MAESTRO Toolkit Exploiting VMware VM Escape Vulnerabilities

Cybersecurity researchers from Huntress detail a major VM Escape attack where hackers took over host servers. Using a secret toolkit called MAESTRO, the attackers stayed hidden for over a year. Read the exclusive details on how this breach was stopped and how to protect your network...

Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records

A hacker claims to be selling nearly 40 million Condé Nast user records after leaking Wired.com data, with multiple major brands allegedly affected...

$15 Billion Pig Butchering Scam Boss Chen Zhi Extradited to China

Billionaire Chen Zhi and associates Xu Ji Liang and Shao Ji Hui have been extradited to China. This exclusive report details the collapse of the Prince Group's global scam network, the seizure of $15 billion in Bitcoin, and the forced labour camps behind the billion-dollar pig butchering fraud...

Astaroth Banking Trojan Targets Brazilians via WhatsApp Messages

Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials...

n8n Users Urged to Patch CVSS 10.0 Full System Takeover Vulnerability

A critical vulnerability CVE-2026-21877 found by Upwind affects n8n automation tools. Learn why researchers are urging users to update to version 1.121.3 immediately to prevent remote code execution...

US Man Jailed After FBI Traced 1,100 IP Addresses in Cyberstalking Case

A 25-year-old Bigfork, Montana man, Jeremiah Daniel Starr, used over 50 phone numbers and a VPN to harass a victim he called his "best friend," even staging a fake shooting. Learn more about the FBI investigation that traced 1,100 IP addresses to bring him to justice...

Discord Controlled NodeCordRAT Steals Chrome Data via NPM Packages

Zscaler ThreatLabz identifies three malicious NPM packages mimicking Bitcoin libraries. The NodeCordRAT virus uses Discord commands to exfiltrate MetaMask data and Chrome passwords...

Fake ChatGPT and DeepSeek Extensions Spied on Over 1 Million Chrome Users

Security researchers have identified two malicious Chrome extensions recording AI chats. Learn how to identify and remove these tools to protect your privacy...

pcTattletale Founder Bryan Fleming Pleads Guilty in Federal Stalkerware Case

Bryan Fleming, founder of pcTattletale, pleads guilty in a landmark federal spying case. Read how an undercover HSI sting and a data breach ended a decade of illegal stalkerware sales...

Lone Hacker Used Infostealers to Access Data at 50 Global Companies

A Hudson Rock report reveals how an Iranian hacker named Zestix breached 50 global companies, including Iberia Airlines and Pickett & Associates, by using stolen passwords and a lack of MFA...

Why Legitimate Bot Traffic Is a Growing Security Blind Spot

Security teams have spent years improving their ability to detect and block malicious bots. That effort remains critical.…...

Major Data Breach Hits Company Operating 150 Gas Stations in the US

Texas based Gulshan Management Services, operator of Handi Plus and Handi Stop gas stations, reports a data breach impacting over 377,000 people...

Millions of Android Powered TVs and Streaming Devices Infected by Kimwolf Botnet

Synthient discovers over 2 million Android TV boxes and smart TVs hijacked by the Kimwolf botnet. Learn how hackers are using home devices to launch DDoS attacks and how you can protect your home network...

Bitfinex Hack Mastermind Behind $10 Billion Theft Gets Early Release

Ilya Lichtenstein, the man behind the massive 2016 Bitfinex Bitcoin theft, has been released early from prison. Read how the First Step Act and a trail of Walmart gift cards led to this major update in one of the world's largest crypto thefts...

Ledger Confirms Global-e Breach, Warns Users of Phishing Attempts

Ledger confirms data breach via Global-e partner. Customer info exposed, phishing attacks active. No passwords or crypto recovery phrases leaked...

How to Avoid Phishing Incidents in 2026: A CISO Guide

Phishing in 2026 is harder to detect and verify. Learn how CISOs can speed up investigations, reduce noise, and respond with confidence...

New VVS Stealer Malware Targets Discord Users via Fake System Errors

Palo Alto Networks’ new report reveals VVS Stealer uses Discord Injection and fake error messages to steal tokens and MFA codes. Protect your account from this new Python-based threat...

Connex IT Partners with AccuKnox for Zero Trust CNAPP Security in Southeast Asia

Menlo Park, India, 6th January 2026, CyberNewsWire...

Researchers Warn of Data Exposure Risks in Claude Chrome Extension

Security experts at Zenity Labs warn that Anthropic’s new agentic browser extension, Claude in Chrome, could bypass traditional web security, exposing private data and login tokens to potential hijackers...

NordVPN Denies Breach After Hacker Claims Access to Salesforce Dev Data

A hacker using the alias 1011 has claimed to breach a NordVPN development server, posting what appears to…...

How To Build Ransomware-Resilient AI Data Pipelines: A Practical Guide for Modern Enterprises

Modern enterprises depend on AI data pipelines for analytics and automated decision-making. As these pipelines become more integrated…...

Disney Fined $10M for Violating Children’s Privacy Laws on YouTube

Disney agrees to a $10M settlement with the DOJ and FTC over YouTube privacy violations. Learn how the COPPA ruling affects kids' data and Disney's new rules...

Researcher Wipes White Supremacist Dating Sites, Leaks Data on okstupid.lol

Security researcher in "Martha Root" in Pink Power Ranger deletes white supremacist dating sites live onstage, leaks 8,000 profiles and 100GB of data at Chaos Communication Congress CCC 2025...

