Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting users with malware by using the increasingly popular ClickFix social engineering technique. “This tool allows threat actors to…
Nezha Tool Used in New Cyber Campaign Targeting Web Applications
A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT This article has been indexed from www.infosecurity-magazine.com Read the original article: Nezha Tool Used in New Cyber Campaign Targeting Web Applications
Salesforce Refuses To Pay Ransom
Salesforce has officially stated it won’t negotiate with or pay a ransom to the threat actors responsible for a widespread data theft campaign The post Salesforce Refuses To Pay Ransom first appeared on CyberMaterial. This article has been indexed from…
Microsoft Ties Storm 1175 To Medusa
A cybercriminal group that Microsoft tracks as Storm-1175 has been exploiting a severe vulnerability in the Fortra GoAnywhere software to deploy Medusa ransomware The post Microsoft Ties Storm 1175 To Medusa first appeared on CyberMaterial. This article has been indexed…
Redis Use After Free Bug Enables RCE
A severe security flaw has been found in Redis servers that could allow an attacker to take full control of a system. This vulnerability, tracked as CVE-2025-49844 The post Redis Use After Free Bug Enables RCE first appeared on CyberMaterial.…
Google Chrome RCE Flaw Details Leak
Researchers have published the full technical details and exploit code for a critical remote code execution (RCE) vulnerability in Google Chrome’s V8 JavaScript engine. The post Google Chrome RCE Flaw Details Leak first appeared on CyberMaterial. This article has been…
DraftKings Warns Of Account Breaches
Sports betting giant DraftKings, a company providing sportsbook and daily fantasy sports services, recently notified a small number of customers The post DraftKings Warns Of Account Breaches first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read the…
Nagios Vulnerability Allows Users to Retrieve Cleartext Administrative API Keys
Security researchers have identified two significant vulnerabilities in Nagios Log Server that expose critical system information and allow unauthorized service manipulation. The vulnerabilities, tracked as CVE-2025-44823 and CVE-2025-44824, affect versions prior to 2024R1.3.2 and pose serious risks to enterprise monitoring…
Google Offers Up to $20,000 in New AI Bug Bounty Program
The company has updated the program’s scope and has combined the rewards for abuse and security issues into a single table. The post Google Offers Up to $20,000 in New AI Bug Bounty Program appeared first on SecurityWeek. This article…
Salesforce Refuses to Pay Ransom to Data-Stealing Hackers
Salesforce is refusing a demand by the hackers behind that widespread data-stealing attacks on its customers, which threatened to release massive amounts of the data unless the SaaS vendor negotiated a ransom payment. In an email, Salesforce reportedly told customers…
Trinity of Chaos Leaks Data from 39 Companies — Google, Cisco Among Targets
A newly formed ransomware collective calling itself the Trinity of Chaos has published a data leak site (DLS) on the TOR network exposing the stolen records of 39 prominent corporations, including Google Adsense, CISCO, Toyota, FedEx and Disney/Hulu. The alliance…
Miggo Security Named a Gartner® Cool Vendor in AI Security
Tel Aviv, Israel, 8th October 2025, CyberNewsWire This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Miggo Security Named a Gartner® Cool Vendor in AI Security
North Korean hackers stole over $2 billion in cryptocurrency this year
North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, according to blockchain analytics firm Elliptic, and the year isn’t over yet. Though this year’s record losses are driven largely by the February attack on cryptocurrency exchange…
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming…
Step Into the Password Graveyard… If You Dare (and Join the Live Session)
Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and…
Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue
According to TransUnion, digital fraud has cost companies $534bn in losses globally with US business hit hardest This article has been indexed from www.infosecurity-magazine.com Read the original article: Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue
OpenAI Finds Growing Exploitation of AI Tools by Foreign Threat Groups
OpenAI’s new report warns hackers are combining multiple AI tools for cyberattacks, scams, and influence ops linked to China, Russia, and North Korea. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read…
PoC Exploit Released for Critical Vulnerabilities in Lua Engine
A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5. Security researchers discovered that attackers can trigger remote code execution and privilege escalation by abusing flaws in the Lua parser,…
AWS Client VPN for macOS Hit by Critical Privilege Escalation Vulnerability
Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation.…
OpenAI Banned ChatGPT Accounts Used by Chinese and North Korean Hackers to Develop Malware
OpenAI announced it has banned a series of ChatGPT accounts linked to Chinese state-affiliated hacking groups that used the AI models to refine malware and create phishing content. The October 2025 report details the disruption of several malicious networks as…
PoC Exploit Released for Critical Lua Engine Vulnerabilities
Three newly disclosed vulnerabilities have been identified in the Lua scripting engine of Redis 7.4.5, each presenting severe risks of remote code execution and privilege escalation. Redrays has released a detailed proof-of-concept (PoC) to exploit these vulnerabilities, which is now…
North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025
The hackers are believed to have stolen over $6 billion for the Pyongyang regime, financing its military programs. The post North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025 appeared first on SecurityWeek. This article has been indexed…
IT Security News Hourly Summary 2025-10-08 12h : 10 posts
10 posts were published in the last hour 10:2 : What to do when you click on a suspicious link 10:2 : APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group 10:2 : Hackers Weaponizing WordPress Websites…
Shuyal Stealer Malware Exploits 19 Browsers to Steal Logins
Shuyal Stealer is a recently uncovered infostealer that pushes the boundaries of traditional browser-targeted malware. Unlike most variants that zero in on popular platforms like Chrome and Edge, Shuyal dramatically widens its scope by targeting 19 different browsers, making it…