A critical Apache StreamPipes vulnerability lets users hijack admin accounts via broken authentication. The post Apache StreamPipes Flaw Lets Anyone Become Admin appeared first on TechRepublic. This article has been indexed from Security Archives – TechRepublic Read the original article:…
Tag: EN
Malicious Jackson Lookalike Library Slips Into Maven Central
A malicious Jackson lookalike library was used to distribute Cobalt Strike malware through Maven Central. The post Malicious Jackson Lookalike Library Slips Into Maven Central appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
Communicating AI Risk to the Board With Confidence | Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post Communicating AI Risk to the Board With Confidence | Kovrr appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original…
Two US Banks Disclose Customer Data Exposure Linked to Marquis Software Ransomware Attack
Two American banks have issued public warnings to customers after being affected by a ransomware incident that occurred in August at a widely used financial software provider. Artisans’ Bank and VeraBank notified regulators in Maine last week that recent…
Advanced Rootkit Used to Conceal ToneShell Malware in Targeted Cyberespionage Attacks
Cybersecurity researchers have brought to light a new wave of cyberespionage activity in which government networks across parts of Asia were quietly compromised using an upgraded version of the ToneShell backdoor. What sets this campaign apart is the method…
Self-Propagating GlassWorm Weaponizing VS Code Extensions to Attack macOS Users
A new wave of GlassWorm malware has emerged, marking a significant shift in targeting strategy from Windows to macOS systems. This self-propagating worm, distributed through malicious VS Code extensions on the Open VSX marketplace, has already accumulated over 50,000 downloads.…
Malicious Manipulation of LLMs for Scalable Vulnerability Exploitation
A groundbreaking study from researchers at the University of Luxembourg reveals a critical security paradigm shift: large language models (LLMs) are being weaponized to automatically generate functional exploits from public vulnerability disclosures, effectively transforming novice attackers into capable threat actors.…
DarkSpectre Malware Campaign Hits Chrome, Edge, and Firefox Users
A sophisticated Chinese threat actor dubbed DarkSpectre has compromised 8.8 million users across Chrome, Edge, and Firefox through three distinct malware campaigns that have operated undetected for over seven years, researchers revealed today. The operation represents one of the most…
NeuroSploit v2 Launches as AI-Powered Penetration Testing Framework
NeuroSploit v2 is an advanced AI-powered penetration testing framework designed to automate and enhance offensive security operations. Leveraging cutting-edge large language model (LLM) technology, the framework brings automation to vulnerability assessment, threat simulation, and security analysis workflows. NeuroSploit v2 represents…
New Cybercrime Tool “ErrTraffic” Enables Automated ClickFix Attacks
The cybercriminal underground has entered a new phase of industrialization. Hudson Rock researchers have uncovered ErrTraffic v2, a sophisticated ClickFix-as-a-Service platform that commoditizes deceptive social engineering at an unprecedented scale. Priced at just $800 and advertised on top-tier Russian cybercrime…
GlassWorm Malware Turns VS Code Extensions into an Attack Vector Against macOS
GlassWorm has returned with a dangerous new evolution. The notorious self-propagating malware, which first surfaced in October as an invisible Unicode-based threat in VS Code extensions, has completed a significant platform pivot to macOS with 50,000 downloads and a fully…
Security and Governance Patterns for Your Conversational AI
How many times have we heard people talk about the “dream of a SOC copilot?” A copilot woåuld allow an analyst to type something like, “Show me all the SSH login attempts for 10.0.0.5 over the last hour and compare…
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million…
Everest Ransomware Leaks 1TB of Stolen ASUS Data
On December 2, 2025, Hackread.com exclusively reported that the Everest ransomware group claimed to have stolen 1TB of… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: Everest Ransomware Leaks…
ESA disclosed a data breach, hackers breached external servers
ESA confirmed a data breach after a hacker offered to sell stolen data, confirming that external science servers were compromised. The European Space Agency (ESA) disclosed a data breach after a threat actor offered to sell data allegedly stolen from…
European Space Agency hit again as cybercrims claim 200 GB data up for sale
As in past incidents, ESA says the impact was limited to external systems The European Space Agency has suffered yet another security incident and, in keeping with past practice, says the impact is limited. Meanwhile, miscreants boast that they’ve made…
Avoid BigQuery SQL Injection in Go With saferbq
You can build dynamic queries in BigQuery using the Go SDK. When building applications that allow users to select tables or datasets dynamically, you need to include those identifiers in your SQL queries. I was surprised to find that the…
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed…
CVE-2025-14847: All You Need to Know About MongoBleed
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: CVE-2025-14847: All You Need to Know About MongoBleed
DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware
Researchers have uncovered DarkSpectre, a well-funded Chinese threat actor responsible for infecting over 8.8 million users across Chrome, Edge, and Firefox browsers through a series of highly coordinated malware campaigns spanning seven years. The discovery reveals a level of operational…