Tag: hacking
-
Spanish police arrest student suspected of hacking school system to change grades
Spanish police have arrested a university student suspected of hacking the local government’s education management system to alter grades and gain access to professors’ emails. First seen on therecord.media Jump to article: therecord.media/spanish-police-hacker-arrest-grades
-
ShadowSilk Hits 36 Government Targets in Central Asia and APAC Using Telegram Bots
A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC).According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration. The hacking group shares toolset and infrastructural overlaps with campaigns undertaken by threat…
-
Facility Laundry and Dining Vendor Hack in 2024 Hits 624,500
Crime Gang ‘Underground’ Claimed Data Theft From Healthcare Services Group. A publicly traded Pennsylvania-based firm that provides dining, housekeeping and laundry services to long-term care and skilled nursing facilities is notifying nearly 624,500 people of a 2024 hacking incident that took nearly nine months for the company to investigate. First seen on govinfosecurity.com Jump to…
-
Hackers Disrupt Iranian Ships via Maritime Communication Terminals Exploiting MySQL Database
The National Iranian Tanker Company (NITC) and Islamic Republic of Iran Shipping Lines (IRISL), two sanctioned companies, are the operators of 64 boats, 39 tankers, and 25 cargo ships that were compromised in a targeted attack on Iran’s maritime infrastructure by the hacking collective Lab-Dookhtegan. Rather than attempting direct breaches of individual ships, which are…
-
Flipper Zero im Untergrund: Wie das Hacking-Gadget zum Türöffner für Autodiebe wird
Flipper Zero im Untergrund: Hacker “Daniel” verkauft modifizierte Firmware, mit der sich hunderte unterschiedliche Autos entsperren lassen. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/flipper-zero-im-untergrund-wie-das-hacking-gadget-zum-tueroeffner-fuer-autodiebe-wird-319948.html
-
Murky Panda hackers exploit cloud trust to hack downstream customers
A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/murky-panda-hackers-exploit-cloud-trust-to-hack-downstream-customers/
-
Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses
Tags: access, ai, attack, automation, cisa, cisco, cloud, conference, control, credentials, cve, cyber, cybersecurity, data, data-breach, deep-fake, detection, docker, espionage, exploit, flaw, framework, fraud, google, government, group, guide, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iot, LLM, microsoft, mitigation, mitre, mobile, network, nist, risk, russia, scam, service, side-channel, software, strategy, switch, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCheck out the FBI’s alert on Russia-backed hackers infiltrating critical infrastructure networks via an old Cisco bug. Plus, MITRE dropped a revamped list of the most important critical security flaws. Meanwhile, NIST rolled out a battle plan against face-morphing deepfakes. And get the latest on the CIS Benchmarks and on vulnerability prioritization strategies! Here are…
-
AI Models Resize Photos and Open Door to Hacking
Researchers Show How AI Image Downscaling Can be an Attack Vector. Researchers discovered a method to embed invisible prompt injections that are activated during AI’s processing of an image. When the model scales down these images, the hidden malicious instructions allow theft of data from popular image production systems. First seen on govinfosecurity.com Jump to…
-
Microsoft restricts Chinese firms’ access to vulnerability warnings after hacking concerns
Tags: access, china, compliance, cybersecurity, data, government, hacking, intelligence, microsoft, service, threat, vulnerability, windowsEnterprise operations fallout: Microsoft’s decision may have broader operational consequences for multinational corporations (MNCs), particularly those with significant operations in China. For some, the move adds pressure to an already delicate balancing act between geopolitical expectations and local compliance risks.”MNCs operating in China already know they are in the crosshairs of both the Chinese and…
-
Hacktivist Tied to Multiple Cyber Groups Sentenced to Jail
At one point, Al-Tahery Al-Mashriky was hacking thousands of websites within the span of three months while stealing personal data and sensitive information. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/hacktivist-sentenced-jail
-
McFlaw: Hacker Breaches McDonald’s Portal With URL Trick
Hacking Was the Easy Part, Notifying McDonald’s the Extremely Difficult Bit. A security researcher gained access to McDonald’s global marketing portal by changing a single word in its URL, uncovering a slew of additional vulnerabilities. The hard part was notifying the burger giant about the flaws, says self-described ethical hacker BobDaHacker. First seen on govinfosecurity.com…
-
New zero-day startup offers $20 million for tools that can hack any smartphone
Prices for hacking tools that allow governments to break into mobile phones keep going up, thanks to efforts by tech firms shoring up their cybersecurity. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/20/new-zero-day-startup-offers-20-million-for-tools-that-can-hack-any-smartphone/
-
Serial Hacker Sentenced for Defacing and Hacking Organizational Websites
Al-Tahery Al-Mashriky, 26, of Rotherham, South Yorkshire, was given a 20-month prison sentence for several charges of illegal computer access and data exfiltration, part of a major crackdown on ideologically driven cyberthreats. Al-Mashriky, affiliated with extremist hacking collectives such as the ‘Spider Team’ and ‘Yemen Cyber Army,’ was apprehended in August 2022 by the National…
-
At least three UK organizations hit by SharePoint zero-day hacking campaign
