OESA-2025-2891 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was found in libvirt. External inactive snapshots for shut-down VMs are...

SUSE CVE-2025-13193

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability...

Authorities Take Down Criminal Encrypted Messaging Platform MATRIX

Another day, another cybercrime operation shut down - this time, Europol has dismantled the MATRIX encrypted messaging service...

CVE-2024-26272

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

Inside the Operation to Bring Down Trump’s Truth Social

The North Atlantic Fellas Organization is trying to shut down Trump’s flailing social media platform before the 2024 election—by shitposting...

OSINT Tool ‘Illicit Services’ Shuts Down Amidst Exploitation Concerns

By Waqas The owner and administrator of the Illicit Services OSINT Tool cites the rise in illegitimate activities and exploitation as reasons for closure. This is a post from HackRead.com Read the original post: OSINT Tool Illicit Services Shuts Down Amidst Exploitation Concerns...

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users' Personal Data

Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. "As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of...

3rd-Party Reddit App Apollo Forced to Shut Down Due to API Charges

By Waqas Apollo app will be shut down on June 30th, 2023. This is a post from HackRead.com Read the original post: 3rd-Party Reddit App Apollo Forced to Shut Down Due to API Charges...

Massive Ad Fraud Scheme Shut Down: 11 Million Phones Targeted

By Waqas The ad fraud was discovered while the researchers were investigating an iOS application that had been heavily impacted by an app spoofing attack. This is a post from HackRead.com Read the original post: Massive Ad Fraud Scheme Shut Down: 11 Million Phones Targeted...

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the Unite...

North Korean IT Workers Are Infiltrating Tech Companies

Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news...

Major ransomware attack cripples largest gas pipeline in the US

By Habiba Rashid A massive ransomware attack on one of the largest gas pipelines in the US, Colonial Pipeline, led it to be shut down on Friday. This is a post from HackRead.com Read the original post: Major ransomware attack cripples largest gas pipeline in the US...

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown

Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name...

InfinityBlack Dismantled After Selling Millions of Credentials

The InfinityBlack hacking group, which is responsible for selling millions of stolen credentials, has been dismantled. Polish and Swiss law-enforcement authorities, supported by Europol, arrested five individuals in Poland believed to be members of InfinityBlack, on April 29. According to Europol...

Man hacks Indian tech support scam call center; leaks CCTV footage

By Sudais Asif The tech support scam call center has now been raided by local police while its entire operation has been shut down. This is a post from HackRead.com Read the original post: Man hacks Indian tech support scam call center; leaks CCTV footage...

3 arrested, 30,000+ piracy sites shut down in global operation IOSX

By Waqas The US National Intellectual Property Rights Coordination Center & Eurojust initiated operation against piracy sites named Operation In Our Sites X IOSX. This is a post from HackRead.com Read the original post: 3 arrested, 30,000+ piracy sites shut down in global operation IOSX...

Improper access control

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...

Crypto tumbler BestMixer.io seized for large-scale money laundering

By Uzair Amir BestMixer.io was among the three largest cryptocurrency mixing services launched in May 2018. Europol in collaboration with the Dutch Fiscal Information and Investigative Service FIOD, Luxembourg has shut down a well-known and one of the world’s leading cryptocurrency tumblers...

Denial of service

A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vend...

CVE-2018-20032

A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemo...