrastructure

Destructive malware has been a hallmark of Putin's multi-modal war A new strain of wiper malware targeting Ukrainian infrastructure is being linked to pro-Russian hackers, in the latest sign of Moscow's evolving cyber tactics.

Published: 2025-06-06T16:01:13



The Register - Security

Uncle Sam moves to seize $7.7M laundered by North Korean IT worker ring

The cash has been frozen for more than two years The US is looking to finally capture the $7.74 million it froze over two years ago after indicting alleged money launderers it claims are behind North Korean IT worker schemes.

Published: 2025-06-06T13:14:53



The Register - Security

Your ransomware nightmare just came true now what?

Don't negotiate unless you must, and if so, drag it out as long as you can Feature So, the worst has happened. Computer screens all over your org are flashing up a warning that you've been infected by ransomware, or you've got a message that someone's been stealing information from your server.

Published: 2025-06-06T11:30:08



The Register - Security

Uncle Sam puts $10M bounty on RedLine dev and Russia-backed cronies

Any info on Maxim Rudometov and his associates? There's $$$ in it for you The US government is offering up to $10 million for information on foreign government-backed threat actors linked to the RedLine malware, including its suspected developer, Maxim Alexandrovich Rudometov.

Published: 2025-06-05T23:04:24



The Register - Security

AT&T not sure if new customer data dump is d j vu

Re-selling info from an earlier breach? Probably. But which one? AT&T is investigating claims that millions of its customers' data are listed for sale on a cybercrime forum in what appears to be a re-release from an earlier hack.

Published: 2025-06-05T22:05:31



The Register - Security

Cellebrite buys Corellium to help cops bust phone encryption

Trump-pardoned hacker Chris Wade will join the company as CTO Cellebrite has announced a $170 million deal to buy Corellium, bringing together two companies that have made names for themselves by helping law enforcement break into encrypted devices.

Published: 2025-06-05T20:10:14



The Register - Security

Trump's cyber czar pick grilled over CISA cuts: If we have a cyber 9/11, you re the guy

Plus: Plankey's confirmation process 'temporarily delayed' Sean Cairncross, President Donald Trump's nominee to serve as national cyber director, doubled down on taking offensive cyber actions against foreign adversaries during a Senate homeland security committee nomination hearing on Thursday, and refused to condemn the president's proposed cuts to the main US cyber defense agency.

Published: 2025-06-05T19:40:48



The Register - Security

BidenCash busted as Feds nuke stolen credit card bazaar

Dark web crime platform raked in $17M+ over three years of operation Uncle Sam has seized 145 domains tied to BidenCash, the notorious dark web market that trafficked in more than 15 million stolen credit cards.

Published: 2025-06-05T17:06:27



The Register - Security

More than a hundred backdoored malware repos traced to single GitHub user

Someone went to great lengths to prey on the next generation of cybercrooks Sophos thinks a single person or group called "ischhfd83" is behind more than a hundred backdoored malware variants targeting novice cybercriminals and video game cheaters looking to get their hands on malicious code.

Published: 2025-06-05T14:33:06



The Register - Security

HMRC: Crooks broke into 100k accounts, stole 43M from British taxpayer in late 2024

It's definitely not a cyberattack though! Really! The UK's tax collections agency says cyberbaddies defrauded it of 47 million ($63 million) late last year, but insists the criminal case was not a cyberattack.

Published: 2025-06-05T10:34:42



The Register - Security

AI kept 15-year-old zombie vuln alive, but its time is drawing near

Researchers have come up with a fix for a path traversal bug first spotted in 2010 A security bug that surfaced fifteen years ago in a public post on GitHub has survived developers' attempts on its life.

Published: 2025-06-05T06:29:12



The Register - Security

China accuses Taiwan of running five feeble APT gangs, with US help

The authors who claimed America hacked itself to discredit Beijing are back with another report China's National Computer Virus Emergency Response Center on Thursday published a report in which it claims Taiwan targeted it with a years-long cyber offensive, backed by the USA, but which was so feeble Beijing complains compared it to an ant trying to shake a tree .

Published: 2025-06-05T04:49:02



The Register - Security

IBM Cloud login breaks for second time this week and Big Blue isn't saying why

To make matters worse, IBM's security software has a critical vuln caused by an exposed password IBM isn't having its best week after the company experienced another cloudy outage and a critical-rated vulnerability.

