A critical race condition vulnerability in the Linux kernel’s POSIX CPU timers has been exposed through a detailed proof-of-concept, one of the most sophisticated kernel exploits targeting Android devices. CVE-2025-38352 represents a use-after-free (UAF) vulnerability in the Linux kernel’s POSIX…
Tag: EN
Microsoft Brokering File System Vulnerability Enables Local Privilege Escalation
Microsoft has addressed a critical use-after-free vulnerability in its Brokering File System (BFS) driver that could allow attackers to escalate privileges on Windows systems. Tracked as CVE-2025-29970, the security flaw affects the bfs.sys component and was discovered by security researchers…
SideWinder APT Launches Cyberattacks on Indian Entities Posing as the Income Tax Department
Zscaler Threat Hunting has identified a sophisticated espionage campaign targeting Indian entities through fraudulent “Income Tax Department” portals, representing a significant evolution in the SideWinder APT’s operational tradecraft. The threat actor, also known as Rattlesnake or APT-C-17, has refined its…
Blind Eagle Hackers Target Government Agencies Using PowerShell Scripts
Colombian government institutions are facing a sophisticated multi-stage cyberattack campaign orchestrated by the BlindEagle threat group, which leveraged compromised internal email accounts, PowerShell scripts, and steganography to deploy remote access trojans on target systems, according to Zscaler ThreatLabz researchers. The…
Nissan Discloses Data Breach Linked to Compromised Red Hat Infrastructure
Nissan Motor Co., Ltd. has disclosed a significant data breach affecting approximately 21,000 customers of Nissan Fukuoka Sales Co., Ltd. following unauthorized access to a Red Hat-managed server used for developing the company’s dealership customer management system. Red Hat, a…
Credit Monitoring Provider Discloses Breach Impacting 5.6 Million Users
A data breach usually does not lend itself to straightforward comparisons, as each occurrence is characterized by distinctive circumstances and carries different consequences for those involved. It is common for headlines to emphasize the scale of an attack, the prominence…
VPN Surge: Americans Bypass Age Verification Laws
Americans are increasingly seeking out VPNs as states enact stringent age verification laws that limit what minors can see online. These regulations compel users to provide personal information — like government issued IDs — to verify their age, leading to concerns…
Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan
Cybersecurity firm Ontinue reveals how the open-source tool Nezha is being used as a Remote Access Trojan (RAT) to bypass security and control servers globally. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More…
Infy Returns: Iran-linked hacking group shows renewed activity
Researchers report renewed activity by Iran-linked Infy (Prince of Persia), showing the hacking group remains active and dangerous after years of silence. SafeBreach researchers have spotted renewed activity from the Iran-linked APT group Infy, also known as Prince of Persia,…
New Wonderland Android Malware with Bidirectional SMS-Stealing Capabilities Stealing OTPs
A sophisticated new Android malware family called Wonderland has emerged as a significant threat to users in Uzbekistan and the broader Central Asia region. The malware, which specializes in stealing SMS messages and intercepting one-time passwords, represents a major escalation…
MacSync macOS Malware Distributed via Signed Swift Application
A recent MacSync Stealer version no longer requires users to directly interact with the terminal for execution. The post MacSync macOS Malware Distributed via Signed Swift Application appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
How an LMS Cloud Model Supports Scalable Learning
There’s a new era for training and development programs, making the LMS (Learning Management System) cloud model the… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: How an LMS…
Lies-in-the-Loop Attack Turns AI Safety Dialogs into Remote Code Execution Attack
A newly discovered attack technique has exposed a critical weakness in artificial intelligence code assistants by weaponizing their built-in safety features. The attack, known as Lies-in-the-Loop, manipulates the trust users place in approval dialogs that are designed to prevent harmful…
Hackers Exploiting .onmicrosoft.com Domains to Launch TOAD Scam Attack
Cybercriminals are increasingly weaponizing legitimate Microsoft infrastructure to bypass security filters and trick users into falling for Telephone-Oriented Attack Delivery (TOAD) scams. By abusing the default .onmicrosoft.com When domains are assigned to Azure tenants, attackers send malicious invites that appear…
Around 1,000 systems compromised in ransomware attack on Romanian water agency
On-site staff keep key systems working while all but one region battles with encrypted PCs Romania’s cybersecurity agency confirms a major ransomware attack on the country’s water management administration has compromised around 1,000 systems, with work to remediate them still…
Gambit Cyber Raises $3.4 Million in Seed Funding
The cybersecurity startup will use the funds to accelerate platform improvements, global expansion, and partnerships. The post Gambit Cyber Raises $3.4 Million in Seed Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
How to Browse the Web More Sustainably With a Green Browser
As the internet becomes an essential part of daily life, its environmental footprint continues to grow. Data centers, constant connectivity, and resource-heavy browsing habits all contribute to energy consumption and digital waste. While individual users may not see this impact…
⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches.…
Insider Threat: Hackers Paying Company Insiders to Bypass Security
A new report from Check Point Research reveals a growing trend of cyber criminals recruiting employees at banks, telecoms, and tech giants. Learn how hackers use the darknet and Telegram to offer payouts up to $15,000 for internal access to…
WatchGuard Firebox firewalls under attack (CVE-2025-14733)
More than 115,000 internet-facing WatchGuard Firebox firewalls may be vulnerable to compromise via CVE-2025-14733, a remote code execution vulnerability actively targeted by attackers, Shadowserver’s latest scanning reveals. About CVE-2025-14733 WatchGuard Firebox firewalls, which also incorporate VPN and unified threat management…