Tag: hacker
-
FBI investigating hack on its wiretap and surveillance systems: Report
Hackers allegedly broke into the FBI’s networks, according to a report by CNN. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/05/fbi-investigating-hack-on-its-wiretap-and-surveillance-systems-report/
-
Hackers Used New Exploit Kit to Compromise Thousands of iPhones
Thousands of iPhones were compromised using the Coruna exploit kit, which chained 23 iOS vulnerabilities into advanced attacks used for espionage and cybercrime. The post Hackers Used New Exploit Kit to Compromise Thousands of iPhones appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-coruna-exploit-kit-thousands-of-iphones-compromised/
-
WordPress membership plugin bug exploited to create admin accounts
Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-membership-plugin-bug-exploited-to-create-admin-accounts/
-
PleaseFix Flaw Lets Hackers Access 1Password Vault via Comet AI Browser
Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files. First seen on hackread.com Jump to article: hackread.com/pleasefix-flaw-hackers-1password-vault-comet-ai-browser/
-
Plankey’s nomination as CISA director now in jeopardy
News that Sean Plankey has left his post at DHS comes amid rising risks to U.S. critical infrastructure from Iran-linked hackers and deep concerns about a weakened cybersecurity agency. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/sean-plankey-cisa-dhs-controversy/813898/
-
Nation-State Hackers Play the Vibes
Who Knew APT Hackers Liked Emojis So Much?. All the nation-state hackers are vibe coding. Vibeware won’t win any coding awards. It’s not pretty. It doesn’t target any zero-day vulnerabilities or known flaws in innovative new ways – but it does allow polyglot malware to be generated at scale. First seen on govinfosecurity.com Jump to…
-
Analyse von Palo Alto – Hacker erstellen Phishing-Seiten mit LLMs in Echtzeit
First seen on security-insider.de Jump to article: www.security-insider.de/ki-phishing-llm-javascript-im-browser-palo-alto-networks-a-7f2c070feb5687a9b52f9c3c76177df0/
-
LeakBase Cybercrime and Hacker Forum Seized
Europol seizes LeakBase cybercrime and hacker forum used to trade stolen data, disrupting a global platform with over 140,000 members. First seen on hackread.com Jump to article: hackread.com/leakbase-cybercrime-hacker-forum-seized/
-
LatAm Now Faces 2x More Cyberattacks Than US
Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/latam-2x-more-cyberattacks-us
-
Lazarus-Gruppe auf Blockchain-Beutezug Wie Hacker Whitelists als Zielscheiben missbrauchen
Check Point Software Technologies warnt vor einem gefährlichen Sicherheitsirrtum im Umgang mit digitalen Vermögenswerten auf öffentlichen Blockchains. Am Beispiel der nordkoreanischen Hacker ‘Lazarus Group>> zeigt Check Point auf, dass Whitelists Angreifern als Orientierung dienen, um zu erkennen, welche Dienstleister, Gegenparteien oder Infrastrukturkomponenten kompromittiert werden müssen, um an die Assets zu gelangen. In nur sieben Monaten…
-
Operational Technology (OT) penetration testing: Defining, Process and Tools
Operational penetration testing is a process of simulating real-world attacks on OT systems to identify vulnerabilities before cybercriminals can exploit them, either physically or remotely. OT penetration testing is a proactive approach to identifying vulnerabilities in OT systems before adversaries exploit them. OT penetration testing is performed by penetration testers, ethical hackers, and industrial cybersecurity……
-
DPRK Hackers Target Crypto Firms, Steal Keys and Cloud Assets in Coordinated Attacks
Suspected DPRK-linked threat actors have been observed compromising cryptocurrency firms through a coordinated campaign that blends web-app exploitation, cloud abuse, and secrets theft to position for large”‘scale digital asset theft. The intrusions show a full kill chain from initial access via the React2Shell vulnerability (CVE”‘2025″‘55182) to deep AWS and Kubernetes reconnaissance and exfiltration of proprietary…
-
Von Ethical Hacker erpresst? – Ungeschützte Datenbank legt eine Milliarde Kundendaten offen
First seen on security-insider.de Jump to article: www.security-insider.de/datenleck-milliarden-sensible-daten-enthuellt-a-d866daf68c3c4d3fcb3df0e8e9bc7f61/
-
Von Ethical Hacker erpresst? – Ungeschützte Datenbank legt eine Milliarde Kundendaten offen
First seen on security-insider.de Jump to article: www.security-insider.de/datenleck-milliarden-sensible-daten-enthuellt-a-d866daf68c3c4d3fcb3df0e8e9bc7f61/
-
