Hackread.com

Watch out, hackers are hiding a new version of XWorm malware in #PyInstaller files to bypass Windows security, steal data, and remotely control computers through ads!

Read: https://hackread.com/hackers-pyinstaller-amsi-patching-xworm-rat-v7-4/

#CyberSecurity #XWorm #Windows #Malware #Scam

📢⚠️🪝Watch out, hackers are using #CalPhishing (Calendar Phishing) with the EvilTokens phishing kit to exploit #Outlook calendar invites and device code phishing to steal #M365 session tokens and breach enterprise accounts.

Read: https://hackread.com/calphishing-eviltokens-kit-outlook-invites-m365/

#CyberSecurity #CalPhishing #EvilTokens #Phishing

Hackers are using fake job interview apps to spread new #JobStealer malware across macOS and Windows systems, stealing crypto, browser credentials, and more disguising itself as a video meeting app.

Read more: https://hackread.com/fake-job-interview-jobstealer-malware-windows-macos/

#CyberSecurity #Malware #macOS #Windows #Crypto #Scam

📢⚠️ China-linked #FamousSparrow hacking group targeted an oil and gas firm in #Azerbaijan using the ProxyNotShell exploit chain alongside Deed RAT and Terndoor malware across three persistent attack waves.

Read: https://hackread.com/famoussparrow-oil-gas-ms-exchange-server-exploit/

#CyberSecurity #China #MSExchange #Malware #CyberAttack

📢⚠️ A new China-linked #TwillTyphoon hacking group is using fake Apple and Yahoo domains along with trusted #Windows tools to spy on organizations across Japan and the Asia-Pacific region.

Read: https://hackread.com/chinatwill-typhoon-fake-apple-yahoo-sites-espionage/

#CyberSecurity #CyberAttack #Apple #Yahoo #Malware

Instructure has reached an agreement with the #ShinyHunters group to return and destroy stolen Canvas data, protecting millions of student records worldwide from being publicly leaked.

Read: https://hackread.com/instructure-shinyhunters-deal-prevent-canvas-data-leak/

#CyberSecurity #DataBreach #Instructure #Canvas #Privacy

Research reveals that #TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.

Read: https://hackread.com/teampcp-mini-shai-hulud-worm-npm-pypi-packages/

#CyberSecurity #Malware #ShaiHulud #CyberAttack #npm

📢⚠️ A Slovakian administrator tied to the dark web Kingdom Market received a 16-year US prison sentence for drug trafficking and cybercrime activity.

Read: https://hackread.com/slovakian-admin-dark-web-kingdom-market-us-jail/

#CyberSecurity #CyberCrime #DarkWeb #KingdomMarket #Slovakia

📢⚠️ #ShinyHunters hackers say their official clearnet domain has been suspended after the Canvas LMS attacks, forcing the group to move fully to its onion site.

Read: https://hackread.com/canvas-hackers-shinyhunters-official-domain-suspended/

#CyberSecurity #CyberCrime #Canvas #DataBreach #DarkWeb

📢⚠️ Hackers are now using #AI to develop zero-day exploits, according to a new Google report. Researchers also uncovered AI-powered #Android backdoors, phishing scams and automated supply chain attacks targeting GitHub and PyPI.

Read: https://hackread.com/google-hackers-used-ai-develop-zero-day-exploit/

#Cybersecurity #Hacking #0Day #Malware #GitHub #PyPI

📢⚠️ Hackers tricked #DigiCert support staff into executing a malicious file, allowing attackers to obtain code-signing certificates later used to sign malware. DigiCert revoked 60 certificates after the breach was reported.

Read: https://hackread.com/hackers-digicert-issue-certificates-sign-malware/

#CyberSecurity #Malware #InfoSec #CyberAttack #DataBreach

📢⚠️ Researchers have uncovered #ClaudeBleed, a vulnerability in Anthropic’s Claude for Chrome extension that could let hackers hijack the AI assistant, steal Google Drive files, access Gmail data, and bypass built-in security safeguards.

Read more: https://hackread.com/claudebleed-vulnerability-hackers-claude-chrome-extension/

#CyberSecurity #AI #ClaudeAI #Chrome #Anthropic #Privacy

📢⚠️ Google Chrome is reportedly downloading a 4GB #GeminiNano AI model onto eligible devices without clearly notifying users, according to researcher Alexander Hanff. The report has triggered privacy, transparency, and #GDPR concerns.

