Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to attack Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet…
Category: EN
Cisco warns of a ClamAV bug with PoC exploit
Cisco addressed a ClamAV denial-of-service (DoS) vulnerability, and experts warn of the availability of a proof-of-concept (PoC) exploit code. Cisco has released security updates to address a ClamAV denial-of-service (DoS) vulnerability tracked as CVE-2025-20128. The Cisco PSIRT experts warn of…
CISA Warns of SonicWall 0-day RCE Vulnerability Exploited in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability, CVE-2025-23006, affecting SonicWall’s Secure Mobile Access (SMA) 1000 series appliances. This vulnerability, actively exploited in the wild, poses a severe risk to organizations relying…
Kubernetes Cluster RCE Vulnerability Let Attacker Takeover All Windows Nodes
A critical vulnerability in Kubernetes, designated as CVE-2024-9042, has been discovered, enabling attackers to execute remote code with SYSTEM privileges on all Windows nodes within a Kubernetes cluster. This vulnerability, identified by Akamai security researcher Tomer Peled, specifically affects the…
IntelBroker Resigned as a BreachForums Owner
IntelBroker, a key figure within the dark web’s BreachForums, has announced his resignation as the platform’s owner. This decision marks a significant shift for the forum, a major hub for cybercriminal activity, and follows a period of instability marked by…
Microsoft Entra ID Bug Allow Unprivileged Users to Change Their User Principal Names
Microsoft has allowed unprivileged users to update their own User Principal Names (UPNs) in Entra ID, sparking concerns over security and administrative oversight. To clarify, an unprivileged user can update the user principal name (UPN) for their own Entra ID…
10 Best Vulnerability Assessment and Penetration Testing (VAPT) Tools in 2025
Vulnerability Assessment and Penetration Testing (VAPT) tools are an integral part of any cybersecurity toolkit, playing a critical role in identifying, analyzing, and remediating security vulnerabilities in computer systems, networks, applications, and IT infrastructure. These tools enable organizations to proactively…
Empower Your DevOps with Robust Secrets Security
Are Your DevOps Truly Secured? As DevOps continue to streamline the software development process, have you considered how secure your practices truly are? An essential part of the answer lies within the realm of Non-Human Identities (NHIs) and Secrets Management…
Building Trust with Effective IAM Solutions
Why is Trust-Building Paramount in Cybersecurity? Have you considered how much trust we place in our cyber systems daily? It’s a silent bond we form without realizing it. We trust that our online interactions are secure, that our data is…
Ensuring Data Safety with Comprehensive NHIDR
How Crucial is Comprehensive NHI Management in Ensuring Data Safety? Are we doing all we can to ensure our data’s safety? One answer lies in the comprehensive management of Non-Human Identities (NHIs). As machine identities, these are critical in safeguarding…
Subaru Starlink flaw allowed experts to remotely hack cars
Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. Popular security researcher Sam Curry and he colleague Shubham Shah discovered a vulnerability in Subaru’s Starlink connected vehicle service that exposed vehicles and…
Why AI-Driven Cybercrime Is the Biggest Threat of 2025
AI in Cybercrimes: Rising Threats and Challenges Kuala Lumpur: The increasing use of artificial intelligence (AI) in cybercrimes is becoming a grave issue, says Datuk Seri Ramli Mohamed Yoosuf, Director of Malaysia’s Commercial Crime Investigation Department (CCID). Speaking at…
DEF CON 32 – Access Control Done Right The First Time
Author/Presenter: Tim Clevenger Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The…
UnitedHealth Group’s Massive Data Breach Impacts 190 Million Americans
UnitedHealth Group has confirmed that a ransomware attack targeted its subsidiary, Change Healthcare, in February 2024, impacting 190… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: UnitedHealth Group’s Massive…
Participants in the Pwn2Own Automotive 2025 earned $886,250
The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. The Pwn2Own Automotive 2025 hacking contest has ended, and participants earned $886,250 after demonstrating 49 zero-day flaws. Sina Kheirkhah (@SinSinology) of Summoning Team…
Why MFA Failures Signal Greater Cybersecurity Challenges
In the current cybersecurity era, multi-factor authentication (MFA) is widely recommended and often mandated across several sectors, making it one of the most popular security measures that are available. As stated by the Cybersecurity and Infrastructure Security Agency (CISA),…
ChatGPT Outage in the UK: OpenAI Faces Reliability Concerns Amid Growing AI Dependence
ChatGPT Outage: OpenAI Faces Service Disruption in the UK < p style=”text-align: justify;”> On Thursday, OpenAI’s ChatGPT experienced a significant outage in the UK, leaving thousands of users unable to access the popular AI chatbot. The disruption, which began…
The Frontier of Security: Safeguarding Non-Human Identities
Dropbox, Microsoft, Okta – not only are these all major software companies, but each of them has fallen victim to a supply chain attack due to a compromised non-human identity…. The post The Frontier of Security: Safeguarding Non-Human Identities appeared…
TRIPLESTRENGTH Targets Cloud for Cryptojacking, On-Premises Systems for Ransomware Attacks
Google unveiled a financially driven threat actor, TRIPLESTRENGTH, targeting cloud environments for cryptojacking and on-premise ransomware operations. “This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity,” Google Cloud…
A Looming Threat to Crypto Keys: The Risk of a Quantum Hack
The Quantum Computing Threat to Cryptocurrency Security < p style=”text-align: justify;”> The immense computational power that quantum computing offers raises significant concerns, particularly around its potential to compromise private keys that secure digital interactions. Among the most pressing fears…