ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online. Security is...

Hackers Are Posting the Claude Code Leak With Bonus Malware

Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more...

The Worst Hacks of 2025

From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity incidents of the year...

⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They're going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn't just one major attack, but...

Microsoft Will Finally Kill an Encryption Cipher That Enabled a Decade of Windows Hacks

The weak RC4 for administrative authentication has been a hacker holy grail for decades...

MAL-2025-143430 Malicious code in husky-upgrade-soap-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 601c73ad9ca5a7963e14be01345e21f536a67da6422a2d129b0e73e809c78799 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

The Foundation Modern AppSec Is Still Missing: Code to Cloud, Rebuilt the Right Way

See every risk, from the first line of code to what’s running in production. No resource tagging. No CI/CD hacks. Just automatic, reliable traceability both developers and security teams can act on...

EUVD-2006-2692

Malware in sbrugna...

EUVD-2006-6199

Malware in sbrugna...

A week in security (August 11 – August 17)

Last week on Malwarebytes Labs: Italian hotels breached for tens of thousands of scanned IDs National Public Data returns after massive Social Security Number leak Romance scammers in Ghana charged with more than $100 million in theft Netflix scammers target jobseekers to trick them into handing...

A week in security (July 7 – July 13)

Last week on Malwarebytes Labs: Deepfake criminals impersonate Marco Rubio to uncover government secrets McDonald’s AI bot spills data on job applicants Millions of people spied on by malicious browser extensions in Chrome and Edge No thanks: Google lets its Gemini AI access your apps, including...

CVE-2022-3096

The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...

⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors

What if attackers aren't breaking in—they're already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under...

Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows

Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks...

Under Trump, US Cyberdefense Loses Its Head

Chinese hacks, rampant ransomware, and Donald Trump’s budget cuts all threaten US security. In an exit interview with WIRED, former CISA head Jen Easterly argues for her agency’s survival...

Insights and highlights from DEF CON 32

TL; DR Event Dates : August 8-11, 2024, in Las Vegas. PTP Presentations : Windows Hello : Our Ceri Coburn with Outsider Security's Dirk-Jan Mollema revealed vulnerabilities in biometric authentication. Maritime Security : Paul Brownridge discussed vulnerabilities in maritime systems and...

Vietnamese Group Hacks and Sells Bedroom Camera Footage

By Waqas Cheap Security, Costly Privacy: Vietnamese Group Profits from Hacked Home Cameras by Selling Bedroom Camera Footage- Change Your Passwords Now! This is a post from HackRead.com Read the original post: Vietnamese Group Hacks and Sells Bedroom Camera Footage...

Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

By Waqas November 2023 has emerged as the most devastating year for crypto users and the most lucrative for cybercriminals and malicious hackers, as the majority of crypto hacks occurred during that month. This is a post from HackRead.com Read the original post: Cryptocurrency losses reach $1.75...

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers

The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. "Sinbad has processed millions of dollars' worth of virtual currency from Lazarus Group heists,...

FBI Alert: Silent Ransom Group Utilizes Callback Phishing for Network Hacks

By Deeba Ahmed The culprit behind these callback phishing attacks, known as Silent Ransom Group SRG, is also identified as Luna Moth. This is a post from HackRead.com Read the original post: FBI Alert: Silent Ransom Group Utilizes Callback Phishing for Network Hacks...