Attackers have exploited a now-fixed vulnerability (CVE-2025-12480) in the Gladinet Triofox secure file sharing and remote access platform while it was still a zero-day, Mandiant revealed on Monday. CVE-2025-12480 exploitation and attack details Gladinet’s Triofox solution is used by medium…
Tag: EN
Have I Been Pwned Adds 1.96B Accounts From Synthient Credential Data
Have I Been Pwned (HIBP), the popular breach notification service, has added another massive dataset to its platform.… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read the original article: Have…
New “KomeX” Android RAT Hits Hacker Forums with Tiered Subscriptions
A sophisticated Android remote-access trojan named KomeX RAT has emerged on underground hacking forums, with the threat actor Gendirector actively marketing the malware through tiered subscription models. The malware, built on the foundation of previously documented BTMOB, poses a significant…
North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors
North Korea-linked APT Konni posed as counselors to steal data and wipe Android phones via Google Find Hub in Sept 2025. Genians Security Center researchers warn that the North Korea-linked Konni APT group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia,…
WatchGuard Firebox Firewall Vulnerability Let Attackers Gain Unauthorized SSH Access
A critical vulnerability in WatchGuard Firebox firewalls could allow attackers to gain complete administrative access to the devices without any authentication. The flaw, tracked as CVE-2025-59396, stems from insecure default configurations that expose SSH access on port 4118 using hardcoded…
65% of Leading AI Companies Exposes Verified Secrets Including Keys and Tokens on GitHub
A new security investigation reveals that 65% of prominent AI companies have leaked verified secrets on GitHub, exposing API keys, tokens, and sensitive credentials that could compromise their operations and intellectual property. The wiz research, which examined 50 leading AI…
Hitachi-owned GlobalLogic admits data stolen on 10k current and former staff
Clop’s Oracle EBS exploit spree shows no sign of slowing, claims nearly 30 more casualties in media, finance, and tech. Digital engineering outfit GlobalLogic says personal data from more than 10,000 current and former employees was exposed in the wave…
‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics
Attackers intercepting network traffic can determine the conversation topic with a chatbot despite end-to-end encrypted communication. The post ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model. According to its seller, the malware enables device control and espionage, allowing threat…
Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories
Cybersecurity researchers have discovered a malicious npm package named “@acitons/artifact” that typosquats the legitimate “@actions/artifact” package with the intent to target GitHub-owned repositories. “We think the intent was to have this script execute during a build of a GitHub-owned repository,…
CISO’s Expert Guide To AI Supply Chain Attacks
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here. TL;DR AI-enabled supply chain…
Hackers Exploit Critical Flaw in Gladinet’s Triofox File Sharing Product
Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Exploit Critical Flaw in Gladinet’s Triofox File Sharing Product
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials
Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation’s code. This article has been indexed from Hackread – Cybersecurity News, Data…
New Phishing Campaign Targets Meta Business Suite Users
With more than 5.4 billion social media users worldwide, Facebook remains a critical marketing channel for businesses of all sizes. This massive reach and trusted brand status, however, make it an increasingly attractive target for sophisticated threat actors seeking to…
UK asks cyberspies to probe whether Chinese buses can be switched off remotely
Norwegian testers claim maker has remote access, while UK importer says supplier complies with the law UK governmental is working with the National Cyber Security Centre to understand and “mitigate” any risk that China-made imported electric buses could be remotely…
Ferocious Kitten APT Uses MarkiRAT for Keystroke and Clipboard Surveillance
Ferocious Kitten, a covert cyber-espionage group active since at least 2015, has emerged as a persistent threat to Persian-speaking dissidents and activists within Iran. The group, known for its careful targeting and evolving tactics, deploys its custom implant “MarkiRAT” to…
Google’s Latest Security Push Marks the Slow Death of Passwords
The tech titan is steering Gmail users away from passwords. It’s promoting passkeys and stronger authentication as phishing grows more convincing. The post Google’s Latest Security Push Marks the Slow Death of Passwords appeared first on TechRepublic. This article has…
Cyber insurers paid out over twice as much for UK ransomware attacks last year
Massive increase in policy claims… and data doesn’t even cover the major attacks of 2025 The number of successful cyber insurance claims made by UK organizations shot up last year, according to the latest figures from the industry’s trade association.……
Application Attack Patterns: Attack Graphs Reveal 81 Threats Your Tools Miss
TL;DR Applications face thousands of attack attempts monthly, yet traditional security tools miss the ones that matter most. New data from Contrast Security reveals that while WAFs, EDR, and SIEM platforms excel at their designed functions, they cannot see inside…
Bank Of England Dilutes Stablecoin Rules
Central bank proposes softer rules for stablecoin issuers ahead of cryptocurrency regulatory regime expected next year This article has been indexed from Silicon UK Read the original article: Bank Of England Dilutes Stablecoin Rules