The cybercriminal underground has entered a new phase of industrialization. Hudson Rock researchers have uncovered ErrTraffic v2, a sophisticated ClickFix-as-a-Service platform that commoditizes deceptive social engineering at an unprecedented scale. Priced at just $800 and advertised on top-tier Russian cybercrime…
Tag: EN
GlassWorm Malware Turns VS Code Extensions into an Attack Vector Against macOS
GlassWorm has returned with a dangerous new evolution. The notorious self-propagating malware, which first surfaced in October as an invisible Unicode-based threat in VS Code extensions, has completed a significant platform pivot to macOS with 50,000 downloads and a fully…
Security and Governance Patterns for Your Conversational AI
How many times have we heard people talk about the “dream of a SOC copilot?” A copilot woåuld allow an analyst to type something like, “Show me all the SSH login attempts for 10.0.0.5 over the last hour and compare…
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million…
Everest Ransomware Leaks 1TB of Stolen ASUS Data
On December 2, 2025, Hackread.com exclusively reported that the Everest ransomware group claimed to have stolen 1TB of… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: Everest Ransomware Leaks…
ESA disclosed a data breach, hackers breached external servers
ESA confirmed a data breach after a hacker offered to sell stolen data, confirming that external science servers were compromised. The European Space Agency (ESA) disclosed a data breach after a threat actor offered to sell data allegedly stolen from…
European Space Agency hit again as cybercrims claim 200 GB data up for sale
As in past incidents, ESA says the impact was limited to external systems The European Space Agency has suffered yet another security incident and, in keeping with past practice, says the impact is limited. Meanwhile, miscreants boast that they’ve made…
Avoid BigQuery SQL Injection in Go With saferbq
You can build dynamic queries in BigQuery using the Go SDK. When building applications that allow users to select tables or datasets dynamically, you need to include those identifiers in your SQL queries. I was surprised to find that the…
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed…
CVE-2025-14847: All You Need to Know About MongoBleed
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: CVE-2025-14847: All You Need to Know About MongoBleed
DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware
Researchers have uncovered DarkSpectre, a well-funded Chinese threat actor responsible for infecting over 8.8 million users across Chrome, Edge, and Firefox browsers through a series of highly coordinated malware campaigns spanning seven years. The discovery reveals a level of operational…
New Cybercrime Tool ErrTraffic Let Attackers Automate ClickFix Attacks
A dangerous cybercrime tool known as ErrTraffic has appeared in underground forums, making it easier for attackers to trick users into running harmful software on their devices. The tool automates what security experts call ClickFix attacks, where fake error messages…
Best of 2025: News alert: SquareX research finds browser AI agents are proving riskier than human employees
Palo Alto, Calif., Jun. 30, 2025, CyberNewswire–Every security practitioner knows that employees are the weakest link in an organization, but this is no longer the case. SquareX’s research reveals that Browser AI Agents are more likely to fall prey to…
Holiday Scams Surge: How to Protect Yourself This Season
Scammers intensify their efforts during the holiday season, exploiting the rush, stress, and increased spending that characterize this time of year. The Federal Bureau of Investigation warns that fraud schemes spike significantly as criminals deploy sophisticated tactics—including AI-generated offers…
Trust Wallet Reports 2596 Wallets Drained
Trust Wallet is a decentralized application used by over 200 million people to manage various digital assets like Bitcoin and Ethereum. This article has been indexed from CyberMaterial Read the original article: Trust Wallet Reports 2596 Wallets Drained
Sax Accounting Data Breach Affects 220,000
Sax, a prominent United States accounting firm, has confirmed a data breach affecting more than 220,000 individuals following an investigation that lasted over a year. This article has been indexed from CyberMaterial Read the original article: Sax Accounting Data Breach…
US Cybersecurity Experts Plead Guilty
Two former cybersecurity professionals from the firms Sygnia and DigitalMint have admitted to conducting ransomware attacks against several American companies using the BlackCat platform. Ryan Clifford Goldberg and Kevin Tyler Martin pleaded guilty to extortion charges and face up to…
French Software Firm Fined For Breach
Coupang Recovers Laptop From River
South Korea’s largest online retailer, Coupang, recently recovered a damaged laptop from a river as part of an investigation into an insider data breach involving 33.7 million customer accounts. Despite the attempt to destroy evidence, forensic teams confirmed that while…
Singapore CSA warns of maximun severity SmarterMail RCE flaw
Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload. Singapore’s Cyber Security Agency of Singapore (CSA) warns of a maximum severity flaw, tracked as CVE-2025-52691 (CVSS score of 10.0), in SmarterMail.…