The company has updated the program’s scope and has combined the rewards for abuse and security issues into a single table. The post Google Offers Up to $20,000 in New AI Bug Bounty Program appeared first on SecurityWeek. This article…
Salesforce Refuses to Pay Ransom to Data-Stealing Hackers
Salesforce is refusing a demand by the hackers behind that widespread data-stealing attacks on its customers, which threatened to release massive amounts of the data unless the SaaS vendor negotiated a ransom payment. In an email, Salesforce reportedly told customers…
Trinity of Chaos Leaks Data from 39 Companies — Google, Cisco Among Targets
A newly formed ransomware collective calling itself the Trinity of Chaos has published a data leak site (DLS) on the TOR network exposing the stolen records of 39 prominent corporations, including Google Adsense, CISCO, Toyota, FedEx and Disney/Hulu. The alliance…
Miggo Security Named a Gartner® Cool Vendor in AI Security
Tel Aviv, Israel, 8th October 2025, CyberNewsWire This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Miggo Security Named a Gartner® Cool Vendor in AI Security
North Korean hackers stole over $2 billion in cryptocurrency this year
North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, according to blockchain analytics firm Elliptic, and the year isn’t over yet. Though this year’s record losses are driven largely by the February attack on cryptocurrency exchange…
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming…
Step Into the Password Graveyard… If You Dare (and Join the Live Session)
Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and…
Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue
According to TransUnion, digital fraud has cost companies $534bn in losses globally with US business hit hardest This article has been indexed from www.infosecurity-magazine.com Read the original article: Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue
OpenAI Finds Growing Exploitation of AI Tools by Foreign Threat Groups
OpenAI’s new report warns hackers are combining multiple AI tools for cyberattacks, scams, and influence ops linked to China, Russia, and North Korea. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read…
PoC Exploit Released for Critical Vulnerabilities in Lua Engine
A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5. Security researchers discovered that attackers can trigger remote code execution and privilege escalation by abusing flaws in the Lua parser,…
AWS Client VPN for macOS Hit by Critical Privilege Escalation Vulnerability
Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation.…
OpenAI Banned ChatGPT Accounts Used by Chinese and North Korean Hackers to Develop Malware
OpenAI announced it has banned a series of ChatGPT accounts linked to Chinese state-affiliated hacking groups that used the AI models to refine malware and create phishing content. The October 2025 report details the disruption of several malicious networks as…
PoC Exploit Released for Critical Lua Engine Vulnerabilities
Three newly disclosed vulnerabilities have been identified in the Lua scripting engine of Redis 7.4.5, each presenting severe risks of remote code execution and privilege escalation. Redrays has released a detailed proof-of-concept (PoC) to exploit these vulnerabilities, which is now…
North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025
The hackers are believed to have stolen over $6 billion for the Pyongyang regime, financing its military programs. The post North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025 appeared first on SecurityWeek. This article has been indexed…
IT Security News Hourly Summary 2025-10-08 12h : 10 posts
10 posts were published in the last hour 10:2 : What to do when you click on a suspicious link 10:2 : APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group 10:2 : Hackers Weaponizing WordPress Websites…
Shuyal Stealer Malware Exploits 19 Browsers to Steal Logins
Shuyal Stealer is a recently uncovered infostealer that pushes the boundaries of traditional browser-targeted malware. Unlike most variants that zero in on popular platforms like Chrome and Edge, Shuyal dramatically widens its scope by targeting 19 different browsers, making it…
ASCII Smuggling Attack in Gemini Tricks AI Agents into Revealing Smuggled Data
Enterprise AI assistants face a hidden menace when invisible control characters are used to smuggle malicious instructions into prompts. In September 2025, FireTail researcher Viktor Markopoulos tested several large language models (LLMs) for susceptibility to the long-standing ASCII Smuggling technique. His…
The ClickFix Factory: First Exposure of IUAM ClickFix Generator
Unit 42 discovers ClickFix phishing kits, commoditizing social engineering. This kit presents a lowered barrier for inexperienced cybercriminals. The post The ClickFix Factory: First Exposure of IUAM ClickFix Generator appeared first on Unit 42. This article has been indexed from…
77% of Employees Share Company Secrets on ChatGPT Compromising Enterprise Policies
In an era where AI and SaaS applications underpin daily workflows, organizations face an unprecedented challenge: the invisible exfiltration of sensitive information. Traditional, file-based data loss prevention (DLP) measures were designed for attachments and downloads, but today’s risk landscape extends…
Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution
Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via use-after-free. Attackers need authenticated access to exploit it. Redis disclosed a critical RCE bug, tracked as CVE-2025-49844 (also known as “RediShell”, with a CVSS score of 10.0), where a…
Radiflow Unveils New OT Security Platform
Radiflow360 provides enhanced visibility, risk management, and incident response capabilities for mid-sized industrial enterprises. The post Radiflow Unveils New OT Security Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Radiflow Unveils New…
Cyber-Attack Contributes to Huge Sales Drop at JLR
Jaguar Land Rover has reported a 25% drop in volume sales in the three months up to September 30, largely due to the impact of the ongoing cyber incident This article has been indexed from www.infosecurity-magazine.com Read the original article:…
What to do when you click on a suspicious link
As the go-to cybersecurity expert for your friends and family, you’ll want to be ready for those “I clicked a suspicious link — now what?” messages. Share this quick guide to help them know exactly what to do next. This…
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked…