A new supply chain attack targeting budget Android smartphones has been uncovered, involving pre-installed, trojanized versions of WhatsApp and Telegram designed to hijack cryptocurrency transactions. According to cybersecurity researchers at Russian antivirus firm Doctor Web, the campaign—active since June 2024—involves Chinese-manufactured Android devices shipped with malicious apps disguised as popular messengers, containing crypto-clipping malware to […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security vulnerability affecting SonicWall Secure Mobile Access (SMA) 100 Series devices to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, tracked as CVE-2021-20035 and carrying a CVSS score of 7.2, is a high-severity command injection vulnerability. It allows remote, […]
Browser extensions have become an integral part of employees’ daily workflows—ranging from spell checkers to AI productivity tools. However, a new report from LayerX highlights a growing blind spot in enterprise security: the vast majority of these extensions come with excessive permissions that could expose sensitive organizational data. Released today, the Enterprise Browser Extension Security […]
Google announced on Wednesday that it took significant action against harmful advertising in 2024, suspending more than 39.2 million advertiser accounts, with most being proactively identified and blocked before malicious ads could reach users. In total, the company reported that it blocked 5.1 billion bad ads, placed restrictions on 9.1 billion ads, and either blocked […]
Cybersecurity experts have identified four new privilege escalation vulnerabilities within the Windows Task Scheduler that could enable local attackers to gain elevated privileges and erase system logs, effectively concealing traces of malicious activity. The vulnerabilities are associated with a system utility called “schtasks.exe”, a command-line tool that allows administrators to manage scheduled tasks on both […]
The Google Play Store, the primary hub for Android app downloads, has once again become a playground for cybercriminals. Despite Google’s ongoing security efforts, malicious apps continue to infiltrate the platform by evolving their tactics to bypass detection. A recent report from Bitdefender, shared with Hackread.com, has identified a large-scale fraud campaign involving at least […]
A newly revealed Windows vulnerability has been exploited by at least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China since 2017, according to security researchers at Trend Micro’s Zero Day Initiative (ZDI). Despite the widespread exploitation, Microsoft decided in late September that the flaw “does not meet the bar for servicing,” choosing […]
Issues Persist Into Monday, Causing Frustration for Users Microsoft has attributed this past weekend’s widespread Outlook outage to a “problematic code change,” leaving thousands of users unable to access their email accounts. The disruption began around 2100 UTC on Saturday, with more than 30,000 users reporting issues via DownDetector. While Microsoft claims services have since […]
Hackers Leverage Privilege Escalation Flaw in Paragon Partition Manager A zero-day vulnerability in a Microsoft-signed driver from Paragon Software is being actively exploited in ransomware attacks, according to a recent security advisory from CERT Coordination Center (CERT/CC). Researchers discovered five vulnerabilities in the BioNTdrv.sys driver used by Paragon Partition Manager, a tool designed to optimize […]
Attackers Use Typosquatting to Target Developers, Particularly in Finance Cybersecurity researchers have uncovered an ongoing supply chain attack targeting the Go ecosystem, where typosquatted modules are being used to distribute loader malware on Linux and macOS systems. According to Kirill Boychenko, a researcher at Socket, at least seven malicious Go packages have been identified, with […]