Global payment processing firm Checkout, which operates checkout.com, recently disclosed a data breach orchestrated by the notorious cybercrime group The post Checkoutcom Rejects Hackers After Breach first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read the original…
EchoGram Flaw Bypasses Guardrails in Major LLMs
HiddenLayer reveals the EchoGram vulnerability, which bypasses safety guardrails on GPT-5.1 and other major LLMs, giving security teams just a 3-month head start. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More…
Iran-Linked SpearSpecter Campaign Leveraging Personalized Social Engineering Against High-Value Officials
Iranian threat actors aligned with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) are conducting a sophisticated espionage campaign tracked as SpearSpecter, systematically targeting high-value senior defense and government officials through personalized social engineering tactics. The threat group, operating under…
Critical RCE Flaws in AI Inference Engines Expose Meta, Nvidia, and Microsoft Frameworks
Security researchers at Oligo Security have uncovered a series of critical Remote Code Execution vulnerabilities affecting widely deployed AI inference servers from major technology companies. The flaws affect frameworks developed by Meta, NVIDIA, Microsoft, and open-source projects such as vLLM,…
IBM AIX Flaw Allows Remote Attackers to Run Arbitrary Commands
IBM has released critical security updates addressing four severe vulnerabilities in AIX and VIOS systems that could allow remote attackers to execute arbitrary commands, steal credentials, and traverse system directories. The vulnerabilities affect multiple AIX versions and require immediate patching.…
EVALUATION Campaign Using ClickFix Technique to Deploy Amatera Stealer and NetSupport RAT
eSentire’s Threat Response Unit (TRU) has uncovered a sophisticated malware campaign leveraging the ClickFix social engineering technique to distribute Amatera Stealer and NetSupport RAT, targeting cryptocurrency wallets, password managers, and sensitive credentials across multiple platforms. In November 2025, security researchers…
Surveillance tech provider Protei was hacked, its data stolen and its website defaced
The defacement of Protei’s website said “another DPI/SORM provider bites the dust,” apparently referring to the company selling its web intercept and surveillance products to phone and internet providers. This article has been indexed from Security News | TechCrunch Read…
Tech Park Operation in Bengaluru Uncovered in Cross-Border Malware Sca
The Bengaluru police have made a major breakthrough in their fight against a far-reaching cybercrime syndicate that was operating inside one of the city’s bustling technology parks by uncovering and dismantling an alleged tech-support fraud operation that was operating…
Investment Scams Surge Across the US as Fraudsters Exploit Social Media, Texts, and Crypto Boom
If you’ve ever received a random “Hi, how are you?” message from a stranger on text or social media, it may not be an accident. While sometimes harmless, these unexpected greetings are increasingly being used by cybercriminals attempting to…
Tesla’s Humanoid Bet: Musk Pins Future on Optimus Robot
Elon Musk envisions human-shaped robots, particularly the Optimus humanoid, as a pivotal element in Tesla’s future AI and robotics landscape, aiming to revolutionize both industry and daily life. Musk perceives these robots not merely as automated tools but as…
5 Reasons Why Attackers Are Phishing Over LinkedIn
Phishing attacks are no longer confined to the email inbox, with 1 in 3 phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps. LinkedIn in particular has become a hotbed for phishing attacks,…
⚡ Weekly Recap: Fortinet Exploited, China’s AI Hacks, PhaaS Empire Falls & More
This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting…
Eurofiber admits crooks swiped data from French unit after cyberattack
Regulator reports suggest telco was extorted, but company remains coy as to whether it paid French telco Eurofiber says cybercriminals swiped company data during an attack last week that also affected some internal systems.… This article has been indexed from…
5 Plead Guilty in US to Helping North Korean IT Workers
Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, Erick Ntekereze, and Oleksandr Didenko have pleaded guilty. The post 5 Plead Guilty in US to Helping North Korean IT Workers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
DoorDash Says Personal Information Stolen in Data Breach
Names, addresses, email addresses, and phone numbers were compromised after an employee fell for a social engineering attack. The post DoorDash Says Personal Information Stolen in Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
The internet isn’t free: Shutdowns, surveillance and algorithmic risks
Global internet freedom has declined for the 15th straight year, according to the latest Freedom House report. Out of 72 countries evaluated, 28 recorded declines and 17 saw improvements. Shutdowns hit high-stakes zones The report documents large-scale infrastructure used to…
Five men admit helping North Korean IT workers infiltrate US companies
US federal prosecutors have secured guilty pleas from five men who helped North Korean IT workers get hired by companies in the United States. This group of domestic facilitators helped a sanctioned government move money, slip past hiring checks, and…
Researchers Detailed Techniques to Detect Outlook NotDoor Backdoor Malware
Outlook NotDoor backdoor malware first appeared in threat campaigns identified by Lab52, the intelligence arm of Spanish firm S2 Grupo. Linked to APT28/Fancy Bear, NotDoor leverages malicious Outlook macros for persistent access and data theft. Attackers embed these macro payloads…
New MobileGestalt Exploit for iOS 26.0.1 Enables Unauthorized Writes to Protected Data
A sandbox escape vulnerability affecting iPhones and iPads running iOS 16.2 beta 1 or earlier versions. The proof-of-concept (POC) exploits weaknesses in the itunesstored and bookassetd daemons, enabling attackers to modify sensitive files on the device’s Data partition areas typically…
Iranian SpearSpecter Attacking High-Value Officials Using Personalized Social Engineering Tactics
A dangerous espionage campaign is targeting senior government and defense officials worldwide. Iranian hackers are using fake conference invitations and meeting requests to trick victims. The attackers spend weeks building trust before striking. They reach out through WhatsApp to make…
UK prosecutors seize £4.11M in crypto from Twitter mega-hack culprit
Civil recovery order targets PlugwalkJoe’s illicit gains while he serves US sentence British prosecutors have secured a civil recovery order to seize crypto assets worth £4.11 million ($5.39 million) from Twitter hacker Joseph James O’Connor, clawing back the proceeds of…
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The campaign, which is primarily aimed at Chinese-speaking users,…
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to…
Widespread Exploitation of XWiki Vulnerability Observed
The exploitation of the recent XWiki vulnerability has expanded to botnets, cryptocurrency miners, scanners, and custom tools. The post Widespread Exploitation of XWiki Vulnerability Observed appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…