PentestPad announced a major rollout of new features to its platform, built to transform how modern security teams deliver penetration testing and manage vulnerabilities, clients and deliverables. PentestPad is an all-in-one workspace designed for penetration testing companies, internal security teams,…
Category: EN
AI-Generated Law
On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and…
Researchers Unveiled a New Mechanism to Track Compartmentalized Threats
In May 2025, cybersecurity researchers from Cisco Talos and The Vertex Project announced a groundbreaking methodology to combat the rising trend of compartmentalized cyberattacks, where multiple threat actors collaborate to execute distinct stages of an intrusion. This shift from single-actor…
Node.js Vulnerability Allows Attackers to Crash the Process & Halt Services
The Node.js project has issued urgent security updates after disclosing a high-severity vulnerability that could allow remote attackers to crash Node.js processes, potentially halting critical services and causing widespread denial of service across affected systems. High-Severity Flaw: CVE-2025-23166 The vulnerability,…
Xanthorox – New BlackHat AI Tool Used to Launch Phishing & Malware Attacks
The Xanthorox tool first appeared on dark web forums and cybersecurity blogs in April 2025. Xanthorox is not just another rogue AI chatbot; it is a purpose-built, self-hosted artificial intelligence platform designed from the ground up to facilitate cybercrime. Unlike previous blackhat…
Threat Actors Exploit AI & LLM Tools to Begun Using Them as Offensive Tools
Cybercriminals are increasingly weaponizing generative AI and large language models (LLMs) like ChatGPT, Claude, and DeepSeek to automate exploit development, bypass security safeguards, and refine malware campaigns. According to a recent report by the S2W Threat Intelligence Center (TALON), dark…
Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws
Two ransomware groups and several Chinese APTs have been exploiting two recent SAP NetWeaver vulnerabilities. The post Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
Cybersecurity researchers have discovered a malicious package named “os-info-checker-es6” that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. “This campaign employs clever Unicode-based steganography to hide its initial malicious code and…
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. The activity,…
5 BCDR Essentials for Effective Ransomware Defense
Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed…
Police Shut Down Fake Trading Platform That Scammed Hundreds
Police in Europe have shut down a fake online trading platform that scammed hundreds of victims out of… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Police Shut…
Using a Mythic agent to optimize penetration testing
Kaspersky experts discuss optimizing penetration testing with an agent for the Mythic framework and object files for Cobalt Strike. This article has been indexed from Securelist Read the original article: Using a Mythic agent to optimize penetration testing
EU ‘Likely To Accept’ Microsoft Offer On Office, Teams
European Commission reportedly likely to accept Microsoft offer to ease competition with Office, Teams after antitrust complaints This article has been indexed from Silicon UK Read the original article: EU ‘Likely To Accept’ Microsoft Offer On Office, Teams
M&S Hackers ‘Targeting US Retailers’
Google security researcher says M&S, Co-op hackers also targeting US firms, highlights probable link to 2023 hacks of MGM and Caesars casinos This article has been indexed from Silicon UK Read the original article: M&S Hackers ‘Targeting US Retailers’
U.S. CISA adds a Fortinet flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability, tracked as CVE-2025-32756, to its Known Exploited Vulnerabilities (KEV)…
New HTTPBot Botnet Expanding Aggressively to Attack Windows Machines
A new botnet family named HTTPBot has emerged as a critical threat to the Windows ecosystem, leveraging sophisticated HTTP-based distributed denial-of-service (DDoS) attacks to disrupt high-value targets. First observed in August 2024, HTTPBot’s activity surged in April 2025, with attacks…
Nation State-Actors Attacking Healthcare Institutions to Sabotage IT & OT Systems
The healthcare sector faces an unprecedented surge in cyberattacks from nation-state actors seeking to disrupt critical IT infrastructure and operational technology (OT) systems. Since early 2024, advanced persistent threat (APT) groups linked to Iran, North Korea, and China have exploited…
macOS Security Guide – Safeguarding Against Adware and Malware
As macOS adoption grows, so does its attractiveness to cybercriminals. Recent reports reveal a 60% surge in macOS market share over three years, correlating with a dramatic escalation in sophisticated adware, infostealers, and malware-as-a-service (MaaS) campaigns. While Apple’s built-in defenses,…
Canadian Electric Utility Lists Customer Information Stolen by Hackers
Nova Scotia Power says a wide range of personal and financial information was stolen in the recent cyberattack. The post Canadian Electric Utility Lists Customer Information Stolen by Hackers appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Russia-linked hackers target webmail servers in Ukraine-related espionage operation
ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential data…