Published: 2025-06-05T02:32:09



The Register - Security

Play ransomware crims exploit SimpleHelp flaw in double-extortion schemes

Recompiled binaries and phone threats used to boost the pressure Groups linked with the Play ransomware have exploited more than 900 organizations, the FBI said Wednesday, and have developed a number of new techniques in their double-extortion campaigns - including exploiting a security flaw in remote-access tool SimpleHelp if orgs haven't patched it.

Published: 2025-06-04T23:40:05



The Register - Security

Ukraine strikes Russian bomber-maker with hack attack

Drones are not enough Following a daring drone attack on Russian airfields, Ukrainian military intelligence has reportedly also hacked the servers of Tupolev, the Kremlin's strategic bomber maker.

Published: 2025-06-04T20:53:58



The Register - Security

Ransomware scum leak patient data after disrupting chemo treatments at Kettering

Literally adding insult to injury Kettering Health patients who had chemotherapy sessions and pre-surgery appointments canceled due to a ransomware attack in May now have to deal with the painful prospect that their personal info may have been leaked online.

Published: 2025-06-04T19:42:09



The Register - Security

Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion, Google warns

Victims include hospitality, retail and education sectors A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations into installing a modified version of Salesforce's Data Loader that allows the crims to steal sensitive data.

Published: 2025-06-04T15:05:38



The Register - Security

Crims stole 40,000 people's data from our network, admits publisher Lee Enterprises

Did somebody say ransomware? Not the newspaper group, not even to deny it Regional newspaper publisher Lee Enterprises says data belonging to around 40,000 people was stolen during an attack on its network earlier this year.

Published: 2025-06-04T13:35:14



The Register - Security

UK CyberEM Command to spearhead new era of armed conflict

Government details latest initiative following announcement last week Revealing more details about the Cyber and Electromagnetic (CyberEM) military domain, the UK's Ministry of Defence (MoD) says "there are pockets of excellence" but improvements must be made to ensure the country's capability meets the needs of national defense.

Published: 2025-06-04T09:21:14



The Register - Security

Ukraine war spurred infosec vet Mikko Hypp nen to pivot to drones

Why? There's a war in Europe, Finland has a belligerent neighbor, and cyber is a settled field Interview Mikko Hypp nen has spent the last 34 years creating security software that defends against criminals and state-backed actors, but now he's moving onto drone warfare.

Published: 2025-06-04T07:30:08



The Register - Security

Deliberate attack deletes shopping app's AWS and GitHub resources

CEO of India's KiranaPro, which brings convenience stores online, vows to name the perp The CEO of Indian grocery ordering app KiranaPro has claimed an attacker deleted its GitHub and AWS resources in a targeted and deliberate attack and vowed to name the perpetrator.

Published: 2025-06-04T03:58:11



The Register - Security

Meta pauses mobile port tracking tech on Android after researchers cry foul

Zuckercorp and Yandex used localhost loophole to tie browser data to app users, say boffins Security researchers say Meta and Yandex used native Android apps to listen on localhost ports, allowing them to link web browsing data to user identities and bypass typical privacy protections.

Published: 2025-06-03T23:18:04



The Register - Security

You say Cozy Bear, I say Midnight Blizzard, Voodoo Bear, APT29

Microsoft, CrowdStrike, and pals promise clarity on cybercrew naming, deliver alias salad instead Opinion Microsoft and CrowdStrike made a lot of noise on Monday about teaming up with other threat-intel outfits to "bring clarity to threat-actor naming."

Published: 2025-06-03T22:21:05



The Register - Security

Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild

TAG team spotted the V8 bug first, so you can bet nation-states weren't far behind Google revealed Monday that it had quietly deployed a configuration change last week to block active exploitation of a Chrome zero-day.

Published: 2025-06-03T19:23:09



The Register - Security

X's new 'encrypted' XChat feature seems no more secure than the failure that came before it

Musk's 'Bitcoin-style encryption' claim has experts scratching their heads Elon Musk's X social media platform is rolling out a new version of its direct messaging feature that the platform owner said had a "whole new architecture," but as with many a Muskian proclamation, there's reason to doubt what's been said.

Published: 2025-06-03T18:02:08



The Register - Security

Crooks fleece The North Face accounts with recycled logins

Outdoorsy brand blames credential stuffing Joining the long queue of retailers dealing with cyber mishaps is outdoorsy fashion brand The North Face, which says crooks broke into some customer accounts using login creds pinched from breaches elsewhere.

Published: 2025-06-03T17:39:24



The Register - Security

Microsoft patches the patch that put Windows 11 in a coma

Out-of-band is becoming the norm rather than the exception Microsoft is patching another patch that dumped some PCs into recovery mode with an unhelpful error code.

Published: 2025-06-03T13:33:05



The Register - Security

Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable

To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings Up to a quarter of all cloud users are at risk of having their computing resources stolen and used to illicitly mine for cryptocurrency, after crims cooked up a campaign that targets publicly accessible DevOps tools.

Published: 2025-06-03T11:23:15



The Register - Security

Bling slinger Cartier tells customers to be wary of phishing attacks after intrusion

Nothing terribly valuable taken in data heist, though privacy a little tarnished Global jewelry giant Cartier is writing to customers to confirm their data was exposed to cybercriminals that broke into its systems.

Published: 2025-06-03T09:52:21



The Register - Security

Ukrainians smuggle drones hidden in cabins on trucks to strike Russian airfields

A real-world Trojan Horse attack Ukraine claims it launched a cunning drone strike on Sunday against multiple Russian airbases, hitting over 40 military aircraft and inflicting an estimated $7 billion in damage, in an operation dubbed "Spiderweb."

Published: 2025-06-02T20:04:19



The Register - Security

US community bank says thieves drained customer data through third party hole

Disclosure at MainStreet Bancshares comes as American finance orgs beg for looser reporting requirements Community bank MainStreet Bancshares says thieves stole data belonging to some of its customers during an attack on a third-party provider.

Published: 2025-06-02T12:27:13



The Register - Security

Lumma infostealer takedown may have inflicted only a flesh wound as crew keeps pinching and selling data

PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more! Infosec In Brief Despite last week's FBI announcement that it helped to take down the crew behind the Lumma infostealer, the malware continues to operate.

Published: 2025-06-02T01:16:14



The Register - Security

Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

'It's a high-stakes intelligence war,' analyst explains exclusive A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names.

Published: 2025-05-31T10:23:08



The Register - Security

ConnectWise customers get mysterious warning about 'sophisticated' nation-state hack

Pen tester on ScreenConnect bug: This one terrifies me ConnectWise has brought in the big guns to investigate a "sophisticated nation state actor" that broke into its IT environment and then breached some of its customers.

Published: 2025-05-30T19:01:49



The Register - Security

Feds arrest DoD techie, claim he dumped top secret files in park for foreign spies to find

28-year-old alleged to have made multiple drops to folks who turned out to be undercover FBI agents A Defense Intelligence Agency (DIA) IT specialist is scheduled to appear in court today after being caught by the FBI trying to surreptitiously drop top secret information to a foreign government in a public park.

Published: 2025-05-30T18:29:11



The Register - Security

US medical org pays $50M+ to settle case after crims raided data and threatened to swat cancer patients

Cash splashed on damages, infrastructure improvements, and fraud monitoring A Seattle cancer facility has agreed to fork out around $52.5 million as part of a class action settlement linked to a Thanksgiving 2023 cyberattack where criminals directly threatened cancer patients with swat attacks.

Published: 2025-05-30T17:35:07



The Register - Security

Meta yep, Facebook Meta is now a defense contractor

Giving people the power to build community and bring the world closer together so we can shoot them Meta has partnered with Anduril Industries to build augmented and virtual reality devices for the military, eight years after it fired the defense firm's founder, Palmer Luckey.

Published: 2025-05-30T16:32:11



The Register - Security

Crims defeat human intelligence with fake AI installers they poison with ransomware

Take care when downloading AI freebies, researcher tells The Register Criminals are using installers for fake AI software to distribute ransomware and other destructive malware.

Published: 2025-05-30T10:25:11



The Register - Security

Data watchdog put cops on naughty step for lost CCTV footage

Greater Manchester Police reprimanded over hours of video that went AWOL The UK's data watchdog has reprimanded Greater Manchester Police (GMP) force for losing CCTV footage the cop shop was later requested to retain.

Published: 2025-05-30T09:29:14



The Register - Security

The UK wants you to sign up for 1B cyber defense force

War in Ukraine causes major rethink in policy and spending The UK is spending more than 1 billion ($1.35 billion) setting up a new Cyber and Electromagnetic Command and is recruiting a few good men and women to join up and staff it.

