A naukri.com initiative
Hacking News
Securityaffairs
4d
133
Image Credit: Securityaffairs
US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials
- The FBI warns ex-government officials of being targeted with deepfake texts and AI-generated voice messages impersonating senior U.S. officials.
- Threat actors have been using texts and AI voice messages since April 2025 to access personal accounts of officials and their contacts.
- Malicious links are sent to officials posing as messaging platform invites, allowing threat actors to extract data or funds through impersonation.
- To avoid falling for AI-powered scams, officials are advised to verify callers' identities, check for errors in messages, and avoid sharing sensitive information with unknown contacts.
Read Full Article
8 Likes
Securityaffairs
4d
194
Image Credit: Securityaffairs
Shields up US retailers. Scattered Spider threat actors can target them
- Cybercrime group Scattered Spider, known for social engineering and extortion, is now targeting U.S. companies after focusing on UK retailers.
- UNC3944 (Scattered Spider) has hacked numerous organizations, including Twilio, LastPass, DoorDash, and Mailchimp, transitioning from telecoms to ransomware and broader sectors by 2023.
- Threat actors linked to Scattered Spider used DragonForce ransomware to target UK retailers, exploiting the large trove of PII and financial data held by retailers.
- Google experts suggest that UNC3944 targets sectors like Tech, Telecom, Finance, and Retail, focusing on large enterprises in English-speaking countries and beyond by using social engineering tactics for high-impact attacks.
Read Full Article
11 Likes
Hackingblogs
4d
256
Image Credit: Hackingblogs
Metasploit 6.4.64 RCE Privilege Escalation Exploits 2025 And Critical Security Patch
- Metasploit 6.4.64 update brings new RCE exploits, privilege escalation, persistence, and information gathering modules.
- New modules include exploits in Car Rental System, WordPress SureTriggers, WP User Registration & Membership plugin, LINQPad, and POWERCOM UPSMON PRO.
- Post-exploitation capabilities enhanced with 32-bit support for injecting .NET assemblies in Metasploit.
- Key fixes include improvements in WordPress login process, SMB_to_ldap update, Yama ptrace_scope checker, and HTTP logging support for web crawler logs.
Read Full Article
15 Likes
Securityaffairs
4d
305
Image Credit: Securityaffairs
U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog
- U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog.
- Critical vulnerabilities including OS command injection in DrayTek routers and insufficient policy enforcement in Google Chromium were added to the catalog.
- A flaw in SAP NetWeaver allows privileged users to upload malicious content, posing risks to system confidentiality, integrity, and availability.
- Federal agencies are required to fix the vulnerabilities by June 5, 2025, to protect their networks from potential attacks exploiting the identified flaws.
Read Full Article
18 Likes
Securityaffairs
5d
130
Image Credit: Securityaffairs
Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi
- Participants in Pwn2Own Berlin 2025 earned $435,000 by demonstrating zero-day exploits in products like SharePoint, ESXi, VirtualBox, RHEL, and Firefox.
- The total earnings for the competition reached $695,000 after the first day awarded $260,000 for 20 unique zero-days.
- Nguyen Hoang Thach of STARLabs SG used an integer overflow to hack VMware ESXi, earning $150,000 and 15 Master of Pwn points.
- Other significant earnings include Dinh Ho Anh Khoa exploiting Microsoft SharePoint for $100,000 and Edouard Bochin and Tao Yan exploiting Mozilla Firefox for $50,000.
Read Full Article
7 Likes
Securityaffairs
5d
368
Image Credit: Securityaffairs
New botnet HTTPBot targets gaming and tech industries with surgical attacks
- A new botnet named HTTPBot is targeting China’s gaming, tech, and education sectors, as discovered by cybersecurity researchers.
- HTTPBot, a Go-based botnet detected in August 2024, intensified its activities by April 2025, engaging in highly targeted attacks using advanced DDoS tactics.
- The botnet employs various HTTP-based attack methods to conduct precise transactional DDoS attacks on critical interfaces, posing a systemic threat to industries reliant on real-time interaction.
- HTTPBot features 7 built-in DDoS attack methods, evades detection through techniques like Base64 encoding, and specifically targets the Windows platform, making it a significant threat in the cybersecurity landscape.
Read Full Article
22 Likes
Cryptopotato
5d
385
Image Credit: Cryptopotato
Hackers Had Access to Coinbase Customer Data Since January: Report
- Hackers gained unauthorized access to sensitive customer data at Coinbase as early as January, following the recent $400 million breach.
- Attackers bribed foreign-based support staff to obtain names, birth dates, addresses, ID numbers, banking details, and more, which could be used for impersonation and unauthorized access to accounts.
- Coinbase refuted claims of constant access since January but confirmed multiple bribery incidents involving support agents. Less than 1% of monthly users were affected by the breach, with no compromise of login credentials or wallets.
- Coinbase is offering reimbursements to affected users, enhancing security measures, launching a $20 million bounty, and collaborating with authorities to pursue criminal charges against the perpetrators.
Read Full Article
23 Likes
Securityaffairs
5d
291
Image Credit: Securityaffairs
Meta plans to train AI on EU user data from May 27 without consent
- Meta plans to train AI on EU user data from May 27 without explicit consent, facing threats of a lawsuit from privacy group noyb.
- Meta intends to use public data from EU adults for AI training, emphasizing the need to reflect European diversity.
- The company postponed AI model training last year due to data protection concerns raised by Irish regulators.
- Noyb issued a cease-and-desist letter to Meta regarding the use of EU personal data for AI systems without opt-in consent.
- Meta states it does not use private messages and excludes data from EU users under 18 for AI training.
