New Salty2FA Phishing Kit Bypasses MFA and Clones Login Pages
A new, sophisticated phishing kit, Salty2FA, is using advanced tactics to bypass MFA and mimic trusted brands. Read…
Hack Read
Republic and Incentiv Partner to Simplify and Reward Web3 Participation
Republic today announced a strategic partnership with Incentiv, an EVM-compatible Layer 1 blockchain designed to make Web3 simple,…
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development.
Aembit Named to Fast Company’s Seventh-Annual List of the 100 Best Workplaces for Innovators
Silver Spring, USA, 9th September 2025, CyberNewsWire
npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…
Zero-Day in Sitecore Exploited to Deploy WEEPSTEEL Malware
Hackers exploit a Sitecore zero-day (CVE-2025-53690) to deploy WEEPSTEEL Malware via ViewState attacks, enabling Remote Code Execution (RCE).
MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access
MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity…
iExec brings TEE-based privacy tools to Arbitrum
Paris, France, 2025 – iExec has announced the deployment of its privacy framework on Arbitrum, enabling the creation…
Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews
North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,…
Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens
Salesloft Drift breach traced to GitHub compromise and stolen OAuth tokens, Mandiant confirms breach contained and Salesforce data targeted.
Critical SAP Vulnerability CVE-2025-42957 Actively Exploited by Hackers
Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your…
GhostAction Attack Steals 3,325 Secrets from GitHub Projects
GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.
Bridgestone Confirms Cyberattack Disrupting North American Plants
Bridgestone confirms a cyberattack that disrupted manufacturing plants. This article details the impact on employees, expert analysis, and…
Chess.com Hit by Limited Data Breach Linked to 3rd-Party File Transfer Tool
Chess.com confirms a limited data breach affecting 4,500 users after a third-party file transfer tool was compromised. No…
Scammers Exploit Grok AI With Video Ad Scam to Push Malware on X
Researchers at Guardio Labs have uncovered a new “Grokking” scam where attackers trick Grok AI into spreading malicious…
Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook
APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection.
Model Namespace Reuse Flaw Hijacks AI Models on Google and Microsoft Platforms
A new security vulnerability called ‘Model Namespace Reuse’ allows attackers to hijack AI models on Google, Microsoft, and…
New Malware Uses Windows Character Map for Cryptomining
Darktrace reports new malware hijacking Windows Character Map for cryptomining, exposing risks of hidden attacks in everyday software…
Sendmarc appoints Rob Bowker as North American Region Lead
Wilmington, United States, 4th September 2025, CyberNewsWire
Scattered Lapsus$ Hunters Demand Google Fire Security Experts or Face Data Leak
Note: The names of both employees have been removed for privacy reasons, following a request from Google. We are now referring to them as Worker 1 and Worker 2.
