Hackers have targeted the popular WordPress plugin Gravity Forms, injecting malicious code into versions downloaded from the official gravityforms.com domain. The breach was first reported on July 11, 2025, when security researchers noticed suspicious HTTP requests to the domain gravityapi.org,…
Tag: EN
Thermomix TM5 Vulnerabilities Enable Remote Takeover by Attackers
Researchers have uncovered multiple vulnerabilities in the Thermomix TM5, a multifunctional kitchen appliance from Vorwerk, allowing attackers to potentially achieve remote takeover through firmware manipulation and persistent code execution. The device’s main board, powered by a Freescale/NXP i.MX28 SoC with…
Hacker Returns $42 Million in Stolen Crypto in Exchange for $5 Million Bounty
A security flaw in the GMX V1 software was made public, causing a significant upheaval in the decentralized finance (DeFi) ecosystem and forcing immediate action to protect user assets. GMX, a prominent perpetual futures trading platform built on blockchain technology,…
Microsoft Broadens Zero Trust Training to Address Network and SecOps Domains
Zero Trust architectures are being adopted by enterprises globally to update their security postures in response to the fast changing cyberthreat landscape, where traditional perimeter-based defenses are becoming more and more insufficient. Zero Trust operates on the principle of “never…
Scamfluencers Use Social Media to Orchestrate Sophisticated Online Fraud
Scamfluencers, a rising category of deceptive internet personalities, are leveraging their online influence to run sophisticated scams that have already cost Americans an estimated $1.9 billion in 2024. These individuals masquerade as experts in finance, health, or other trusted…
ClickFix: The Emerging Technique Threat Actors Use to Dominate Targeted Organizations
Threat actors have increasingly adopted ClickFix, a sophisticated social engineering technique that deceives users into executing malicious commands under the guise of resolving common computer issues like performance lags or pop-up errors. This method, often delivered via compromised websites, malvertising,…
Grok-4 Falls to a Jailbreak Two days After Its Release
The latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak. The post Grok-4 Falls to a Jailbreak Two days After Its Release appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
The Rise of Digital Slavery in the Age of Global Cybercrime
A growing number of cybercriminals are becoming more sophisticated and dangerous in the hyperconnected digital world of today. These criminals use advanced methods to exploit individuals and organisations who are not expecting them. To lure victims into divulging confidential…
DeepSeek Faces Ban From App Stores in Germany
DeepSeek, a competitor of ChatGPT, may face legal ramifications in the European Union after the Berlin Commissioner for Data Protection ordered that Google and Apple remove the AI app from their stores. After discovering that the DeepSeek app violates…
Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. “Laravel’s APP_KEY, essential for encrypting sensitive data, is often leaked publicly (e.g., on GitHub),”…
4 Arrested Over Scattered Spider Hacking Spree
Plus: An “explosion” of AI-generated child abuse images is taking over the web, a Russian professional basketball player is arrested on ransomware charges, and more. This article has been indexed from Security Latest Read the original article: 4 Arrested Over…
AWS Organizations Mis-scoped Managed Policy Let Hackers To Take Full AWS Organization Control
A critical security vulnerability in AWS Organizations has been discovered that could allow attackers to achieve complete control over entire multi-account AWS environments through a mis-scoped managed policy. The flaw, identified in the AmazonGuardDutyFullAccess managed policy version 1, enables privilege…
Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
The ransomware landscape witnessed a dramatic shift in June 2025 as the Qilin ransomware group surged to become the most active threat actor, recording 81 victims and representing a staggering 47.3% increase in activity compared to previous months. This Ransomware-as-a-Service…
Cybersecurity Month in Review: Key Insights and Emerging Threats July 11, 2025
In this episode of ‘Cybersecurity: Today’s Month in Review,’ the panel of experts, including Laura Payne, David Shipley, and new guest Tammy Harper, delve into major cybersecurity stories from the past month. Discussions range from the recent arrest of a…
Microsoft Eliminated High-Privilege Access to Enhance Microsoft 365 Security
Microsoft has successfully eliminated high-privilege access vulnerabilities across its Microsoft 365 ecosystem as part of its comprehensive Secure Future Initiative, marking a significant milestone in enterprise security architecture. The technology giant’s Deputy Chief Information Security Officer for Experiences and Devices,…
Infostealers Actively Attacking macOS Users in The Wild to Steal Sensitive Data
The cybersecurity landscape is witnessing an alarming surge in macOS-targeted information-stealing malware, marking a significant shift from the traditional Windows-centric threat model. These sophisticated infostealers are rapidly evolving to exploit macOS environments with unprecedented precision, targeting valuable data including browser…
CISA Warns of CitrixBleed 2 Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical vulnerability in Citrix NetScaler ADC and Gateway products that is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2025-5777, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with…
FBI Atlanta Seizes Major Video Game Piracy Websites in International Operation
The Federal Bureau of Investigation’s Atlanta Field Office announced today the seizure of several major online criminal marketplaces that provided pirated versions of popular video games, dismantling a multi-million dollar piracy operation that caused an estimated $170 million in losses…
How passkeys work: Going passwordless with public key cryptography
What’s the Achilles’ heel of passwords? Shared secrets. Here’s how we eliminate them. This article has been indexed from Latest stories for ZDNET in Security Read the original article: How passkeys work: Going passwordless with public key cryptography
DoNot APT Hits European Ministry with New LoptikMod Malware
Trellix reveals how the India-linked DoNot APT group launched a sophisticated spear-phishing attack on a European foreign affairs… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: DoNot APT…