The Rise of Ghost APIs
Key Takeaways Ghost APIs are deprecated endpoints that remain live and accessible; policy says dead, reality says otherwise. Unlike Shadow APIs (unknown to the org),…
Category: HackRead
OpenAI Rotates macOS Certificates Following Axios Supply Chain Breach
OpenAI has rotated the code-signing certificates for its Mac applications after a supply chain attack compromised a software library called Axios. The issue was detected…
BITTER APT Uses Signal, Google, and Zoom Lures to Spread ProSpy Spyware
An ongoing spying operation has been discovered, specifically targeting journalists and opposition politicians across the Middle East. Researchers from the digital rights group Access Now…
OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures
Open Source Security Foundation (OpenSSF), a group of open source software security specialists, is warning about a new phishing scam where hackers are targeting software…
FBI Atlanta and Indonesian National Police Take Down W3LLSTORE Phishing Market
The FBI Atlanta Field Office and the Indonesian National Police have taken down a global phishing operation tied to more than $20 million in attempted…
Hacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records
A single hacker recently managed to compromise nine different Mexican government agencies by exploiting two popular AI platforms. This finding comes from the research firm Gambit…
FBI Recovers Deleted Signal Messages Through iPhone Notifications
The FBI successfully recovered private Signal messages from a defendant’s iPhone even after the app was deleted. Learn how this security loophole works and the…
Google Chrome Update Disrupts Infostealer Cookie Theft
Google has launched a new security feature for Chrome on Windows to prevent session theft by hackers. This update, called Device Bound Session Credentials (DBSC),…
ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot
Rockstar Games is back in the news, not over Grand Theft Auto VI delays, but because the ShinyHunters hacking group claims it accessed the company’s…
Android Banking Trojan Linked to Cambodia Scam Compounds Hits 21 Countries
A new report from Infoblox Threat Intel connects two issues that are often discussed separately but rarely proven to be linked. The company says it…
Lazarus Hackers Register Real US LLCs to Spread Malware
Cybersecurity researchers at ReversingLabs have found a new scam targeting blockchain developers with fake job offers. Their research, shared with Hackread.com, reveals that hackers are…
UNC6783 Hackers Use Fake Okta Pages in Corporate Breach Campaign
Cybersecurity experts at Google Threat Intelligence Group (GTIG) have issued a warning about a new group of hackers, known as UNC6783, who are trying to…