Hacking News

DPRK hackers stole $2B in cryptocurrency in 2025 alone. Understanding Lazarus Group's operations helps defend against state-sponsored financial theft.

Qilin has hit 1,000+ victims. Everest targets critical infrastructure. Here's what security teams need to know about today's most active ransomware operations.

From VS Code extensions to automation platforms, attackers are targeting the tools developers trust. Here's what security teams need to know.

Two rogue browser extensions masquerading as AI tools exfiltrated complete conversation histories from ChatGPT and DeepSeek to attacker-controlled servers every 30 minutes.

CVE-2025-68428 enables path traversal in the popular JavaScript PDF library, allowing attackers to read arbitrary files from Node.js servers and exfiltrate them via generated documents.

Tenants using default settings will get automatic protection against weaponizable file types and malicious URLs. Administrators who want to opt out must act before the rollout.

Pickett USA breach exposes LiDAR scans, transmission line surveys, and substation layouts for Tampa Electric, Duke Energy Florida, and American Electric Power. Asking price: 6.5 BTC.

January 7 KEV update includes CVE-2009-0556 from 2009 alongside recently patched HPE OneView vulnerability. Both are seeing active exploitation.

CVE-2026-21858 scores CVSS 10.0 and requires no credentials to exploit. Attackers can read files, forge admin sessions, and execute commands.

Newly disclosed threat actor compromises telecom providers in South Asia and Southeastern Europe, establishing relay infrastructure for other Chinese APT groups.

Consumer credit provider 700Credit suffers massive data breach affecting auto loan applicants nationwide, with millions of Social Security numbers potentially compromised through dealership credit checks.

Threat actor '1011' posted alleged data from the semiconductor equipment giant to a Russian cybercrime forum. Security researchers are verifying the files.

System enhancement gone wrong allowed members to view other members' names, diagnoses, and medications. The insurer is offering affected individuals credit monitoring.

A threat actor called RedTeam is selling a $1,500 credential-stuffing tool with built-in scanning, proxy rotation, and multi-protocol support aimed at enterprise VPN infrastructure.

CVE-2026-0628 allowed malicious extensions to inject scripts into privileged pages through insufficient policy enforcement. Update to Chrome 143.0.7499.192.

CVE-2026-0625 allows unauthenticated remote code execution on legacy DSL routers. Affected models reached end-of-life in 2020 and won't receive fixes.

Russian ransomware group Clop claims responsibility for breach at Dartmouth College, posting stolen data on dark web and affecting more than 40,000 individuals including students, staff, and alumni.

Russian ransomware gang exploited CVE-2025-61882 to steal SSNs and financial data from the college. The same vulnerability hit Harvard, UPenn, and 100+ organizations.

Google patches CVE-2026-0628 in first 2026 update. The high-severity bug affects billions of users across Chrome and Android applications.

North Korean APT-Q-1 now combines fraudulent cryptocurrency job postings with ClickFix social engineering to deploy GolangGhost backdoor and BeaverTail stealer.

Threat actors spoof organization domains by abusing complex mail routing and weak DMARC policies. Microsoft blocked 13 million malicious emails in October alone.

The Russian-linked gang led all ransomware groups on January 6 with attacks spanning wine distributors, art logistics, and medical practices across three countries.

Cybersecurity firm Resecurity reveals that hackers claiming to have breached their systems only accessed a deliberately deployed honeypot containing fake data designed to monitor threat actor activity.

New Government Cyber Action Plan creates centralized security unit, dedicated cyber profession, and mandatory requirements for all departments. Legacy systems get top priority.

Apple issues emergency patches for two WebKit zero-day vulnerabilities being actively exploited in sophisticated attacks linked to NSO Group's Pegasus spyware.

US fiber broadband provider Brightspeed confirms investigation into cyberattack claims by emerging threat group Crimson Collective, which alleges exfiltration of over one million customer records.

First macOS-focused wave of GlassWorm malware discovered on Open VSX marketplace, stealing cryptocurrency wallets, Keychain passwords, and developer credentials through trojanized extensions.

Cryptocurrency hardware wallet maker Ledger confirms customer data exposed after third-party payment processor Global-e suffers cloud system breach.

Microsoft and CrowdStrike warn of intensified Silk Typhoon operations targeting US government agencies and IT supply chains, with 150% increase in China-linked intrusions.

Aurora College in Canada's Northwest Territories cancels all classes January 5-9 after cyber attack over Christmas break takes down servers, email, and e-learning systems.

GreyNoise researchers uncover coordinated campaign exploiting 767 CVEs across 47 technology stacks. Hong Kong-based infrastructure generated 98% of attack traffic on Christmas Day.

Hudson Rock research reveals 220 legitimate business websites hijacked for ClickFix malware attacks after admin credentials were stolen by infostealers.

New Year's Eve attack on Sedgwick Government Solutions compromises file transfer system serving DHS, CISA, and ICE. TridentLocker claims 3.4GB of stolen data.

CACI wins task order to modernize classified and unclassified networks at all 14 U.S. Space Force bases, implementing zero trust architecture and cloud capabilities.

CVE-2025-14346 allows attackers within Bluetooth range to fully control electric wheelchairs without authentication, earning a CVSS 9.8 severity score.

Popular text editor's download page was hijacked for four days in December, serving trojanized installers that steal browser credentials and crypto wallets.

Two crew members detained after cargo vessel's anchor allegedly severed Finland-Estonia telecommunications cable in suspected hybrid warfare operation.

Nine-month-old botnet campaign pivots to exploit CVE-2025-55182 in Next.js, deploying cryptominers and Mirai variants across exposed instances.

After ASUS missed ransom deadline, Everest releases complete data trove including ROG source code, Qualcomm SDKs, and ArcSoft files on cybercrime forums.

Attackers abuse Google Cloud Application Integration to send phishing emails that bypass SPF, DKIM, and DMARC, targeting 3,200 organizations globally.

Configuration error left addresses, case numbers, and demographic data publicly accessible on mapping website from January 2022 until September 2025.

ManageMyHealth confirms Kazu ransomware gang compromised Health Documents module, threatening to leak 108GB of medical records unless $60,000 ransom is paid.

Investigation reveals Qilin ransomware attack in May 2025 was far larger than initially reported. The gang has already leaked 850GB of stolen data.

The self-propagating VS Code extension worm now replaces Ledger Live and Trezor Suite with trojanized versions. Russian-speaking operators behind campaign.

CVE-2025-69194 is a path traversal bug in Metalink handling that could let remote attackers write arbitrary files. CVSS 8.8.