Finnish Authorities Detain Crew After Undersea Internet Cable Severed

After a sudden internet cable break between Finland and Estonia, authorities have seized the cargo ship Fitburg. With two crew members arrested and sanctioned steel found on board, investigators are now probing if this was an accident or a deliberate act of hybrid warfare...

Resecurity Says ShinyHunters Fell for Honeypot After Breach Claim

Resecurity denies breach claims by ShinyHunters, says attackers accessed a honeypot with fake data. No real systems or customer info were compromised...

ShinyHunters Claim Breach of US Cybersecurity Firm Resecurity (Updated)

Editor’s Note Updated: This article has been edited to reflect clarifications provided by Resecurity, including the company’s December…...

RondoDox Botnet is Using React2Shell to Hijack Thousands of Unpatched Devices

RondoDox hackers exploit the React2Shell flaw in Next.js to target 90,000+ devices, including routers, smart cameras, and small business websites...

Protecting Your Digital Wallet: What You Need to Know About Fintech Security

The world of finance has undergone a remarkable transformation with the rise of digital wallets and financial technology…...

Tokyo FM Data Breach: Hacker Claims Over 3 Million Records Stolen

Tokyo FM is investigating claims of a massive data breach involving 3 million records. Learn what information was allegedly taken and how you can stay safe...

How Webflow Helps Companies Move Faster Without Sacrificing Brand Control

Conventional development frequently results in a trade-off between speed and brand consistency, which harms reputation by causing delays…...

Hacker Claims European Space Agency Breach, Selling 200GB of Data

This article has been updated with a tweet from the agency acknowledging that it is investigating these claims.…...

Everest Ransomware Leaks 1TB of Stolen ASUS Data

On December 2, 2025, Hackread.com exclusively reported that the Everest ransomware group claimed to have stolen 1TB of…...

2 US Cybersecurity Experts Guilty of Extortion Scheme for ALPHV Ransomware

Can you trust your cybersecurity team? A recent federal case reveals how two US-based cybersecurity experts turned into affiliates for the BlackCat ransomware group, extorting over $1.2M in Bitcoin. Read the full story on their 2023 crime spree...

30,000 Korean Air Employee Records Stolen as Cl0p Leaks Data Online

Korean Air confirms a major data leak affecting 30,000 staff members after the Cl0p gang targeted a catering partner. Learn what data was stolen and the airline’s response to secure its data...

HoneyMyte (aka Mustang Panda) Deploys ToneShell Backdoor in New Attacks

HoneyMyte Mustang Panda is back with a new ToneShell backdoor. Read how this stealthy attack blinds Microsoft Defender to target government entities in Asia...

EmEditor Homepage Download Button Served Malware for 4 Days

Warning for EmEditor users: A third-party breach tampered with the official download link between Dec 19–22, 2025. Learn how to identify the fake installer and protect your data from infostealer malware...

New Google-Themed Phishing Wave Hits Over 3,000 Global Organisations

Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report...

How to Spot the Most Common Crypto Phishing Scams

Crypto phishing scams surged 83% in 2025, targeting wallets with fake sites, approval tricks, and poisoned addresses. One click can drain your funds...

Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players

Over 87,000 MongoDB instances are at risk from a critical memory leak called MongoBleed. Following the chaos at Ubisoft, see how this zero-password flaw works and how to protect your data...

Critical 0day flaw Exposes 70k XSpeeder Devices as Vendor Ignores Alert

Researchers reveal CVE-2025-54322, a critical unpatched flaw in XSpeeder networking gear found by AI agents. 70,000 industrial and branch devices are exposed...

When Risk Is Fragmented, Strategy Suffers

Risk fragmentation remains one of the most overlooked barriers to effective business performance. It doesn’t show up all…...

Hacker Leaks 2.3M Wired.com Records, Claims 40M-User Condé Nast Breach

A hacker using the alias "Lovely" has leaked what they claim is the personal data of over 2.3…...

Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data

On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new…...

Popular NPM Package lotusbail Exposed as Trojan Stealing WhatsApp Chats

Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data...

Eurostar Accused Researchers of Blackmail for Reporting AI Chatbot Flaws

Researchers discovered critical flaws in Eurostar’s AI chatbot including prompt injection, HTML injection, guardrail bypass, and unverified chat IDs - Eurostar later accused them of blackmail...

New MacSync Stealer Disguised as Trusted Mac App Hunts Saved Passwords

Jamf security experts have found a new version of MacSync Stealer. Disguised as a zk-call app, it uses official notarization to bypass security and steal your saved passwords...

Ransomware Hits Romanian Water Authority, 1000 Systems Knocked Offline

Romania’s national water authority, Romanian Waters, was hit by a major ransomware attack affecting 1,000 systems but dams remain safe. Learn how authorities are fighting back without paying the ransom...

Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape

Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how "Anna’s Archive" bypassed security, and why experts warn against downloading the leaked files...

Ukrainian National Pleads Guilty in Nefilim Ransomware Conspiracy

Ukrainian man pleads guilty in United States to deploying Nefilim ransomware in global extortion scheme targeting companies across multiple countries...

Frogblight Malware Targets Android Users With Fake Court and Aid Apps

Kaspersky warns of 'Frogblight,' a new Android malware draining bank accounts in Turkiye. Learn how this 'court case' scam steals your data and how to stay safe...