The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday…
Category: EN
Inboxfuscation Tool Bypasses Exchange Inbox Rules and Evades Detection
Advanced persistent threat actors increasingly target Microsoft Exchange inbox rules to maintain persistence and siphon sensitive data without raising alarms. The newly released Inboxfuscation tool delivers a Unicode-based obfuscation framework capable of generating malicious inbox rules that slip past conventional…
Google Touts ‘Biggest Upgrade to Chrome in Its History’ With Gemini AI
Google embeds Gemini into Chrome in what it calls the browser’s biggest upgrade, adding features to summarize pages, combat scams, and simplify browsing. The post Google Touts ‘Biggest Upgrade to Chrome in Its History’ With Gemini AI appeared first on…
The Compliance Automation Mirage: Why Vendors Keep Failing and Where AI Finally Gets It Right
If you’ve been in the trenches of enterprise risk and compliance for any length of time, you’ve heard the pitch: “Automate your compliance and save your team hours.” Dozens of vendors have said it. Most have meant well. And nearly…
AI Forensics Help Europol Track 51 Children in Global Online Abuse Case
Europol and 18 countries used AI forensics to identify 51 child victims and 60 suspects in a global online abuse investigation. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original…
BlackLock Ransomware Targets Windows, Linux, and VMware ESXi Systems
BlackLock, a rebranded ransomware group formerly known as El Dorado, has emerged as a formidable threat to organizations worldwide. First identified in June 2024 when its Dedicated Leak Site (DLS) began exposing victim data, the gang is believed to have…
Subtle Snail Impersonation Tactics: How HR Representatives Can Engage Employees to Steal Login Credentials
Subtle Snail, an Iran-linked espionage group also tracked as UNC1549 under the Unyielding Wasp (Tortoiseshell) umbrella of the Charming Kitten network, has shifted its focus to European telecom, aerospace, and defense firms since June 2022. In a recent wave of…
Code Analysis Published for Chrome Type Confusion 0-Day Vulnerability
Google Chrome’s V8 JavaScript engine has long balanced speed and security for billions of users worldwide. On September 16, 2025, Google’s Threat Analysis Group discovered a critical zero-day flaw in the TurboFan compiler component of V8. Now tracked as CVE-2025-10585,…
Car giant Stellantis says customer data nicked after partner vendor pwned
Automaker insists only names and emails exposed, no financials Car giant Stellantis is admitting that attackers targeted one of its third-party partners, spilling its own customers’ details in the process.… This article has been indexed from The Register – Security…
Threat Actors Attacking ICS Computers With Malicious Scripts and Phishing Pages
Industrial automation systems have become the latest battleground for sophisticated cybercriminals who are deploying cleverly crafted malicious scripts and phishing pages to compromise ICS computers. Over the first half of 2025, attackers have increasingly shifted to web-based attack vectors, exploiting…
Threat Actors Impersonate FBI IC3 Website to Steal The Visitors’ Personal Information
A sophisticated spoofing campaign has emerged targeting the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3). Beginning in mid-September 2025, victims attempting to access IC3’s official portal were redirected to fraudulent domains crafted to mirror the legitimate site. The…
HoundBytes Launches Automated Security Analyst
The Romania-based company has launched WorkHorse and is preparing for a funding round to accelerate growth. The post HoundBytes Launches Automated Security Analyst appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: HoundBytes Launches…
Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)
If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting your instance compromised via CVE-2025-10035. About CVE-2025-10035 CVE-2025-10035 is a critical deserialization vulnerability…
God Mode Vulnerability Lets Attackers Access Any Resource in Microsoft Cloud Tenants
A recently disclosed flaw, tracked as CVE-2025-55241, allowed any attacker in possession of a single “Actor token” from a test or lab tenant to assume full administrative control over every Microsoft Entra ID (Azure AD) customer globally. Security researcher Dirk-Jan Mollema revealed…
EU agency ENISA says ransomware attack behind airport disruptions
The EU cybersecurity agency ENISA confirmed that airport check-in disruptions were caused by a cyberattack, and law enforcement is investigating. A cyber attack on Collins Aerospace disrupted check-in and boarding systems at major European airports, heavily impacting Heathrow, Brussels, and…
How to Gain Control of AI Agents and Non-Human Identities
We hear this a lot: “We’ve got hundreds of service accounts and AI agents running in the background. We didn’t create most of them. We don’t know who owns them. How are we supposed to secure them?” Every enterprise today…
ShadowLeak Exploit Exposed Gmail Data Through ChatGPT Agent
Radware researchers revealed a service-side flaw in OpenAI’s ChatGPT. The ShadowLeak attack had used indirect prompt injection to bypass defences and leak sensitive data, but the issue has since been fixed. This article has been indexed from Hackread – Latest…
Kawa4096 Ransomware Targets Multinational Corporations to Steal Sensitive Data
In June 2025, a previously unknown ransomware group dubbed Kawa4096 emerged, immediately drawing attention by targeting multinational organizations across diverse industries, including finance, education and services, in countries such as Japan and the United States. While no public evidence confirms…
Hackers Bypassing Windows Mark of the Web Files Using LNK Stomping Attack
A sophisticated attack technique called LNK Stomping has emerged as a critical threat to Windows security, exploiting a fundamental flaw in how the operating system handles shortcut files to bypass security controls. Designated as CVE-2024-38217 and patched on September 10,…
New Botnet Leverages DNS Misconfiguration to Launch Massive Cyber Attack
A previously unseen botnet campaign emerged in late November, using a novel combination of DNS misconfiguration and hijacked networking devices to propel a global malspam operation. Initial reports surfaced when dozens of organizations received what appeared to be legitimate freight…