Published: 2025-05-30T08:31:10



The Register - Security

Infosecurity Europe 2025 drives cybersecurity priorities amid growing global risks

Infosecurity Europe celebrates its 30th anniversary by doubling down on its mission: Building a Safer Cyber World. Returning to ExCeL London from 3-5 June, the landmark edition of Europe's most influential cybersecurity event is set to be its most ambitious yet. With global cyberthreats mounting in scale and sophistication, the 2025 show will deliver strategic insight, practical training, and powerful connections across three days of expert content and community collaboration.

Published: 2025-05-30T08:00:16



The Register - Security

Security outfit SentinelOne's services back online after lengthy outage

Probably not a cyber-incident, but definitely not a good look Security services vendor SentinelOne experienced a major outage on Thursday.

Published: 2025-05-30T00:33:15



The Register - Security

Feds gut host behind pig butchering scams that bilked $200M from Americans

Philippines company allegedly run by Chinese national has form running scams The US Treasury has sanctioned a Philippine company and its administrator after linking them to the infrastructure behind the majority of so-called "pig butchering" scams reported to the FBI.

Published: 2025-05-30T00:15:13



The Register - Security

Microsoft's May Patch Tuesday update fails on some Windows 11 VMs

'The operating system couldn't be loaded' is never a great message Microsoft's latest Patch Tuesday update is failing to install on some Windows 11 machines, mostly virtual ones, and dumping them into recovery mode with a boot error. Its only recommendation to avoid the problem for now is to dodge the update.

Published: 2025-05-29T21:46:42



The Register - Security

Why is China deep in US networks? 'They're preparing for war,' HR McMaster tells lawmakers

House Homeland Security Committee takes a field trip to Silicon Valley Chinese government spies burrowed deep into American telecommunications systems and critical infrastructure networks for one reason, according to retired US Army Lt. Gen. H.R. McMaster.

Published: 2025-05-29T19:51:33



The Register - Security

8,000+ Asus routers popped in 'advanced' mystery botnet plot

No formal attribution made but two separate probes hint at the same suspect Thousands of Asus routers are currently ensnared by a new botnet that is trying to disable Trend Micro security features before exploiting vulnerabilities for backdoor access.

Published: 2025-05-29T16:23:09



The Register - Security

Billions of cookies up for grabs as experts warn over session security

Law enforcement crackdowns are gathering pace but online marketplaces still teeming with valuable tokens A VPN vendor says billions of stolen cookies currently on sale either on dark web or Telegram-based marketplaces remain active and exploitable.

Published: 2025-05-29T12:23:14



The Register - Security

European Commission: Make Europe Great Again... for startups

Sick of paying the US tech tax and relinquishing talent to other continents, politicians finally wake up The European Commission (EC) has kicked off a scheme to make Europe a better place to nurture global technology businesses, providing support throughout their lifecycle, from startup through to maturity.

Published: 2025-05-29T09:26:11



Security Latest

The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking

Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more.

Published: 2025-06-07T10:30:00



Security Latest

Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

In an effort to evade detection, cybercriminals are increasingly turning to “residential proxy” services that cover their tracks by making it look like everyday online activity.

Published: 2025-06-06T19:05:57



Security Latest

Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect

Crypto-tracing firm Chainalysis says the mysterious 300-bitcoin donation to the pardoned Silk Road creator appears to have come from someone associated with a different defunct black market: AlphaBay.

Published: 2025-06-05T18:50:16



Security Latest

What Really Happened in the Aftermath of the Lizard Squad Hacks

On Christmas Day in 2014 hackers knocked out the Xbox and PlayStation gaming networks, impacting how video game companies handled cybersecurity for years.

Published: 2025-06-05T10:00:00



Security Latest

ICE Quietly Scales Back Rules for Courthouse Raids

A requirement that ICE agents ensure courthouse arrests don’t clash with state and local laws has been rescinded by the agency. ICE declined to explain what that means for future enforcement.

Published: 2025-06-04T22:24:17



Security Latest

The Race to Build Trump’s ‘Golden Dome’ Missile Defense System Is On

President Donald Trump has proposed building a massive antimissile system in space that could enrich Elon Musk if it materializes. But experts say the project’s feasibility remains unclear.

