A surge in cyberattacks leveraging email input fields as a gateway to exploit a wide range of vulnerabilities, including Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and email header injection. Email input fields are ubiquitous in modern web applications, used…
North Korean Hacker Tries to Breach Kraken Platform by Submitting Job Application
Cryptocurrency exchange Kraken recently uncovered a sophisticated infiltration attempt by a North Korean hacker who applied for an engineering position at the company. Instead of immediately rejecting the suspicious application, Kraken’s security team strategically advanced the candidate through multiple interview…
Critical Commvault Vulnerability in Attacker Crosshairs
CISA has flagged a critical-severity Commvault vulnerability as exploited one week after technical details were released. The post Critical Commvault Vulnerability in Attacker Crosshairs appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Critical…
California Man Will Plead Guilty to Last Year’s Disney Hack
A 25-year-old California man will plead guilty to hacking into a Disney’s personal computer and using stolen credentials to break into thousands of Disney Slack channels. Ryan Mitchell Kramer, who claimed to be a member of the Russian group NullBulge,…
UK retailers under cyber attack: Co-op member data compromised
UK-based retailers Marks & Spencer, Co-op, and Harrods have been targeted by cyber attackers in the last few weeks. Whether the attacks have been mounted by the same group is difficult to say for sure: the victimized businesses are sharing…
Perfection is a Myth. Leverage Isn’t: How Small Teams Can Secure Their Google Workspace
Let’s be honest: if you’re one of the first (or the first) security hires at a small or midsize business, chances are you’re also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You’re not running…
⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors
What if attackers aren’t breaking in—they’re already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we…
Germany Most Targeted Country in Q1 2025 DDoS Attacks
Cloudflare’s Q1 2025 DDoS Threat Report: DDoS attacks surged 358% YoY to 20.5M. Germany hit hardest; gaming and… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Germany Most…
Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access
Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro Dual-Band Gigabit Wi-Fi 6 Router (Firmware V16.03.30.14), which could allow remote attackers to gain administrative access and, in many cases, full root shell on the device.…
Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks
MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. Recorded Future researchers observed MintsLoader delivering payloads like GhostWeaver via obfuscated scripts, evading detection with sandbox/VM checks, and uses DGA and HTTP…
Man Admits Hacking Disney and Leaking Data Disguised as Hacktivist
A 25-year-old has admitted hacking Disney systems and leaking data under the guise of a hacktivist collective named NullBulge. The post Man Admits Hacking Disney and Leaking Data Disguised as Hacktivist appeared first on SecurityWeek. This article has been indexed…
New LUMMAC.V2 Stealer Using ClickFix Technique to Trick Users in Execute Malicious Commands
Cybersecurity experts have identified a sophisticated evolution of the LUMMAC credential stealer, now rewritten from C to C++ and operating with enhanced capabilities. This new variant, designated LUMMAC.V2, has been observed targeting a wide range of applications including browsers, cryptocurrency…
Hackers Selling SS7 0-Day Vulnerability on Hacker Froums for $5000
A sophisticated SS7 protocol vulnerability that enables unauthorized SMS interception and real-time phone tracking is now being offered for sale on underground forums, raising serious concerns about mobile network security worldwide. The exploit, priced at $5,000, provides buyers with comprehensive…
IT Security News Hourly Summary 2025-05-05 12h : 5 posts
5 posts were published in the last hour 10:2 : TeleMessage, a modified Signal clone used by US govt. officials, has been hacked 10:2 : NIS2 Compliance Checklist 10:2 : PoC Published for Exploited SonicWall Vulnerabilities 10:2 : TikTok Fined…
Ransomware Group Claims Attacks on UK Retailers
The DragonForce ransomware group has claimed responsibility for the recent cyberattacks on UK retailers Co-op, Harrods, and M&S. The post Ransomware Group Claims Attacks on UK Retailers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
The Ultimate ISO 27001 Checklist: Step-by-Step Guide to Simplify Your Compliance Journey
Navigating the path to ISO 27001 certification resembles assembling IKEA flat-pack furniture. Each piece is essential, but the sparse instructions can leave you scratching your head. Sure, both ISO and IKEA have Scandinavian roots, but when it comes to security…
US Asks Judge To Break Up Google Ad Tech Business
More regulatory headaches for Sundar Pichai, as US DoJ asks judge to also breakup Google’s ad tech business This article has been indexed from Silicon UK Read the original article: US Asks Judge To Break Up Google Ad Tech Business
Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US
The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm. This article has been indexed from Security Latest Read the…
New Luna Moth Domains Attacking Users Via Weaponized Helpdesk Domains
Recently identified Luna Moth phishing operations reveal a sophisticated campaign targeting legal and financial institutions through expertly crafted typosquatted domains. Security researchers from EclecticIQ, supported by additional findings from Silent Push, have uncovered a methodical approach to domain registration that…
TeleMessage, a modified Signal clone used by US govt. officials, has been hacked
A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool,…
NIS2 Compliance Checklist
The post NIS2 Compliance Checklist appeared first on Heimdal Security Blog. This article has been indexed from Heimdal Security Blog Read the original article: NIS2 Compliance Checklist
PoC Published for Exploited SonicWall Vulnerabilities
PoC code targeting two exploited SonicWall flaws was published just CISA added them to the KEV catalog. The post PoC Published for Exploited SonicWall Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
TikTok Fined €530m Over Transfers of European User Data to China
Ireland’s data protection watchdog accuses the Chinese social media giant of violating GDPR with transfers of European users’ data to China This article has been indexed from www.infosecurity-magazine.com Read the original article: TikTok Fined €530m Over Transfers of European User…
Hackers Exploit Email Fields to Launch XSS and SSRF Attacks
Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site scripting (XSS) and server-side request forgery (SSRF) attacks. These vulnerabilities, often overlooked in web applications, allow attackers to bypass security controls, steal data, and compromise servers. Email input fields…
Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims
A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed a surge in malicious activity tied to the Luna Moth hacking group. The actors are now leveraging fake helpdesk-themed domains to impersonate legitimate businesses and steal sensitive data.…
Getting Email Security Right
Let’s face it: your inbox is a warzone. Email security is a constant battle between evolving threats and the defenses designed to stop them. Every day, attackers bombard user inboxes with increasingly sophisticated phishing attempts, malware, and social engineering attacks.…
Strengthening Cybersecurity Incident Response Part 2: From Detection to Recovery
Cyber incidents are always going to be present. Regardless of whether you’re working for a startup or a corporation, malicious software can target you and your business. This is why it’s important to work closely with cybersecurity incident response teams…