npm Packages With 2 Billion Weekly Downloads Hacked in Major Attack
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked to hijack crypto wallets via injected code.…
Category: HackRead
Zero-Day in Sitecore Exploited to Deploy WEEPSTEEL Malware
A critical zero-day vulnerability (CVE-2025-53690) is being actively exploited in Sitecore. This flaw, originating from old, insecure keys, allows hackers to achieve Remote Code Execution…
MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access
MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity researchers at FortiGuard Labs have identified a…
iExec Becomes First Privacy Tools Provider for Arbitrum Ecosystem Builders
Paris, France, 2025 – iExec has announced the deployment of its privacy framework on Arbitrum, enabling the creation of powerful applications enhanced with confidential computing…
Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews
North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data, and fund the regime’s programs. A recent…
Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens
Heard about the recent data breaches where attackers used the Salesloft Drift application to access Salesforce data? There’s now a major update. The company has…
Critical SAP Vulnerability CVE-2025-42957 Actively Exploited by Hackers
Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your system. Find out if your SAP S/4HANA…
GhostAction Attack Steals 3,325 Secrets from GitHub Projects
On September 2, 2025, a GitHub user known as Grommash9 committed a new workflow file to the FastUUID project. The file, labelled “Github Actions Security,”…
GhostAction Attack Steals 3,325 Secrets from GitHub Projects
On September 2, 2025, a GitHub user known as Grommash9 committed a new workflow file to the FastUUID project. The file, labelled “Github Actions Security,”…
Bridgestone Confirms Cyberattack Disrupting North American Plants
Bridgestone confirms a cyberattack that disrupted manufacturing plants. This article details the impact on employees, expert analysis, and a look at the suspected hacking group,…
Chess.com Hit by Limited Data Breach Linked to 3rd-Party File Transfer Tool
Chess.com confirms a limited data breach affecting 4,500 users after a third-party file transfer tool was compromised. No passwords or payments exposed. Chess.com has confirmed…
Scammers Exploit Grok AI With Video Ad Scam to Push Malware on X
Researchers at Guardio Labs have uncovered a new “Grokking” scam where attackers trick Grok AI into spreading malicious links on X. Learn how it works…