Published: 2025-06-04T10:30:00



Security Latest

You're Not Ready

Seems bad out there. Unfortunately, it can always get worse. From evil hacker AI to world-changing cyberattacks, WIRED envisions the future you haven't prepared for.

Published: 2025-06-04T10:00:00



Security Latest

The Texting Network for the End of the World

Everyone knows what it’s like to lose cell service. A burgeoning open source project called Meshtastic is filling the gap for when you’re in the middle of nowhere or when disaster strikes.

Published: 2025-06-04T10:00:00



Security Latest

Deepfake Scams Are Distorting Reality Itself

The easy access that scammers have to sophisticated AI tools means everything from emails to video calls can’t be trusted.

Published: 2025-06-04T10:00:00



Security Latest

See How Much Faster a Quantum Computer Will Crack Encryption

A quantum computer will likely one day be able to break the encryption protecting the world's secrets. See how much faster such a machine could decrypt a password compared to a present-day supercomputer.

Published: 2025-06-04T10:00:00



Security Latest

The US Grid Attack Looming on the Horizon

A major cyberattack on the US electrical grid has long worried security experts. Such an attack wouldn’t be easy. But if an adversary pulled it off, it’d be lights out in more ways than one.

Published: 2025-06-04T10:00:00



Security Latest

A GPS Blackout Would Shut Down the World

GPS jamming and spoofing attacks are on the rise. If the global navigation system the US relies on were to go down entirely, it would send the world into unprecedented chaos.

Published: 2025-06-04T10:00:00



Security Latest

The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare

In the very near future, victory will belong to the savvy blackhat hacker who uses AI to generate code at scale.

Published: 2025-06-04T10:00:00



Security Latest

How the Farm Industry Spied on Animal Rights Activists and Pushed the FBI to Treat Them as Bioterrorists

For years, a powerful farm industry group served up information on activists to the FBI. Records reveal a decade-long effort to see the animal rights movement labeled a “bioterrorism” threat.

Published: 2025-06-03T16:21:20



Security Latest

A Hacker May Have Deepfaked Trump’s Chief of Staff in a Phishing Campaign

Plus: An Iranian man pleads guilty to a Baltimore ransomware attack, Russia’s nuclear blueprints get leaked, a Texas sheriff uses license plate readers to track a woman who got an abortion, and more.

Published: 2025-05-30T18:42:45



Security Latest

Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin

The elusive boss of the Trickbot and Conti cybercriminal groups has been known only as “Stern.” Now, German law enforcement has published his alleged identity and it’s a familiar face.

Published: 2025-05-30T13:22:09



Security Latest

A Swedish MMA Tournament Spotlights the Trump Administration's Handling of Far-Right Terrorism

A member of a California-based fight club seems to have attended an event hosted by groups with ties to an organization the US government labeled a terrorist group. Will the Trump administration care?

Published: 2025-05-29T18:14:03



Security Latest

The US Is Storing Migrant Children’s DNA in a Criminal Database

Customs and Border Protection has swabbed the DNA of migrant children as young as 4, whose genetic data is uploaded to an FBI-run database that can track them if they commit crimes in the future.

Published: 2025-05-29T10:30:00



Security Latest

The Privacy-Friendly Tech to Replace Your US-Based Email, Browser, and Search

Thanks to drastic policy changes in the US and Big Tech’s embrace of the second Trump administration, many people are moving their digital lives abroad. Here are a few options to get you started.

Published: 2025-05-27T10:30:00



Security Latest

A Starter Guide to Protecting Your Data From Hackers and Corporations

Hackers. AI data scrapes. Government surveillance. Thinking about where to start when it comes to protecting your online privacy can be overwhelming. Here’s a simple guide for you and anyone who claims they have nothing to hide.

Published: 2025-05-26T10:30:00



The Hacker News

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1

Published: 2025-06-08T19:17:00



The Hacker News

Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025

Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. "Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher

Published: 2025-06-08T13:31:00



The Hacker News

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. "macOS users are served a

Published: 2025-06-06T21:55:00



The Hacker News

Empower Users and Protect Against GenAI Data Loss

When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it file sharing, cloud storage and collaboration platforms AI landed in

Published: 2025-06-06T19:11:00



The Hacker News

Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam

India's Central Bureau of Investigation (CBI) has revealed that it has arrested six individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of

Published: 2025-06-06T18:42:00



The Hacker News

Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV

Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attacker’s mindset. This is where AEV comes in. AEV (Adversarial Exposure Validation) is an advanced