- The Austrian privacy group argues that Meta's AI training practices may violate GDPR by not requiring opt-in consent.
- Meta defends its AI data practices, claiming compliance with European Data Protection Board guidance and Irish privacy regulations.
- Noyb insists on the necessity of opt-in consent for AI training, challenging Meta's reliance on 'legitimate interest' as inadequate.
- Meta faces potential legal risks due to its opt-out approach for AI training, risking injunctions and class action lawsuits.
- Concerns raised include Meta's decision to gather user data for AI without explicit consent and its impact on GDPR compliance.
Read Full Article
17 Likes
TheNewsCrypto
5d
377
US DOJ Charges 12 More in $263M Bitcoin Theft and Laundering Case
- US Department of Justice (DOJ) has charged 12 more individuals in connection with a $263 million Bitcoin theft and money laundering scheme.
- The suspects allegedly used stolen BTC to fund luxurious lifestyles and engage in global fraud activities.
- The group employed various tactics like social engineering, data theft, and burglary to steal funds from victims' crypto wallets.
- The charges include Racketeer Influenced and Corrupt Organizations (RICO) Act violations, wire fraud, and money laundering, with suspects involved in lavish spending on luxury items.
Read Full Article
22 Likes
Securityaffairs
5d
328
Image Credit: Securityaffairs
Google fixed a Chrome vulnerability that could lead to full account takeover
- Google released emergency security updates to fix a Chrome vulnerability (CVE-2025-4664) that could lead to full account takeover.
- The vulnerability, discovered by security researcher Vsevolod Kokorin, allowed for the leaking of cross-origin data via a crafted HTML page.
- Google warned of a public exploit for the high-severity flaw, and patched it in Chrome's Stable Desktop channel with updates in versions 136.0.7103.113 and 136.0.7103.114.
- In March 2025, Google addressed another high-severity vulnerability (CVE-2025-2783) actively exploited in attacks targeting organizations in Russia, related to Mojo on Windows.
Read Full Article
19 Likes
HRKatha
5d
353
Image Credit: HRKatha
Were Coinbase employees responsible for data leak to hacker?
- A hacker has bribed Coinbase Global's contractors or employees outside the US to access confidential customer information and is now demanding a $20 million ransom.
- The hacker bribed customer-support employees to obtain customer data like names, addresses, and government identity pictures to potentially use in scams and extort money from the exchange.
- Coinbase CEO Brian Armstrong revealed the ransom demand on social media and stated that the breach may cost the exchange up to $400 million.
- Coinbase is improving security measures, offering compensation to affected users, and is ready to pay a $20 million reward for information leading to the hacker's apprehension.
Read Full Article
21 Likes
Idownloadblog
6d
181
Image Credit: Idownloadblog
Alfiecg_dev shares details about an updated untethered iOS 14 jailbreak that uses the Trigon exploit
- Security researcher @alfiecg_dev introduces an updated untethered iOS 14 jailbreak using the Trigon exploit.
- The original Trigon exploit had limited support for older devices and firmware due to a kernel panic issue with A11 devices, which has now been resolved.
- The newer version of Trigon now supports A7-A9 and A11 devices, offering increased stability, faster response time, and cleaned up code.
- While the updated Trigon exploit will be released for all arm64 devices in the future, there is no specific timeline provided by @alfiecg_dev yet.
Read Full Article
10 Likes
99Bitcoins
6d
313
Coinbase Hacked: Up to $400M at Risk After Insider Scam
- Coinbase is facing losses between $180 million and $400 million after a targeted insider-driven cyber attack compromised its internal systems.
- Attackers bribed contractors and employees to gain internal access and impersonated Coinbase staff to trick users into handing over crypto.
- Coinbase refused to pay a $20 million ransom, promising to reimburse affected users and investigate the breach.
- The company fired insiders involved in the scam and launched a $20 million bounty fund to track down the attackers.
- The hack emphasizes cybersecurity threats in the crypto industry, showcasing vulnerability to insider manipulation.
- Coinbase's estimated losses include breach costs, user reimbursements, and potential legal consequences.
- Investors reacted with a 4% stock drop after news of the cyber attack.
- Cryptocurrency platforms, including Coinbase, need heightened security measures to combat evolving attack tactics.
- Users are advised by Coinbase to remain vigilant against scams and report suspicious activity promptly.
- The incident serves as a warning for all crypto platforms and users to prioritize security and trust in the sector.
Read Full Article
18 Likes
Securityaffairs
6d
57
Image Credit: Securityaffairs
Nova Scotia Power discloses data breach after March security incident
- Nova Scotia Power confirmed a data breach after a security incident in April where sensitive customer data was stolen.
- In April, Nova Scotia Power and Emera experienced a cyber attack affecting their IT systems without causing power outages.
- The companies shut down affected servers due to unauthorized network access detected on April 25, impacting customer services.
- The data breach involved theft of customer information including names, contact details, account history, driver’s license numbers, and Social Insurance Numbers.
Read Full Article
3 Likes
Medium
6d
164
Image Credit: Medium
The Great Steam “Hack” of 2025
- Headlines blared about '89 Million Steam Accounts Hacked', causing a stir in the gaming community.
- Hackers attempted to sell secret data for $5,000, but the actual 'stolen' data turned out to be expired SMS 2FA codes and unlinked phone numbers.
- Valve dismissed the incident as no breach, clarifying that only outdated codes were involved.
- Ultimately, the hackers did not gain access to valuable information like passwords or credit card details, leaving the gaming world relieved.
Read Full Article
9 Likes
For uninterrupted reading, download the app