State-affiliated hackers set up for critical OT attacks that operators may not detect
Tags: access, antivirus, attack, conference, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, firmware, fortinet, group, hacker, incident response, infrastructure, Internet, Intruder, lessons-learned, malware, mfa, monitoring, network, password, penetration-testing, phishing, regulation, russia, service, spear-phishing, supply-chain, threat, tool, ukraine, update, vulnerabilityRussia’s OT attack teams expand beyond Ukraine: The Russia-linked pair Kamacite and Electrum, which Dragos has tracked since the mid-2010s and is responsible for the 2015 and 2016 cyberattacks that took down parts of Ukraine’s power grid, expanded operations into NATO territory in 2025 after years focused almost exclusively on Ukrainian targets.Kamacite, which serves as…
-
State-affiliated hackers set up for critical OT attacks that operators may not detect
Tags: access, antivirus, attack, conference, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, firmware, fortinet, group, hacker, incident response, infrastructure, Internet, Intruder, lessons-learned, malware, mfa, monitoring, network, password, penetration-testing, phishing, regulation, russia, service, spear-phishing, supply-chain, threat, tool, ukraine, update, vulnerabilityRussia’s OT attack teams expand beyond Ukraine: The Russia-linked pair Kamacite and Electrum, which Dragos has tracked since the mid-2010s and is responsible for the 2015 and 2016 cyberattacks that took down parts of Ukraine’s power grid, expanded operations into NATO territory in 2025 after years focused almost exclusively on Ukrainian targets.Kamacite, which serves as…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
CVSS-Score 10.0 – Hacker können WhatsApp-Sitzungen von Nanobot-Nutzern übernehmen
First seen on security-insider.de Jump to article: www.security-insider.de/nanobot-whatsapp-bridge-cve-2026-2577-session-uebernahme-a-f21834258a7b68c129e5bd26382fe277/
-
Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware
A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks First seen on hackread.com Jump to article: hackread.com/fake-zoom-teams-invites-malware-certificates/
-
Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mail2shell-zero-click-attack-lets-hackers-hijack-freescout-mail-servers/
-
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/
-
Iran-nexus hackers target flaws in surveillance cameras
The threat activity echoes prior exploitation during the Israeli war with Hamas, a precursor to attacks against critical sectors in the U.S. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-hackers-target-flaws-ip-cameras/813795/
-
Securing Microsoft 365: A Live Breakdown of Modern Attack Paths
An OnDemand Webinar with former NSA operative Kyle Hanslovan. Watch how hackers steal credentials, bypass Microsoft 365 MFA, and completely wreck enterprise systems in under 10 minutes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securing-microsoft-365-live-breakdown-modern-attack-paths-a-30901
-
The CTEM Divide: Why 84% of Security Programs Are Falling Behind
Originally published on the Hacker News here. A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-ctem-divide-why-84-of-security-programs-are-falling-behind/
-
Securing Microsoft 365: A Live Breakdown of Modern Attack Paths
An OnDemand Webinar with former NSA operative Kyle Hanslovan. Watch how hackers steal credentials, bypass Microsoft 365 MFA, and completely wreck enterprise systems in under 10 minutes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securing-microsoft-365-live-breakdown-modern-attack-paths-a-30901
-
Securing Microsoft 365: A Live Breakdown of Modern Attack Paths
An OnDemand Webinar with former NSA operative Kyle Hanslovan. Watch how hackers steal credentials, bypass Microsoft 365 MFA, and completely wreck enterprise systems in under 10 minutes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securing-microsoft-365-live-breakdown-modern-attack-paths-a-30901
-
Russian hackers deploy new malware in phishing campaign targeting Ukraine
Researchers have identified a suspected Russian espionage campaign targeting Ukraine that uses two previously undocumented malware strains. First seen on therecord.media Jump to article: therecord.media/russian-ukraine-hackers-malware
-
Surge in Attacks on Surveillance Cameras Linked to Iranian Hackers
Increased attempts to compromise surveillance cameras linked to Iran during Middle East conflict First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-attacks-surveillance-cameras/