At least three British organizations have reported to the country’s data protection regulator that hackers exploited bugs affecting on-premise Microsoft SharePoint servers. First seen on therecord.media Jump to article: therecord.media/organizations-united-kingdom-sharepoint
-
A hacker tied to Yemen Cyber Army gets 20 months in prison
UK hacker Al-Tahery Al-Mashriky, tied to Yemen Cyber Army, gets 20 months in prison for website defacements and stolen data possession. Al-Tahery Al-Mashriky (26), a man from South Yorkshire, linked to the Yemen Cyber Army, has been sentenced to 20 months in prison for hacking and defacing websites in hacktivist campaigns. The UK’s National Crime…
-
47,000 Individuals Affected by Data Breach, Reveals NY Business Council
The Business Council of New York State, Inc., a prominent commercial organization based in Albany, has disclosed a data breach impacting approximately 47,329 individuals. The breach, characterized as an external system intrusion commonly associated with sophisticated hacking techniques, occurred on February 24, 2025, but was only detected on August 4, 2025 a delay of over…
-
SAP 0-Day Exploit Reportedly Leaked by ShinyHunters Hackers
A sophisticated exploit targeting critical SAP vulnerabilities has been publicly released by the notorious hacking group ShinyHunters, significantly escalating the threat landscape for enterprise SAP environments. The exploit, which chains together multiple zero-day vulnerabilities, was allegedly leaked through the >>Scattered LAPSUS$ Hunters ShinyHunters
-
North Korean Hackers’ Secret Linux Malware Surfaces Online
Phrack Magazine’s latest issue #72 has unveiled a significant data leak from a suspected North Korean hacking operation, including exploit tactics, compromised system details, and a sophisticated Linux rootkit. The dump, linked to a Chinese threat actor targeting South Korean and Taiwanese government and private sectors, shows overlaps with the North Korean Kimsuky APT group.…
-
IBM’s Cost of a Data Breach Report 2025
IBM’s 2025 Cost of a Data Breach Report drives home that point: attackers today are often “logging in rather than hacking in”. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/ibms-cost-of-a-data-breach-report-2025/
-
Russian-Linked Curly COMrades Deploy MucorAgent Malware in Europe
A new report from Bitdefender reveals the Russian-linked hacking group Curly COMrades is targeting Eastern Europe with a… First seen on hackread.com Jump to article: hackread.com/russian-curly-comrades-mucoragent-malware-europe/
-
ShinyHunters Claims BreachForums Seized by Law Enforcement, Now a Honeypot
Tags: authentication, breach, communications, cyber, data, hacking, infrastructure, law, privacy, threatThe threat actor known as ShinyHunters has publicly disclosed what they claim is a covert seizure of BreachForums, a notorious online platform used for trading stolen data and discussing illicit hacking activities. According to ShinyHunters’ announcement, the forum’s core infrastructure, including its official Pretty Good Privacy (PGP) key used for cryptographic authentication and secure communications,…
-
Dutch Investigators Blame Hacks on Multiple Threat Actors
NCSC-NL Says Hack of Citrix NetScaler Flaw Also Targeted Critical Infrastructure. A preliminary assessment by the Dutch NCSC into a suspected Russian hacking campaign has concluded that more than one group likely carried out the May breach of the country’s law enforcement network. Investigators say hacks of Citrix NetScaler flaw also targeted critical infrastructure. First…
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Dutch Investigators Blame Multiple Threat Actors on Hacks
NCSC-NL Says Hack of Citrix NetScaler Flaw Also Targeted Critical Infrastructure. A preliminary assessment by the Dutch NCSC into a suspected Russian hacking campaign has concluded that more than one group likely carried out the May breach of the country’s law enforcement network. Investigators say hacks of Citrix NetScaler flaw also targeted critical infrastructure. First…
-
Details emerge on WinRAR zero-day attacks that infected PCs with malware
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian ‘RomCom’ hacking group to drop different malware payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/details-emerge-on-winrar-zero-day-attacks-that-infected-pcs-with-malware/
-
Two groups exploit WinRAR flaws in separate cyber-espionage campaigns
A prominent hacking operation known as RomCom and a lesser-known group tracked as Paper Werewolf or Goffee each exploited a zero-day vulnerability in WinRAR software this summer, researchers said. First seen on therecord.media Jump to article: therecord.media/winrar-zero-day-exploited-romcom-paper-werewolf-goffee-hackers
-
How ShinyHunters Hacking Group Stole Customer Data from Salesforce
Hackers posed as Salesforce IT staff, using vishing to trick employees into installing malicious software for data theft and extortion. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-salesforce-vishing-attack-shinyhunters/
-
Operation Chakra V: Call Center Scammers and your PII
Here we have another cautionary tale about off-shoring customer service when faced with the reality of Call Center Scams that commit fraud via Tech Support Scams and Government Impersonation. In this case, FirstIdea, an Indian company is charged with committing fraud against at least 100 victims from Australia and the UK. FirstIdea.us, according to their…
-
Nigerian man extradited from France to US over hacking and fraud allegations
A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the… First seen on hackread.com Jump to article: hackread.com/nigerian-extradited-france-us-hacking-fraud-allegations/