Read more: https://hackread.com/google-chrome-installing-4gb-ai-model-user-devices/

#GoogleChrome #Cybersecurity #Privacy #AI #Google #Chrome

📢⚠️ Researchers revealed 20-year-old #PostgreSQL flaws at Wiz’s ZeroDay.Cloud hacking event, exposing critical pgcrypto vulnerabilities that could lead to code execution.

Read: https://hackread.com/wiz-zeroday-cloud-event-postgresql-vulnerabilities/

#CyberSecurity #Vulnerability #Wiz #ZeroDayCloud

📢⚠️ A critical cPanel vulnerability lets attackers bypass login and gain root access, with active exploitation reported before patches were released. Act now!

Read: https://hackread.com/cpanel-vulnerability-attacker-bypass-login-root-access/

#CyberSecurity #Vulnerability #cPanel #WHM #CyberAttack

A Cursor AI agent wiped #PocketOS’ production database and backups in just 9 seconds after misusing a root API token, exposing serious risks in AI-driven coding and cloud setups.

Read more: https://hackread.com/cursor-ai-agent-wipes-pocketos-database-backups/

#Cybersecurity #AI #DataLoss #CursorAI #Cursor #ClaudeOpus

📢⚠️ #Bluekit, a new AI-powered phishing-as-a-service kit, lets attackers bypass MFA using #AiTM attacks and stolen session cookies. With 40+ fake templates and AI tools.

Read: https://hackread.com/bluekit-phishing-kit-targets-platforms-mfa-bypass-attack/

#Cybersecurity #Phishing #MFA #AI #Hacking #PhaaS

📢⚠️ US-Estonian suspect Peter Stokes was arrested in #Finland over alleged ties to Scattered Spider, facing US charges for cyberattacks, fraud, and data breaches.

Read: https://hackread.com/us-estonian-suspect-arrest-scattered-spider-cyberattacks/

#CyberSecurity #CyberCrime #ScatteredSpider #DataBreaches

📢⚠️ Cursor AI IDE hit by a high-severity flaw that lets attackers execute code via hidden Git hooks in cloned repos, no clicks needed. A routine dev action can trigger a full system compromise. Patch now.

Read: https://hackread.com/cursor-ai-ide-vulnerability-code-execution-git-hooks/

#Cybersecurity #AI #Vulnerability #Git #CursorAI

📢⚠️ #Pack2TheRoot exposes a 12-year-old flaw in Linux’s PackageKit, letting unprivileged users gain root access in seconds. Affects major distros, patch now

Read: https://hackread.com/pack2theroot-linux-packagekit-flaw-full-compromise/

#Linux #CyberSecurity #Vulnerability #PackageKit

🚨 TeamPCP hijacks Bitwarden CLI in supply chain attack, abusing GitHub Dependabot to deploy Shai-Hulud malware and steal developer secrets, poison AI coding tools.

Read: https://hackread.com/teampcp-bitwarden-cli-dependabot-shai-hulud-malware/

#CyberSecurity #TeamPCP #Malware #Bitwarden #GitHub #Dependabot

📢⚠️ Grinex crypto exchange collapses after $13.7M breach, blames Western spies as researchers flag possible exit scam.

Read: https://hackread.com/grinex-crypto-exchange-shuts-down-west-agency-breach/

#CyberSecurity #DataBreach #Crypto #Grinex #ExitScam

📢 Tyler Robert Buchanan, a 24-year-old British hacker linked to Scattered Spider, admits to a multi-year US hacking scheme involving at least $8M in crypto theft.

Read: https://hackread.com/british-hacker-tyler-buchanan-guilty-hacking-scheme/

#CyberSecurity #CyberCrime #ScatteredSpider #Phishing

Fake Claude AI installer mimicking Anthropic spreads PlugX RAT on Windows, using DLL sideloading to gain persistent remote access to infected systems.

Read: https://hackread.com/fake-claude-ai-installer-plugx-malware-windows-users/

#CyberSecurity #ClaudeAI #Windows #PlugX #Malware

The FBI recovered deleted Signal messages from an iPhone even after the app was removed. Here’s how to change your notification settings to keep chats private.

