Qantas reports a cyberattack after hackers accessed customer data via a third-party platform, amid ongoing Scattered Spider aviation breaches. Qantas, Australia’s largest airline, disclosed a cyberattack after hackers accessed a third-party platform used by a call centre, stealing significant customer…
Kelly Benefits Data Breach Impacts 550,000 People
As Kelly Benefits’s investigation into a recent data breach progressed, the number of impacted individuals continued to grow. The post Kelly Benefits Data Breach Impacts 550,000 People appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Report Finds LLMs Are Prone to Be Exploited by Phishing Campaigns
A report published this week by Netcraft, a provider of a platform for combating phishing attacks, finds that large language models (LLMs) might not be a reliable source when it comes to identifying where to log in to various websites.…
Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. “A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying…
That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat
With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting…
Verizon and T-Mobile Deny Data Breaches as Millions of User Records Sold Online
User claims to sell stolen Verizon and T-Mobile data for 116 million users online Verizon says data is old T-Mobile denies any breach and links to it. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech,…
International Criminal Court Hacked via Sophisticated Cyber Campaign
The International Criminal Court (ICC), the global tribunal responsible for prosecuting serious international crimes, has been targeted by a sophisticated and highly focused cyberattack late last week. The Court confirmed that the incident, which marks the second such breach in…
Ubuntu Disables Spectre/Meltdown Protections
A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted…
Qantas data breach could affect 6 million customers
Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform,” the Australian airline announced today, but said…
Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign
The French cybersecurity agency identified Houken, a new Chinese intrusion campaign targeting various industries in France This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign
DCRat Targets Windows Systems for Remote Control, Keylogging, Screen Capture, and Data Theft
A sophisticated email-based attack distributing a Remote Access Trojan (RAT) known as DCRat has been recently identified by the FortiMail IR team, specifically targeting organizations in Colombia. The campaign, impersonating a Colombian government entity, leverages advanced evasion techniques to compromise…
CISA Issues Alert on TeleMessage TM SGNL Flaws Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert after adding two newly discovered vulnerabilities in the TeleMessage TM SGNL messaging platform to its Known Exploited Vulnerabilities (KEV) Catalog. These flaws CVE-2025-48927 and CVE-2025-48928, are confirmed…
Infinity Global Services’ Pen Testing Achieves CREST-Accreditation
With today’s unpredictable cyber threat landscape, proactive security measures are crucial. Infinity Global Services (IGS) offers penetration testing (PT), a vital service that uncovers vulnerabilities before exploitation. Delivered by a team of seasoned experts, IGS’s penetration testing service has now…
Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover
A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. The post Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
API Sprawl Can Trip Up Your Security, Big Time
The future of API security is not just about better firewalls — it is about smarter governance, automation and visibility at scale. The post API Sprawl Can Trip Up Your Security, Big Time appeared first on Security Boulevard. This article…
PDFs: Portable documents, or perfect deliveries for phish?
A popular social engineering technique returns: callback phishing, or TOAD attacks, which leverage PDFs, VoIP anonymity and even QR code tricks. This article has been indexed from Cisco Talos Blog Read the original article: PDFs: Portable documents, or perfect deliveries…
Windows Shortcut (LNK) Malware Strategies
Our telemetry shows a surge in Windows shortcut (LNK) malware use. We explain how attackers exploit LNK files for malware delivery. The post Windows Shortcut (LNK) Malware Strategies appeared first on Unit 42. This article has been indexed from Unit…
Bots Now Account for 30% of Global Web Traffic, Surpassing Human Activity in Some Regions
The Internet, once dominated by human interaction, is undergoing a seismic shift as bots now constitute approximately 30% of global web traffic, according to recent Cloudflare Radar data. In certain regions, automated traffic even outpaces human activity, signaling a transformative…
Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks
Experts say they don’t expect the MOVEit menace to do much about it Security experts have uncovered a hole in Cl0p’s data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack.… This article has been indexed from…
U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across…
US Treasury Sanctions Russian Bulletproof Hosting Service Aeza Group
The Treasury said that Aeza Group has provided infrastructure services for notorious infostealer and ransomware operators This article has been indexed from www.infosecurity-magazine.com Read the original article: US Treasury Sanctions Russian Bulletproof Hosting Service Aeza Group
Inside the Mind of the Ethical Hacker: Training Beyond Tools
There’s no shortage of flashy tools in cybersecurity. Exploit frameworks, fuzzers, red teaming kits—they’re part of the game. But strip it all down and the most dangerous thing in any digital environment isn’t a tool. It’s a person who knows…
Baidu, Huawei Push Open-Source Shift With More AI Models
Baidu and Huawei, two of China’s biggest tech companies, release AI models as open source amidst rising competition This article has been indexed from Silicon UK Read the original article: Baidu, Huawei Push Open-Source Shift With More AI Models
Data-Labelling Firm Surge AI ‘Seeks $1bn’ In Funding Round
Surge AI seeks $1bn or more in first funding round, after competitor Scale AI attracts $14bn investment from Meta This article has been indexed from Silicon UK Read the original article: Data-Labelling Firm Surge AI ‘Seeks $1bn’ In Funding Round
CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025
Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit exists in the wild. Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit is available in the…
Your Agentic AI Governance Checklist: 7 Non-Negotiables to Fix Governance Blind Spots
When you design agentic AI with governance at the core, you stay ahead of risk and avoid reactive fire drills. The post Your Agentic AI Governance Checklist: 7 Non-Negotiables to Fix Governance Blind Spots appeared first on Security Boulevard. This…
Dozens of Corporates Caught in Kelly Benefits Data Breach
Benefits admin specialist Kelly Benefits has revealed a breach impacting over 500,000 individuals across 45 client organizations This article has been indexed from www.infosecurity-magazine.com Read the original article: Dozens of Corporates Caught in Kelly Benefits Data Breach