Tag: hacker
-
Ukrainian hacker charged with helping Russian hacktivist groups
U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ukrainian-hacker-charged-with-helping-russian-hacktivist-groups/
-
Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group
Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty. First seen on hackread.com Jump to article: hackread.com/ukraine-woman-us-custody-russia-noname057-hackers/
-
Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group
Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty. First seen on hackread.com Jump to article: hackread.com/ukraine-woman-us-custody-russia-noname057-hackers/
-
Gefährliche Sicherheitslücke: Hacker schleusen über Notepad++-Updater Malware ein
Angreifer verbreiten über eine Sicherheitslücke im Updater von Notepad++ Malware. Der Entwickler warnt und rät zum Update – aber besser von Hand. First seen on golem.de Jump to article: www.golem.de/news/besser-manuell-patchen-hacker-nutzen-gefaehrliche-luecke-im-notepad-updater-aus-2512-203082.html
-
New Portuguese Law Shields Ethical Hackers from Prosecution
Portugal updates its cybercrime law (Decree Law 125/2025) to grant ethical hackers a ‘safe harbour’ from prosecution. Learn the strict rules researchers must follow, including immediate disclosure to the CNCS, and how other nations are following this trend. First seen on hackread.com Jump to article: hackread.com/portugal-cybercrime-law-protects-ethical-hackers/
-
New Portuguese Law Shields Ethical Hackers from Prosecution
Portugal updates its cybercrime law (Decree Law 125/2025) to grant ethical hackers a ‘safe harbour’ from prosecution. Learn the strict rules researchers must follow, including immediate disclosure to the CNCS, and how other nations are following this trend. First seen on hackread.com Jump to article: hackread.com/portugal-cybercrime-law-protects-ethical-hackers/
-
Spain arrests teen who stole 64 million personal data records
The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/spain-arrests-teen-who-stole-64-million-personal-data-records/
-
React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics
Sysdig has found sophisticated malicious campaigns exploiting React2Shell that delivered EtherRAT and suggested North Korean hackers’ involvement First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/react2shell-exploit-campaigns/
-
North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-react2shell-flaw-in-etherrat-malware-attacks/
-
Hackers Exploit Ivanti Connect Secure Vulnerabilities to Spread MetaRAT Malware
LAC’s Cyber Emergency Center has identified a sophisticated cyberespionage campaign targeting Japanese shipping and transportation companies. The operation, orchestrated by a China-based threat actor in April 2025, leveraged critical vulnerabilities in Ivanti Connect Secure (ICS) to deploy >>MetaRAT,
-
Hackers Exploit Ivanti Connect Secure Vulnerabilities to Spread MetaRAT Malware
LAC’s Cyber Emergency Center has identified a sophisticated cyberespionage campaign targeting Japanese shipping and transportation companies. The operation, orchestrated by a China-based threat actor in April 2025, leveraged critical vulnerabilities in Ivanti Connect Secure (ICS) to deploy >>MetaRAT,
-
Hackers Using FLIPPER Devices to Breach IT Systems Arrested by Authorities
Polish authorities have arrested three Ukrainian citizens after discovering sophisticated hacking equipment, including FLIPPER devices, during a routine traffic stop in Warsaw. The discovery marks a significant operation targeting cybercriminals allegedly traveling across Europe and conducting cyberattacks against critical infrastructure. Officers from Warsaw’s ÅšródmieÅ›cie district stopped a Toyota sedan on Senatorska Street. They found three…
-
Ignoring AI in the threat chain could be a costly mistake, experts warn
Tags: ai, attack, automation, ceo, ciso, cyber, cybersecurity, defense, exploit, government, hacker, skills, sophos, technology, threat, toolHow CISOs could cut through the confusion: The conflicting narratives around AI threats leave many CISOs struggling to reconcile hype with operational reality.Given the emergence of AI-enabled cyber threats amid pushback from some cyber experts who contend these threats are not real, Sophos CEO Joe Levy tells CSO that AI is becoming a “Rorschach test,…
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
Exploit Attempts Surge for React2Shell
Patch Now, as Scans and Hack Attempts Happening ‘at Scale,’ Security Experts Warn. Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. React is used by an estimated two-fifths of the world’s top 10,000 websites. First seen…
-
New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites
Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access. First seen on hackread.com Jump to article: hackread.com/jssmuggler-netsupport-rat-infected-sites/
-
Hackers Exploit Multiple Ad Networks to Distribute Triada Malware to Android Users
Adex, the anti-fraud and traffic-quality platform operating under AdTech Holding, has successfully identified and neutralized a sophisticated, multi-year malware operation linked to the infamous Triada Trojan. This campaign, which has persistently targeted the mobile advertising ecosystem, underscores the evolving dangers of supply-chain attacks in the digital ad space. According to industry data released alongside the…
-
Hackers Exploit Delivery Receipts in Messaging Apps to Steal Users’ Private Information
A critical security vulnerability has been discovered affecting billions of WhatsApp and Signal users worldwide. Researchers found that hackers can exploit delivery receipts to secretly monitor user activity, track daily routines, and drain battery life, all without leaving any visible trace.”‹ The attack, called >>Careless Whisper,
-
WatchGuard Firebox Vulnerabilities Let Hackers Skip Integrity Validation and Plant Malicious Code
WatchGuard Technologies has disclosed critical security vulnerabilities affecting its Firebox firewall products that could allow attackers to bypass system integrity checks and execute malicious code. The company released patches on December 4, 2025, addressing six distinct vulnerabilities that pose significant risks to enterprise network security. Multiple WatchGuard Firebox Vulnerabilities One of the most concerning flaws…
-
Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
Visual Studio Code and AI-powered IDEs such as Cursor AI and Windsurf are emerging as one of the most critical and overlooked attack surfaces in the modern software supply chain. Installed on millions of developer machines worldwide, these tools often run with access to source code, secrets, and production credentials. New research shows that compromising…
-
Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
Visual Studio Code and AI-powered IDEs such as Cursor AI and Windsurf are emerging as one of the most critical and overlooked attack surfaces in the modern software supply chain. Installed on millions of developer machines worldwide, these tools often run with access to source code, secrets, and production credentials. New research shows that compromising…
-
WatchGuard Firebox Vulnerabilities Let Hackers Skip Integrity Validation and Plant Malicious Code
WatchGuard Technologies has disclosed critical security vulnerabilities affecting its Firebox firewall products that could allow attackers to bypass system integrity checks and execute malicious code. The company released patches on December 4, 2025, addressing six distinct vulnerabilities that pose significant risks to enterprise network security. Multiple WatchGuard Firebox Vulnerabilities One of the most concerning flaws…
-
React2Shell Under Active Exploitation by China-Nexus Hackers
React2Shell (CVE-2025-55182) is under active exploitation by Earth Lamia and Jackpot Panda, risking over two million instances worldwide First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/react2shell-under-active/
-
Hackers Target Developers Using Malicious VS Code and Cursor AI Extensions
Visual Studio Code and AI-powered IDEs such as Cursor AI and Windsurf are emerging as one of the most critical and overlooked attack surfaces in the modern software supply chain. Installed on millions of developer machines worldwide, these tools often run with access to source code, secrets, and production credentials. New research shows that compromising…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
LockBit 5.0 Infrastructure Exposed as Hackers Leak Critical Server Data
Tags: cyber, cybercrime, cybersecurity, data, data-breach, group, hacker, infrastructure, leak, lockbit, ransomwareSecurity researchers have uncovered critical infrastructure details for the notorious LockBit 5.0 ransomware operation, including the IP address 205.185.116.233 and the domain karma0.xyz, which hosts the group’s latest leak site. The discovery represents a significant operational security failure for the cybercriminal organization. Cybersecurity researcher Rakesh Krishnan first publicized the findings on December 5, 2025, identifying…
-
Don’t use ‘admin’: UK’s top 20 most-used passwords revealed as scams soar
Easy-to-guess words and figures still dominate, alarming cysbersecurity experts and delighting hackersIt is a hacker’s dream. Even in the face of repeated warnings to protect online accounts, a new study reveals that “admin” is the most commonly used password in the UK.The second most popular, “123456”, is also unlikely to keep hackers at bay. <a…