Published: 2025-06-06T16:00:00



The Hacker News

New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack

A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. "The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across

Published: 2025-06-06T14:05:00



The Hacker News

Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response

Published: 2025-06-05T21:23:00



The Hacker News

Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands

The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the Indian government. That's according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis. "Their diverse toolset shows consistent coding patterns across malware families, particularly in

Published: 2025-06-05T19:23:00



The Hacker News

Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation

Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts but executives want to understand risk in terms of financial exposure, operational impact, and avoiding loss. The

Published: 2025-06-05T16:55:00



The Hacker News

Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware

An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It's said to be active since September 2017, when it targeted

Published: 2025-06-05T16:29:00



The Hacker News

DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated with an illicit carding marketplace called BidenCash. "The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information," the DoJ said. "BidenCash

Published: 2025-06-05T15:46:00



The Hacker News

Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI

Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential vulnerability. "A

Published: 2025-06-05T11:07:00



The Hacker News

Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing (aka vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align with

Published: 2025-06-04T20:54:00



The Hacker News

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems. According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments. "Chaos RAT is an open-source RAT written in

Published: 2025-06-04T18:25:00



The Hacker News

Your SaaS Data Isn't Safe: Why Traditional DLP Solutions Fail in the Browser Era

Traditional data leakage prevention (DLP) tools aren't keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks

Published: 2025-06-04T17:43:00



The Hacker News

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx,

Published: 2025-06-04T15:41:00



The Hacker News

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution. "These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass,

Published: 2025-06-04T10:53:00



The Hacker News

Fake Docusign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified "malicious multi-stage downloader Powershell scripts" hosted on lure websites that masquerade as Gitcode and Docusign. "

Published: 2025-06-03T20:30:00



The Hacker News

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case of post-authenticated remote code execution via

Published: 2025-06-03T18:31:00



The Hacker News

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization

In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused currently looking like hundreds of millions in lost profits for M&S alone.  This coverage is extremely valuable for the cybersecurity community as it raises

Published: 2025-06-03T16:30:00



The Hacker News

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim's contacts list. "Recent

Published: 2025-06-03T15:04:00



The Hacker News

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137.  The update will affect all Transport Layer Security (TLS)

Published: 2025-06-03T13:18:00



The Hacker News

Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion

Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at Microsoft

Published: 2025-06-03T12:50:00



The Hacker News

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419 (CVSS score: 8.8), and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. "Out-of-bounds read and

Published: 2025-06-03T09:52:00



The Hacker News

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and

Published: 2025-06-02T21:33:00



The Hacker News

Preinstalled Apps on Ulefone, Kr ger&Matz Phones Let Any App Reset Device, Steal PIN

Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Kr ger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows - CVE-2024-13915 (CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone and

Published: 2025-06-02T20:42:00



The Hacker News

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below - CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the Graphics

Published: 2025-06-02T19:52:00



The Hacker News

Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More

If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late. This is how attacks happen now quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore they’re struggling to trust what their systems are telling them. The problem isn’t too

Published: 2025-06-02T16:53:00



The Hacker News

The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats

The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it can

Published: 2025-06-02T16:25:00



The Hacker News

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia.  "In what appears to be a multi-stage phishing operation, the attackers

Published: 2025-06-02T11:21:00



The Hacker News

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like

Published: 2025-05-31T15:49:00



The Hacker News

U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation

A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software. To that effect, the U.S. Department of Justice (DoJ) said it seized four domains and their associated server facilitated the crypting service on May 27, 2025, in

Published: 2025-05-31T12:46:00



The Hacker News

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as

Published: 2025-05-30T19:44:00



The Hacker News

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend

Published: 2025-05-30T16:42:00



The Hacker News

From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care

Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has

Published: 2025-05-30T16:00:00



The Hacker News

U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud

The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in

Published: 2025-05-30T13:21:00



The Hacker News

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very small number of ScreenConnect

Published: 2025-05-30T11:41:00



The Hacker News

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its quarterly Adversarial Threat Report. This included a network of 658 accounts on Facebook, 14 Pages, and

Published: 2025-05-30T09:39:00



The Hacker News

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan

Published: 2025-05-29T21:17:00



The Hacker News

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet. The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable. While the DOS header makes the executable file backward compatible

Published: 2025-05-29T18:46:00



The Hacker News

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that were

Published: 2025-05-29T16:04:00



The Hacker News

Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2). The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities. "Misuse of cloud

Published: 2025-05-29T11:29:00



The Hacker News

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social

Published: 2025-05-29T11:04:00



The Hacker News

Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore

An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand Bitcoin ransom payments.

