Worldcoin, the cryptocurrency firm backed by Sam Altman, is experiencing serious legal challenges on multiple fronts. On May 5, 2025, the Kenyan High Court ruled that Worldcoin violated Data Protection Act 2019 restrictions. According to Justice Aburili Roselyn, the…
NordVPN Introduces £5,000 ID Theft Recovery Coverage for UK Users on Ultimate Plan
NordVPN has launched a new identity theft recovery benefit for its UK subscribers, offering up to £5,000 in reimbursement to help users recover from the financial and emotional toll of identity fraud. This latest addition to its cybersecurity toolkit…
50,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Uncanny Automator WordPress Plugin
On April 26th, 2024, we received a submission for an authenticated PHP Object Injection vulnerability in Uncanny Automator, a WordPress plugin with more than 50,000 active installations. This vulnerability can be leveraged via an existing POP chain present in the…
Government email alert system GovDelivery used to send scam messages
The state of Indiana attributed the scam emails to a compromised contractor’s account. This article has been indexed from Security News | TechCrunch Read the original article: Government email alert system GovDelivery used to send scam messages
Swan Vector APT Hackers Attacking Organizations With Malicious LNK & DLL Implants
A sophisticated cyber espionage campaign dubbed “Swan Vector” has emerged targeting organizations across East Asia, particularly in Taiwan and Japan. The threat actors behind this operation have deployed a multi-stage attack chain utilizing malicious LNK shortcuts and custom DLL implants…
5 Ways Threat Intelligence Helps Against Phishing Attacks
Phishing remains a pervasive cybersecurity threat responsible for over 80% of security incidents, costing businesses billions annually and eroding trust. Threat intelligence real-time, actionable data on cyber threats, actors, and tactics —empowers organizations to stay ahead of these risks. Tools…
Marks & Spencer Confirmed Customer Data Theft in Recent Cyber Attack
British retail giant Marks & Spencer has confirmed that customer personal information was compromised in the recent cyber attack that has crippled its digital operations for over three weeks. The incident, which began during Easter weekend, has resulted in continued…
Researchers Proposed Mythic Framework Agent to Boost Pentesting Tool Performances
Cybersecurity professionals constantly seek more effective penetration testing tools to stay ahead of threat actors and properly assess organizational defenses. A recent innovation in this field comes from security researchers who have developed a specialized agent for the Mythic framework…
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token,…
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. “Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya…
Turkey-Aligned Hackers Targeted Iraq-Based Kurds with Zero-Day Exploit
Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year, according to Microsoft This article has been indexed from www.infosecurity-magazine.com Read the original article: Turkey-Aligned Hackers Targeted Iraq-Based…
Mapping AWS security services to MITRE frameworks for threat detection and mitigation
In the cloud security landscape, organizations benefit from aligning their controls and practices with industry standard frameworks such as MITRE ATT&CK®, MITRE EngageTM, and MITRE D3FENDTM. MITRE frameworks are structured, openly accessible models that document threat actor behaviors to help…
Now ransomware starts infecting Central Processing Units aka CPUs
For years, hackers have been relying on file-encrypting malware that targets storage devices, locking users out of their files and demanding a ransom in cryptocurrency for the decryption key. However, a more sophisticated form of malware has recently emerged, one…
iClicker Website Hacked with Fake CAPTCHA in ClickFix Attack
Popular student engagement platform iClicker’s website was compromised with a ClickFix attack. A fake “I’m not a robot”… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: iClicker Website…
RSAC Conference 2025
Follow SearchSecurity’s RSAC 2025 guide for insightful pre-conference insights and reports on notable presentations and breaking news at the world’s biggest infosec event. This article has been indexed from Search Security Resources and Information from TechTarget Read the original article:…
DPRK-Backed TA406 Targets Ukraine With Malware Campaigns
Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities This article has been indexed from www.infosecurity-magazine.com Read the original article: DPRK-Backed TA406 Targets Ukraine With Malware Campaigns
Cybercrime Syndicate Escalates Global Threat Levels
During a time when global cybersecurity is experiencing rapid evolution, malicious actors are also employing new methods to accomplish their goals. As part of International Anti-Ransomware Day, leading cybersecurity company KnowBe4 is announcing a critical warning about a looming…
An $8.4 Billion Chinese Hub for Crypto Crime Is Incorporated in Colorado
Before a crackdown by Telegram, Xinbi Guarantee grew into one of the internet’s biggest markets for Chinese-speaking crypto scammers and money laundering. And all registered to a US address. This article has been indexed from Security Latest Read the original…
Zoom Workplace Apps Vulnerabilities Let Attackers Escalate Privileges
Zoom Video Communications disclosed multiple vulnerabilities affecting its Workplace Apps across various platforms, including Windows, macOS, Linux, iOS, and Android. These vulnerabilities pose significant risks such as privilege escalation, denial-of-service (DoS), and remote code execution, potentially allowing attackers to compromise…
Apache Superset Vulnerability Let Attackers Takeover Resource Ownership
Apache Superset, the popular open-source data visualization and business intelligence platform, has been found to have a significant security vulnerability. The vulnerability, CVE-2025-27696, allows authenticated users with read permissions to take over ownership of dashboards, charts, and datasets through improper…
Hackers Weaponize KeePass Password Manager to Deliver Malware & Steal Passwords
In a concerning development for cybersecurity professionals and everyday users alike, sophisticated threat actors have begun targeting KeePass, one of the most popular open-source password managers, to distribute malware and exfiltrate sensitive credentials. The campaign, which appears to have begun…
VMware Aria XSS Vulnerability Let Attackers Steal Access Token of Logged in User
Broadcom has released an urgent security advisory for a high-severity DOM-based Cross-Site Scripting (XSS) vulnerability affecting VMware Aria automation products. The vulnerability, tracked as CVE-2025-22249, could allow attackers to steal access tokens from logged-in users, potentially leading to unauthorized system…
Scattered Spider Attacking UK Retail Organizations in Supply Chain Attack
A sophisticated threat actor group known as Scattered Spider has expanded its targeting to UK retail organizations, leveraging advanced supply chain attack methodologies to compromise high-value targets. The financially motivated group, operating since May 2022, has evolved from primarily targeting…
Top 5 Cybersecurity Automation Tools Transforming Risk Management
The expanding attack surface and growing regulatory requirements have created an unsustainable workload for cybersecurity teams relying on manual processes. Organizations now recognize that automation isn’t just a convenience—it’s a strategic necessity for effective risk management. This article examines five…