A sophisticated cyberattack campaign targeting Microsoft Internet Information Services (IIS) servers has emerged, exploiting decades-old security vulnerabilities to deploy malicious modules that enable remote command execution and search engine optimization fraud. The operation, which came to light in late August…
Category: EN
Google Warns of Threat Actors Using Fake Job Posting to Deliver Malware and Steal Credentials
Cybercriminals have adopted a sophisticated social engineering strategy that exploits the trust inherent in job hunting, according to a recent security advisory. A financially motivated threat cluster operating from Vietnam has been targeting digital advertising and marketing professionals through fake…
Top 10 Best Cloud Workload Protection Platforms (CWPP) in 2025
The cloud landscape in 2025 continues its unprecedented growth, with organizations of all sizes rapidly migrating critical workloads to public, private, and hybrid cloud environments. While cloud providers meticulously secure their underlying infrastructure, the onus of protecting everything within that…
Hackers Use ClickFix Technique to Deploy NetSupport RAT Loaders
Cybercriminals are increasingly using a technique known as “ClickFix” to deploy the NetSupport remote administration tool (RAT) for malicious purposes. According to a new report from eSentire’s Threat Response Unit (TRU), threat actors have shifted their primary delivery strategy from…
Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed
A DDoS attack on Russia’s food safety agency Rosselkhoznadzor disrupted food shipments by crippling its VetIS and Saturn tracking systems. A DDoS cyberattack on Russia’s food safety agency, Rosselkhoznadzor, disrupted nationwide food shipments by knocking offline its VetIS and Saturn…
North Korean Hackers Attacking Unmanned Aerial Vehicle Industry to Steal Confidential Data
North Korean state-sponsored hackers from the Lazarus APT group launched a cyberespionage campaign targeting European companies involved in unmanned aerial vehicle development. Starting in late March 2025, attackers compromised three defense organizations across Central and Southeastern Europe, deploying advanced malware…
Hackers Exploit WordPress Arbitrary Installation Vulnerabilities in the Wild
Cybersecurity firm Wordfence has uncovered a renewed wave of mass exploitation targeting critical vulnerabilities in two popular WordPress plugins, allowing unauthenticated attackers to install malicious software and potentially seize control of websites. The flaws, first disclosed in late 2024, affect…
Ransomware Actors Targeting Global Public Sectors and Critical Services in Targeted Attacks
In 2025, ransomware attacks against the public sector continue to accelerate at an alarming rate, showing no signs of slowing down despite increased cybersecurity awareness and defensive measures. Throughout the year, approximately 196 public sector entities worldwide have fallen victim…
OpenAI ChatGPT Atlas Browse Jailbroken to Disguise Malicious Prompt as URLs
OpenAI’s newly launched ChatGPT Atlas browser, designed to blend AI assistance with web navigation, faces a serious security flaw that allows attackers to jailbreak the system by disguising malicious prompts as harmless URLs. This vulnerability exploits the browser’s omnibox, a…
New Phishing Attack Bypasses Using UUIDs Unique to Bypass Secure Email Gateways
A sophisticated phishing campaign leveraging randomly generated Universal Unique Identifiers (UUIDs) has emerged, successfully bypassing Secure Email Gateways (SEGs) and evading perimeter defenses. The attack employs an advanced JavaScript-based phishing script combining random domain selection, dynamic UUID generation, and server-driven…
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild
Cybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, allows unauthenticated attackers to run arbitrary code on…
Qantas Data Leak Highlights Rising Airline Cyberattacks and Identity Theft Risks
Airlines continue to attract the attention of cybercriminals due to the vast amounts of personal data they collect, with passports and government IDs among the most valuable targets. According to privacy firm Incogni, the exposure of such documents poses…
NCSC Warns of Rising Cyber Threats Linked to China, Urges Businesses to Build Defences
The United Kingdom’s National Cyber Security Centre (NCSC) has cautioned that hacking groups connected to China are responsible for an increasing number of cyberattacks targeting British organisations. Officials say the country has become one of the most capable and…
NDSS 2025 – CHAOS: Exploiting Station Time Synchronization In 802.11 Networks Session 1A: WiFi and Bluetooth Security
Authors, Creators & Presenters: Sirus Shahini (University of Utah), Robert Ricci (University of Utah) PAPER – CHAOS: Exploiting Station Time Synchronization in 802.11 Networks Many locations, especially in urban areas, are quite noisy with WiFi traffic. In addition to data…
Microsoft Teams to Auto-Set Work Location by Detecting the Wi-Fi Network
Microsoft is about to launch a new feature in Teams that will help hybrid workers stay connected. This feature will automatically find and update a user’s work location based on their organization’s Wi-Fi network. Set to roll out in December…
Malicious NuGet Packages Mimic as Popular Nethereum Project to Steal Wallet Keys
A sophisticated supply chain attack has emerged targeting cryptocurrency developers through the NuGet package ecosystem. Cybersecurity researchers have uncovered malicious packages impersonating Nethereum, a widely trusted .NET library for Ethereum blockchain interactions with tens of millions of downloads. The counterfeit…
Building Secure AI Systems: What Enterprises Need to Know — and What’s at Stake
Generative AI and multi-agent autonomous systems are transforming the enterprise IT stack, promising breakthroughs in efficiency, customer experience, and innovation. Yet, without disciplined, secure-by-design strategies embedded from the start, organizations… The post Building Secure AI Systems: What Enterprises Need to…
Hundreds of European Flights Disrupted by Major Ransomware Attack
A major ransomware attack recently caused widespread disruption to airline operations across several key European airports, resulting in hundreds of flight cancellations and delays for passengers. The incident highlights the growing vulnerability of the aviation industry due to its…
Pwn2Own Ireland 2025: The Hacks, The Winners, and The Big Payouts
Hackers earned over $1 million at Pwn2Own Ireland 2025 in Cork, breaching printers, routers, NAS devices, and more as Summoning Team claimed Master of Pwn. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto…
CMMC’s Reality Check for the Defense Industrial Base: What Contractors Must Do Before Enforcement Hits
The Cybersecurity Maturity Model Certification’s (CMMC) reality check has arrived. After years of delays and speculation, enforcement moves from theory to action in November 2025 (next month as of this… The post CMMC’s Reality Check for the Defense Industrial Base:…