AIPAC Discloses Data Breach, Says Hundreds Affected
AIPAC reports data breach after external system access, hundreds affected, investigation ongoing with added security steps.
Hack Read
DoorDash hit by data breach after an employee falls for social engineering scam
Food delivery giant DoorDash confirms a data breach on Oct 25, 2025, where an employee fell for a social engineering scam. User names, emails, and home addresses were stolen.
CISA Warns of Active Attacks on Cisco ASA and Firepower Flaws
CISA issues an urgent directive for all organizations to patch Cisco ASA and Firepower devices against CVE-2025-20362 and CVE-2025-20333, exploited in the ArcaneDoor campaign. Verify the correct version now!
Chinese State Hackers Jailbroke Claude AI Code for Automated Breaches
Anthropic, the developer behind Claude AI, says a Chinese state sponsored group used its model to automate most of a cyber espionage operation against about 30 companies with Claude handling up to 90% of the technical work.
Chinese Tech Firm Leak Reportedly Exposes State Linked Hacking
A massive data leak reportedly at Chinese firm Knownsec (Chuangyu) exposed 12,000 files detailing state-backed 'cyber weapons' and spying on over 20 countries. See the details, including 95GB of stolen Indian immigration data.
How Adversaries Exploit the Blind Spots in Your EASM Strategy
Internet-facing assets like domains, servers, or networked device endpoints are where attackers look first, probing their target’s infrastructure…
Scammers Abuse WhatsApp Screen Sharing to Steal OTPs and Funds
A fast-spreading threat, known as the screen-sharing scam, is using a simple feature on WhatsApp to steal money…
Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers
Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet.
SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk
CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover.
Top 3 Malware Families in Q4: How to Keep Your SOC Ready
Q3 showed sharp growth in malware activity as Lumma AgentTesla and Xworm drove access and data theft forcing SOC teams toward quicker behavior checks
BreachLock and Vanta Bridge the Gap Between Continuous Security Testing and Compliance with New Integration
New York, New York, 13th November 2025, CyberNewsWire
ThreatBook Peer-Recognized as a Strong Performer in the 2025 Gartner® Peer Insights™ Voice of the Customer for Network Detection and Response — for the Third Consecutive Year
Singapore, Singapore, 13th November 2025, CyberNewsWire
Mindgard Finds Sora 2 Vulnerability Leaking Hidden System Prompt via Audio
AI security firm Mindgard discovered a flaw in OpenAI’s Sora 2 model, forcing the video generator to leak…
DarkComet Spyware Resurfaces Disguised as Fake Bitcoin Wallet
Old DarkComet RAT spyware is back, hiding inside fake Bitcoin wallets and trading apps to steal credentials via keylogging.
Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack
North Korea-linked KONNI hackers used KakaoTalk and Google Find Hub to spy on victims and remotely wipe Android devices in a targeted phishing campaign.
@facebookmail.com Invites Exploited to Phish Facebook Business Users
If you manage Facebook advertising for a small or medium-sized business, open your inbox with suspicion, because attackers…
8 Recommended Account Takeover Security Providers
In 2025, account takeover (ATO) attacks are a significant – and growing – cybersecurity threat, especially in the…
Cl0p Ransomware Lists NHS UK as Victim, Days After Washington Post Breach
Cl0p ransomware lists NHS UK as a victim days after The Washington Post confirms a major Oracle E-Business breach linked to CVE-2025-61882.
Have I Been Pwned Adds 1.96B Accounts From Synthient Credential Data
Have I Been Pwned (HIBP), the popular breach notification service, has added another massive dataset to its platform.…
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)
Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation's code.