Published: 2025-05-28T22:50:00



The Hacker News

Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack

The Czech Republic on Wednesday formally accused a threat actor associated with the People's Republic of China (PRC) of targeting its Ministry of Foreign Affairs. In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently not

Published: 2025-05-28T21:31:00



The Hacker News

Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access Even When Uploading Just One File

Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool. "This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,

Published: 2025-05-28T19:11:00



The Hacker News

New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. "Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server

Published: 2025-05-28T18:00:00



The Hacker News

From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign

Stealer malware no longer just steals passwords. In 2025, it steals live sessions and attackers are moving faster and more efficiently than ever. While many associate account takeovers with personal services, the real threat is unfolding in the enterprise. Flare’s latest research, The Account and Session Takeover Economy, analyzed over 20 million stealer logs and tracked attacker activity across

Published: 2025-05-28T16:55:00



The Hacker News

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in

Published: 2025-05-28T16:30:00



Security Affairs

Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages

A supply chain attack hit NPM, threat actors compromised 16 popular Gluestack packages, affecting 950K+ weekly downloads. Researchers from Aikido Security discovered a new supply chain attack targeted NPM, compromising 16 popular Gluestack ‘react-native-aria’ packages with over 950K weekly downloads. The attack began on June 6 at 4:33 PM EST with a malicious update to […]

Published: 2025-06-08T13:35:00



Security Affairs

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 48

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One Attacker exploits misconfigured AI tool to run AI-generated payload   Crocodilus Mobile Malware: Evolving Fast, Going Global   How Threat Actors Exploit Human Trust: A Breakdown of the […]

Published: 2025-06-08T11:35:30



Security Affairs

Security Affairs newsletter Round 527 by Pierluigi Paganini INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found 4 billion user records online, the largest known leak of Chinese personal data from […]

Published: 2025-06-08T11:20:49



Security Affairs

Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source

Over 4 billion user records were found exposed online in a massive breach, possibly linked to the surveillance of Chinese citizens. Cybersecurity researcher Bob Dyachenko and the Cybernews team discovered a massive data leak in China that exposed billions of documents, including financial, WeChat, and Alipay data, likely affecting hundreds of millions. Researchers speculate data […]

Published: 2025-06-07T17:22:19



Security Affairs

Attackers exploit Fortinet flaws to deploy Qilin ransomware

Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762, and CVE-2024-55591. “Phantom Mantis recently launched a coordinated intrusion campaign targeting multiple organizations between […]

Published: 2025-06-06T22:09:16



Security Affairs

Russia-linked threat actors targets Ukraine with PathWiper wiper

A Russia-linked threat actor targeted a critical infrastructure organization in Ukraine with a new destructive malware dubbed PathWiper. Russia-linked threat actor targeted Ukraine’s critical infrastructure with a new wiper named PathWiper. Cisco Talos researchers reported that attackers utilized a legitimate endpoint administration tool, indicating they had access to the administrative console, then used it to […]

Published: 2025-06-06T18:30:42



Security Affairs

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

The U.S. offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. infrastructure. The U.S. Department of State offers a reward of up to $10 million for information nation-state actors linked to the RedLine infostealer and its alleged author, Russian national Maxim […]

Published: 2025-06-06T11:12:23



Security Affairs

Play ransomware group hit 900 organizations since 2022

A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) states that Play ransomware has hit […]

Published: 2025-06-06T07:22:22



Security Affairs

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Google Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2025-5419, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Google released out-of-band updates to address three vulnerabilities […]

Published: 2025-06-05T21:03:56



Security Affairs

New versions of Chaos RAT target Windows and Linux systems

Acronis researchers reported that new Chaos RAT variants were employed in 2025 attacks against Linux and Windows systems. Acronis TRU researchers discovered new Chaos RAT variants targeting Linux and Windows in recent attacks. Originally seen in 2022, Chaos RAT evolved in 2024, with fresh samples emerging in 2025. TRU also discovered a critical flaw in […]

Published: 2025-06-05T20:29:16








© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us