Cybersecurity researchers have brought to light a new wave of cyberespionage activity in which government networks across parts of Asia were quietly compromised using an upgraded version of the ToneShell backdoor. What sets this campaign apart is the method…
Self-Propagating GlassWorm Weaponizing VS Code Extensions to Attack macOS Users
A new wave of GlassWorm malware has emerged, marking a significant shift in targeting strategy from Windows to macOS systems. This self-propagating worm, distributed through malicious VS Code extensions on the Open VSX marketplace, has already accumulated over 50,000 downloads.…
Malicious Manipulation of LLMs for Scalable Vulnerability Exploitation
A groundbreaking study from researchers at the University of Luxembourg reveals a critical security paradigm shift: large language models (LLMs) are being weaponized to automatically generate functional exploits from public vulnerability disclosures, effectively transforming novice attackers into capable threat actors.…
DarkSpectre Malware Campaign Hits Chrome, Edge, and Firefox Users
A sophisticated Chinese threat actor dubbed DarkSpectre has compromised 8.8 million users across Chrome, Edge, and Firefox through three distinct malware campaigns that have operated undetected for over seven years, researchers revealed today. The operation represents one of the most…
NeuroSploit v2 Launches as AI-Powered Penetration Testing Framework
NeuroSploit v2 is an advanced AI-powered penetration testing framework designed to automate and enhance offensive security operations. Leveraging cutting-edge large language model (LLM) technology, the framework brings automation to vulnerability assessment, threat simulation, and security analysis workflows. NeuroSploit v2 represents…
New Cybercrime Tool “ErrTraffic” Enables Automated ClickFix Attacks
The cybercriminal underground has entered a new phase of industrialization. Hudson Rock researchers have uncovered ErrTraffic v2, a sophisticated ClickFix-as-a-Service platform that commoditizes deceptive social engineering at an unprecedented scale. Priced at just $800 and advertised on top-tier Russian cybercrime…
GlassWorm Malware Turns VS Code Extensions into an Attack Vector Against macOS
GlassWorm has returned with a dangerous new evolution. The notorious self-propagating malware, which first surfaced in October as an invisible Unicode-based threat in VS Code extensions, has completed a significant platform pivot to macOS with 50,000 downloads and a fully…
Security and Governance Patterns for Your Conversational AI
How many times have we heard people talk about the “dream of a SOC copilot?” A copilot woåuld allow an analyst to type something like, “Show me all the SSH login attempts for 10.0.0.5 over the last hour and compare…
Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million…
IT Security News Hourly Summary 2025-12-31 18h : 5 posts
5 posts were published in the last hour 17:2 : Everest Ransomware Leaks 1TB of Stolen ASUS Data 17:2 : ESA disclosed a data breach, hackers breached external servers 17:2 : European Space Agency hit again as cybercrims claim 200…
Everest Ransomware Leaks 1TB of Stolen ASUS Data
On December 2, 2025, Hackread.com exclusively reported that the Everest ransomware group claimed to have stolen 1TB of… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: Everest Ransomware Leaks…
ESA disclosed a data breach, hackers breached external servers
ESA confirmed a data breach after a hacker offered to sell stolen data, confirming that external science servers were compromised. The European Space Agency (ESA) disclosed a data breach after a threat actor offered to sell data allegedly stolen from…
European Space Agency hit again as cybercrims claim 200 GB data up for sale
As in past incidents, ESA says the impact was limited to external systems The European Space Agency has suffered yet another security incident and, in keeping with past practice, says the impact is limited. Meanwhile, miscreants boast that they’ve made…
Avoid BigQuery SQL Injection in Go With saferbq
You can build dynamic queries in BigQuery using the Go SDK. When building applications that allow users to select tables or datasets dynamically, you need to include those identifiers in your SQL queries. I was surprised to find that the…
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed…
CVE-2025-14847: All You Need to Know About MongoBleed
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: CVE-2025-14847: All You Need to Know About MongoBleed
DarkSpectre Hackers Infected 8.8 Million Chrome, Edge, and Firefox Users with Malware
Researchers have uncovered DarkSpectre, a well-funded Chinese threat actor responsible for infecting over 8.8 million users across Chrome, Edge, and Firefox browsers through a series of highly coordinated malware campaigns spanning seven years. The discovery reveals a level of operational…
New Cybercrime Tool ErrTraffic Let Attackers Automate ClickFix Attacks
A dangerous cybercrime tool known as ErrTraffic has appeared in underground forums, making it easier for attackers to trick users into running harmful software on their devices. The tool automates what security experts call ClickFix attacks, where fake error messages…
Best of 2025: News alert: SquareX research finds browser AI agents are proving riskier than human employees
Palo Alto, Calif., Jun. 30, 2025, CyberNewswire–Every security practitioner knows that employees are the weakest link in an organization, but this is no longer the case. SquareX’s research reveals that Browser AI Agents are more likely to fall prey to…
Holiday Scams Surge: How to Protect Yourself This Season
Scammers intensify their efforts during the holiday season, exploiting the rush, stress, and increased spending that characterize this time of year. The Federal Bureau of Investigation warns that fraud schemes spike significantly as criminals deploy sophisticated tactics—including AI-generated offers…
Trust Wallet Reports 2596 Wallets Drained
Trust Wallet is a decentralized application used by over 200 million people to manage various digital assets like Bitcoin and Ethereum. This article has been indexed from CyberMaterial Read the original article: Trust Wallet Reports 2596 Wallets Drained
Sax Accounting Data Breach Affects 220,000
Sax, a prominent United States accounting firm, has confirmed a data breach affecting more than 220,000 individuals following an investigation that lasted over a year. This article has been indexed from CyberMaterial Read the original article: Sax Accounting Data Breach…
US Cybersecurity Experts Plead Guilty
Two former cybersecurity professionals from the firms Sygnia and DigitalMint have admitted to conducting ransomware attacks against several American companies using the BlackCat platform. Ryan Clifford Goldberg and Kevin Tyler Martin pleaded guilty to extortion charges and face up to…