Read: https://hackread.com/fbi-recover-deleted-signal-messages-iphone-notifications/

#CyberSecurity #Privacy #Single #FBI #Cellebrite iPhone

AI firm Mercor confirms a breach linked to the #LiteLLM supply chain attack, as hackers claim 4TB of stolen data.

Read: https://hackread.com/ai-firm-mercor-breach-hackers-4tb-data/

#CyberSecurity #DataBreach #Mercor #AI #TeamPCP #Lapsus

⛶ 𝄃𝄂🪝“Quish Splash” QR phishing campaign hits 1.6M users, hiding malicious links inside images to bypass email security and steal credentials undetected.

Read: https://hackread.com/quish-splash-qr-code-phishing-hits-users/

#CyberSecurity #Phishing #QRcode #Quishing #Malware

Watch out, as Microsoft has uncovered a Storm-2561 campaign using SEO poisoning to push fake Fortinet and Ivanti VPN sites that deliver #Hyrax infostealer malware.

Read: https://hackread.com/storm-2561-fake-fortinet-ivanti-vpn-sites-hyrax-infostealer/

#CyberSecurity #Malware #Infostealer #VPN #Fortinet #Ivanti

China-linked hackers targeted #Qatar using fake war news to spread PlugX backdoors and launch cyber-espionage attacks on military and energy sectors.

https://hackread.com/china-hackers-qatar-backdoor-fake-war-news/

#CyberSecurity #China #PlugX #CyberAttack #Malware

📢⚠️#Pakistan-linked APT36 is flooding Indian government networks with AI-generated “#Vibeware”, disposable malware built with AI. The campaign abuses trusted platforms like Google Sheets, Slack, and Discord for C&C

Read: https://hackread.com/pakistan-apt36-indian-govt-networks-ai-vibeware/

#CyberSecurity #APT36 #TransparentTribe #Malware #AI #CyberAttack

📢🪝⚠️ Watch out as scammers are using Fake Zoom and Google Meet pages to trick users into installing #Teramind monitoring software on Windows systems through phishing links and fake updates.

Read: https://hackread.com/zoom-google-meet-phishing-teramind-monitoring-tool/

#CyberSecurity #Phishing #Zoom #GoogleMeet #Windows

📢⚠️ New #ZeroDayRAT malware is being sold on Telegram, targeting Android and iOS devices with real-time monitoring, location tracking, surveillance and crypto theft tools.

Read: https://hackread.com/zerodayrat-malware-monitoring-android-ios-devices/

#Cybersecurity #Malware #Android #iOS #MaaS #Spyware

📢🚫⛔ Firefox will add a global AI kill switch, letting users block all AI features and manage individual tools for better control and privacy.

Read: https://hackread.com/firefox-users-ai-kill-switch-better-privacy/

#Firefox #AI #Privacy #Mozilla #BrowserUpdate #CyberSecurity

Iranian TV transmission was hacked to broadcast protest footage and a message from exiled Prince Reza Pahlavi urging security forces not to fire on civilians 📺

Read: https://hackread.com/iranian-tv-transmission-hacked-exiled-prince-message/

#CyberSecurity #Iran #RezaPahlavi #IranProtest #Badr #Satellite

Watch out as a new report reveals a widespread Magecart skimmer campaign targeting users of all major credit cards at online checkout.

Read more: https://hackread.com/magecart-targets-all-credit-cards-users/

#Magecart #CyberSecurity #OnlineShopping #InfoSec

Watch out as the Astaroth banking Trojan is now spreading via #WhatsApp messages in a Brazil focused campaign, using friendly-looking ZIP files to auto-infect contacts and steal banking credentials and data.

Read: https://hackread.com/astaroth-banking-trojan-brazil-whatsapp-messages/

#Astaroth #Malware #Cybersecurity #Banking #Trojan #Brazil

Ilya Lichtenstein, the #Bitfinex 2016 hack mastermind behind a theft now valued at roughly 10 billion dollars, has been released early to home confinement under the #FirstStepAct after serving about 14 months of a 5-year sentence.

