Tag: hacking

Hackers Exploited Cisco ISE Zero-Day

Nov 13, 2025 11:49 PM

Tags: access, authentication, cisco, control, exploit, flaw, hacker, hacking, network, remote-code-execution, software, vulnerability, zero-day

Flaw Enabled Remote Code Execution, Say AWS Researchers. Researchers from AWS said they spotted a hacking campaign taking advantage of a zero-day vulnerability in Cisco network access control software before the routing giant patched it earlier this year. The flaw let attackers perform pre-authentication remote code execution. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-exploited-cisco-ise-zero-day-a-30031
Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers

Nov 13, 2025 5:49 PM

Tags: hacking, malware, tool

Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet. First seen on hackread.com Jump to article: hackread.com/operation-endgame-rhadamanthys-venomrat-elysium-malware/
Federal agencies not fully patching vulnerable Cisco devices amid ‘active exploitation,’ CISA warns

Nov 12, 2025 10:49 PM

Tags: cisa, cisco, cybersecurity, exploit, hacking, infrastructure, update, vulnerability

Federal civilian agencies are not patching vulnerable Cisco devices sufficiently to protect themselves from an active hacking campaign, the Cybersecurity and Infrastructure Security Agency warned. First seen on therecord.media Jump to article: therecord.media/federal-cisco-patches-warning
Federal agencies not fully patching vulnerable Cisco devices amid ‘active exploitation,’ CISA warns

Nov 12, 2025 10:49 PM

Tags: cisa, cisco, cybersecurity, exploit, hacking, infrastructure, update, vulnerability

Federal civilian agencies are not patching vulnerable Cisco devices sufficiently to protect themselves from an active hacking campaign, the Cybersecurity and Infrastructure Security Agency warned. First seen on therecord.media Jump to article: therecord.media/federal-cisco-patches-warning
Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland

Nov 12, 2025 12:20 AM

Tags: hacking, remote-code-execution, vulnerability, zero-day

Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/synology-fixes-beestation-zero-days-demoed-at-pwn2own-ireland/
WinRAR Vulnerability Exploited by APT08 to Target Government Agencies

Nov 11, 2025 3:19 PM

Tags: apt, attack, cyber, exploit, flaw, government, group, hacking, threat, vulnerability

The notorious APT-C-08 hacking group, also known as BITTER, has been observed weaponizing a critical WinRAR directory traversal vulnerability (CVE-2025-6218) to launch sophisticated attacks against government organizations across South Asia. This development marks a concerning evolution in the threat actor’s capabilities, as the group leverages this easily exploitable flaw to infiltrate sensitive systems and steal classified…
WinRAR Vulnerability Exploited by APT08 to Target Government Agencies

Nov 11, 2025 3:19 PM

Tags: apt, attack, cyber, exploit, flaw, government, group, hacking, threat, vulnerability

The notorious APT-C-08 hacking group, also known as BITTER, has been observed weaponizing a critical WinRAR directory traversal vulnerability (CVE-2025-6218) to launch sophisticated attacks against government organizations across South Asia. This development marks a concerning evolution in the threat actor’s capabilities, as the group leverages this easily exploitable flaw to infiltrate sensitive systems and steal classified…
New “KomeX” Android RAT Hits Hacker Forums with Tiered Subscriptions

Nov 11, 2025 2:20 PM

Tags: access, android, cyber, hacker, hacking, malware, rat, threat

A sophisticated Android remote-access trojan named KomeX RAT has emerged on underground hacking forums, with the threat actor Gendirector actively marketing the malware through tiered subscription models. The malware, built on the foundation of previously documented BTMOB, poses a significant threat to Android device owners due to its extensive capabilities and aggressive advertising campaign within…
Europe Hosts First In-Orbit Satellite Cybersecurity Competition

Nov 10, 2025 10:20 AM

Tags: cyber, cybersecurity, hacking, office, organized

D-Orbit and the ethical hacking collective mhackeroni have concluded CTRLSpace CTF, the first in-orbit satellite cybersecurity competition ever held in Europe. The event, organized with the support of the European Space Agency’s (ESA) Security Cyber Centre of Excellence and ESA’s Security Office, marked a major step toward strengthening Europe’s space defence capabilities. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/europe-hosts-first-in-orbit-satellite-ctf/
Hackers Exploit Websites to Inject Malicious Links for SEO Manipulation

Nov 10, 2025 10:20 AM

Tags: conference, cyber, exploit, hacker, hacking, Internet, malicious, spam, threat

A surge in online casino spam is reshaping the dark corners of the internet, with threat actors increasingly hacking websites to embed malicious SEO-boosting links. This evolving tactic aims to promote online gambling sites by hijacking the authority of legitimate websites putting site owners and unsuspecting users alike at risk. Historically, blackhat SEO spam campaigns…
Hackers Exploit Websites to Inject Malicious Links for SEO Manipulation

Nov 10, 2025 10:20 AM

Tags: conference, cyber, exploit, hacker, hacking, Internet, malicious, spam, threat

A surge in online casino spam is reshaping the dark corners of the internet, with threat actors increasingly hacking websites to embed malicious SEO-boosting links. This evolving tactic aims to promote online gambling sites by hijacking the authority of legitimate websites putting site owners and unsuspecting users alike at risk. Historically, blackhat SEO spam campaigns…
Europe Hosts First In-Orbit Satellite Cybersecurity Competition

