Category: HackRead

Major npm Security Incident Exposes Prettier Tooling Packages to Malware After Maintainer Falls for Phishing Scam
21
Jul
2025

Fake npm Website Used to Push Malware via Stolen Token

A phishing campaign targeting JavaScript developers has led to the compromise of several popular npm packages, including eslint-config-prettier. The breach…

Microsoft Confirms Hackers Exploiting SharePoint Flaws, Patch Now
21
Jul
2025

Microsoft Confirms Hackers Exploiting SharePoint Flaws, Patch Now

Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers are already…

New GhostContainer Malware Hits High-Value MS Exchange Servers in Asia
21
Jul
2025

New GhostContainer Malware Hits High-Value MS Exchange Servers in Asia

Cybersecurity researchers at Kaspersky’s research unit SecureList have revealed a new and highly customized malware, dubbed GhostContainer. This sophisticated backdoor…

SquidLoader Malware Campaign Hits Hong Kong Financial Firms
20
Jul
2025

SquidLoader Malware Campaign Hits Hong Kong Financial Firms

Trellix Advanced Research Center has exposed a new wave of highly sophisticated SquidLoader malware actively targeting financial services institutions in…

Chinese Groups Launder $580M in India Using Fake Apps and Mule Accounts
20
Jul
2025

Chinese Groups Launder $580M in India Using Fake Apps and Mule Accounts

CloudSEK’s new report uncovers how Chinese cyber syndicates are laundering over $600 million annually in India. Learn about the shadow…

PoisonSeed Tricking Users Into Bypassing FIDO Keys With QR Codes
18
Jul
2025

PoisonSeed Tricking Users Into Bypassing FIDO Keys With QR Codes

Security researchers at Expel have detailed a new phishing technique that sidesteps the protection offered by physical FIDO (Fast Identity…

Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware
18
Jul
2025

Years Long Linux Cryptominer Spotted Using Legit Sites to Spread Malware

A recent investigation by VulnCheck has exposed a cryptomining campaign that has been running unnoticed for years. The threat actor…

New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
18
Jul
2025

New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers

TeleMessage SGNL, a made-in-Israel clone of the Signal app used by US government agencies and regulated businesses, has been found…

Massive Data Leak at Texas Adoption Agency Exposes 1.1 Million Records
17
Jul
2025

Massive Data Leak at Texas Adoption Agency Exposes 1.1 Million Records

“While scanning the web for exposed databases, cybersecurity researcher Jeremiah Fowler discovered a massive set of unprotected records linked to…

Police Shut Down 100 Servers Tied to Russian NoName057(16), Arrest 2
17
Jul
2025

Police Shut Down 100 Servers Tied to Russian NoName057(16), Arrest 2

In a coordinated operation this week, law enforcement from a dozen countries gathered together in an attempt to dismantle the…

GitHub Abused to Spread Amadey, Lumma and Redline InfoStealers in Ukraine
17
Jul
2025

GitHub Abused to Spread Amadey, Lumma and Redline InfoStealers in Ukraine

A newly identified Malware-as-a-Service (MaaS) operation is using GitHub repositories to spread a mix of infostealer families. This campaign was…

Chinese Salt Typhoon Infiltrated US National Guard Network for Months
17
Jul
2025

Chinese Salt Typhoon Infiltrated US National Guard Network for Months

A sophisticated Chinese APT group, Salt Typhoon, successfully infiltrated the US state’s Army National Guard network for nearly a year,…