Read: https://hackread.com/bitfinex-hack-mastermind-gets-early-release/

#IlyaLichtenstein #Cybersecurity #CyberCrime #BitfinexHack

Watch as researcher Martha Root infiltrates and wipes white supremacist dating sites like, leaks thousands of profiles on #okstupid.lol after a live demo at CCC 2025.

Read: https://hackread.com/white-supremacist-dating-sites-wiped-okstupid-lol/

#Cybersecurity #Hacktivism #CCC2025 #okstupidlol #MarthaRoot

Korean Air confirms 30,000 of its employee records have been stolen after the Cl0p ransomware gang leaked the data online, following exploitation of an Oracle EBS vulnerability.

Read: https://hackread.com/30000-korean-air-employee-cl0p-leaks-data/

#CyberSecurity #DataBreach #Cl0p #KoreanAir #OracleEBS #InfoSec

🪝 Scammers sent 40,000 phishing emails spoofing SharePoint and DocuSign to target 6,000 firms in 2 weeks, hiding malicious links behind trusted redirects 📧🔒

Read more: https://hackread.com/scammers-e-signature-phishing-emails/

#CyberSecurity #Phishing #EmailSecurity #SharePoint #DocuSign

⚠️ Alert: A #WebXR flaw (CVE-2025-12443) affected Chrome, Edge, Brave, Opera and other Chromium browsers - over 4 billion devices at risk. Patch pushed - update your browser now! 🔐

Read: https://hackread.com/webxr-flaw-chromium-users-browser-update/

#CyberSecurity #BrowserUpdate #Chromium #Chrome #Brave

⚠️ Watch out! A new Android backdoor called #Baohuo is spreading through a fake Telegram X app, hijacking Telegram accounts on thousands of devices.

Read: https://hackread.com/baohuo-android-malware-telegram-x-hijacks-accounts/

#CyberSecurity #Android #Malware #TelegramX #Telegram

🚔 Spanish police have busted the GXC Team, one of the most active cybercrime networks led by #GoogleXcoder, a 25-year-old Brazilian.

Read: https://hackread.com/police-bust-gxc-team-cybercrime-networks/

#Cybercrime #CyberSecurity #Infosec #GXC #GroupIB #Spain #Brazil

The Astaroth Trojan is back, targeting Windows devices and hiding its C2 data in GitHub images to stay active after takedowns. 🎯

Read: https://hackread.com/astaroth-trojan-github-images-active-takedowns/

#Cybersecurity #Malware #Infosec #Astaroth #GitHub #Trojan

Hackers are using fake Ukrainian police emails to spread new #CountLoader malware, giving ransomware gangs like LockBit and Qilin initial access to victims.

Read: https://hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/

#CyberSecurity #Russia #Ukraine #Ransomware

Europol and authorities from 18 countries tracked and protected 51 child victims in global online abuse cases, leading to 60 arrests.

Read: https://hackread.com/ai-forensics-europol-track-children-online-abuse-case/

#CyberSecurity #CyberCrime #ChildProtection #AIForensics #OnlineSafety

A service-side flaw in OpenAI's ChatGPT, known as the #ShadowLeak attack, used indirect prompt injection to leak Gmail data.

Read: https://hackread.com/shadowleak-exploit-exposed-gmail-data-chatgpt-agent/

#CyberSecurity #ChatGPT #OpenAI #Gmail #InfoSec #AI #Vulnerability

Watch out as hackers are using FileFix phishing with fake Facebook warnings to drop StealC Infostealer, hiding the payload inside images with #steganography.

Read: https://hackread.com/filefix-attack-stealc-infostealer-fake-facebook-pages/

#CyberSecurity #Phishing #FileFix #StealC #Infostealer

🚨 SEO poisoning alert! Watch what you download as #Windows users are being targeted with fake search results that lead to installers containing Hiddengh0st and Winos malware

Read: https://hackread.com/seo-poisoning-attack-windows-hiddengh0st-winos-malware/

#Cybersecurity #Malware #Hiddengh0st #Winos #SEOpoisoning

🚨 Hackers are exploiting a CrushFTP Zero-Day (CVE-2025-54309) to gain admin access and take over servers. Update to v10.8.5 or v11.3.4 now!

Read: https://hackread.com/hackers-exploit-crushftp-zero-day-take-over-servers/

#CyberSecurity #CrushFTP #Vulnerability #0day