Nov 10, 2025 10:20 AM

Tags: cyber, cybersecurity, hacking, office, organized

D-Orbit and the ethical hacking collective mhackeroni have concluded CTRLSpace CTF, the first in-orbit satellite cybersecurity competition ever held in Europe. The event, organized with the support of the European Space Agency’s (ESA) Security Cyber Centre of Excellence and ESA’s Security Office, marked a major step toward strengthening Europe’s space defence capabilities. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/europe-hosts-first-in-orbit-satellite-ctf/
Data Leak Exposes Chinese State-Sponsored Cyber Arsenal and Target Database

Nov 10, 2025 8:19 AM

Tags: breach, china, cyber, cybersecurity, data, data-breach, government, hacking, international, leak, theft, tool

In early November 2025, a massive data breach at Knownsec, a prominent Chinese cybersecurity firm with government ties, sent shockwaves through the international security community. The incident, reported on November 2, resulted in the theft of over 12,000 classified documents exposing sophisticated state-sponsored cyber weapons, internal hacking tools, and a comprehensive global target list spanning…
Data Leak Exposes Chinese State-Sponsored Cyber Arsenal and Target Database

Nov 10, 2025 8:19 AM

Tags: breach, china, cyber, cybersecurity, data, data-breach, government, hacking, international, leak, theft, tool

In early November 2025, a massive data breach at Knownsec, a prominent Chinese cybersecurity firm with government ties, sent shockwaves through the international security community. The incident, reported on November 2, resulted in the theft of over 12,000 classified documents exposing sophisticated state-sponsored cyber weapons, internal hacking tools, and a comprehensive global target list spanning…
Data Leak Exposes Chinese State-Sponsored Cyber Arsenal and Target Database

Nov 10, 2025 8:19 AM

Tags: breach, china, cyber, cybersecurity, data, data-breach, government, hacking, international, leak, theft, tool

In early November 2025, a massive data breach at Knownsec, a prominent Chinese cybersecurity firm with government ties, sent shockwaves through the international security community. The incident, reported on November 2, resulted in the theft of over 12,000 classified documents exposing sophisticated state-sponsored cyber weapons, internal hacking tools, and a comprehensive global target list spanning…
Washington Post confirms data breach linked to Oracle hacks

Nov 7, 2025 9:19 PM

Tags: breach, data, data-breach, hacking, oracle, ransomware, software, vulnerability

The Washington Post is the latest victim of a hacking campaign by the notorious Clop ransomware gang, which relied on vulnerabilities in Oracle software used by many corporations. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/07/washington-post-confirms-data-breach-linked-to-oracle-hacks/
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine

Nov 7, 2025 2:20 PM

Tags: data, group, hacking, malware, russia, ukraine

Sandworm deployed data wipers against Ukrainian governmental entities and companies in the energy, logistics and grain sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-sandworm-new-wiper-ukraine/
>>Pay up or we share the tapes<<: Hackers target massage parlour clients in blackmail scheme

Nov 6, 2025 8:23 PM

Tags: data, hacker, hacking

South Korean police have uncovered a hacking operation that stole sensitive data from massage parlours and blackmailed their male clientele. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/pay-up-or-we-share-the-tapes-hackers-target-massage-parlour-clients-in-blackmail-scheme
Russia’s Destructive Wiper Attacks on Ukraine Rise Again

Nov 6, 2025 7:19 PM

Tags: attack, group, hacking, malware, russia, ukraine

Nation-State Teams Tied to Grain Sector Targeting, Plus More Joined-Up Operations. Russia’s nation-state hacking groups have returned to pummeling Ukrainian targets with destructive, wiper malware, including in apparent attempts to disrupt its economically valuable grain sector, alongside the repeat targeting of allied European nations, researchers report. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russias-destructive-wiper-attacks-on-ukraine-rise-again-a-29945
Smashing Security podcast #442: The hack that messed with time, and rogue ransom where negotiators

Nov 6, 2025 2:19 PM

Tags: attack, hacking, ransom

Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock, with chaos potentially only a tick away. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-442/
Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry

Nov 6, 2025 2:19 PM

Tags: hacker, hacking, malware, russia, ukraine

The Russian state-backed hacking unit Sandworm has been targeting Ukraine’s grain industry with wiper malware amid Moscow’s ongoing efforts to undermine Kyiv’s wartime economy. First seen on therecord.media Jump to article: therecord.media/russia-sandworm-grain-wipers
Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry

Nov 6, 2025 2:19 PM

Tags: hacker, hacking, malware, russia, ukraine

The Russian state-backed hacking unit Sandworm has been targeting Ukraine’s grain industry with wiper malware amid Moscow’s ongoing efforts to undermine Kyiv’s wartime economy. First seen on therecord.media Jump to article: therecord.media/russia-sandworm-grain-wipers
Smashing Security podcast #442: The hack that messed with time, and rogue ransom where negotiators

Nov 6, 2025 2:19 PM

Tags: attack, hacking, ransom

Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock, with chaos potentially only a tick away. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-442/
Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry

Nov 6, 2025 2:19 PM

Tags: hacker, hacking, malware, russia, ukraine

The Russian state-backed hacking unit Sandworm has been targeting Ukraine’s grain industry with wiper malware amid Moscow’s ongoing efforts to undermine Kyiv’s wartime economy. First seen on therecord.media Jump to article: therecord.media/russia-sandworm-grain-wipers