UK Software Firm Exposed 1.1TB of Healthcare Worker Records
8M UK healthcare worker records, including IDs and financial data, exposed due to a misconfigured staff management database from UK-based software firm Logezy. Cybersecurity researcher…
Category: HackRead
New “Slopsquatting” Threat Emerges from AI-Generated Code Hallucinations
AI code tools often hallucinate fake packages, creating a new threat called slopsquatting that attackers can exploit in public code repositories, a new study finds.…
Incomplete Patch Leaves NVIDIA and Docker Users at Risk
Trend Micro found major flaws in the NVIDIA Container Toolkit and Docker, risking container escapes, DoS attacks and AI infrastructure. Users should audit setups and…
Pre-Installed Malware on Cheap Android Phones Steals Crypto via Fake WhatsApp
A new wave of smartphone-based attacks is draining crypto wallets without victims ever realizing it. According to researchers at Doctor Web, a surge in malware-laced…
Fortinet Issues Fixes After Attackers Bypass Patches to Maintain Access
Hackers exploit Fortinet flaws to plant stealth backdoors on FortiGate devices, maintaining access even after patches. Update to secure versions now. Cybersecurity researchers at Fortinet…
Data Breach at Planned Parenthood Lab Partner Exposes Info of 1.6M
Data breach at Laboratory Services Cooperative (LSC) exposed the sensitive health and personal information of 1.6 million individuals linked to select Planned Parenthood centers. Learn…
Reducing Risks in Cloud Applications
As organizations increasingly rely on SaaS applications to run their operations, securing them has become a necessity. Without strong protection, sensitive data, user access, and…
Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing
Russian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance, defense, healthcare. Cybersecurity researchers at SOCRadar have…
BentoML Vulnerability Allows Remote Code Execution on AI Servers
TL;DR: A critical deserialization vulnerability (CVSS 9.8 – CVE-2025-27520) in BentoML (v1.3.8–1.4.2) lets attackers execute remote code without authentication. Discovered by Checkmarx Zero. Upgrade to…
npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers
TL;DR – ReversingLabs has identified a malicious npm package, “pdf-to-office,” that targets Atomic and Exodus crypto wallet users by silently patching local software to hijack…
Google Eyes User Browsing Data Search in New Patent Filing
TL;DR – Google has filed a patent for a system that lets users search their personal digital history, including web activity and emails, using natural…
Protecting Your Business on the Move: A Modern Cybersecurity Guide
Stay secure on the move. Protect your devices, data, and privacy with smart habits, reliable gear, updated software and proper cybersecurity knowledge wherever you work.…