Hack Read

A hacker using the alias “Lovely” has leaked what they claim is the personal data of over 2.3…

On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new…

Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data.

Researchers discovered critical flaws in Eurostar’s AI chatbot including prompt injection, HTML injection, guardrail bypass, and unverified chat IDs - Eurostar later accused them of blackmail.

Jamf security experts have found a new version of MacSync Stealer. Disguised as a zk-call app, it uses official notarization to bypass security and steal your saved passwords.

Romania’s national water authority, Romanian Waters, was hit by a major ransomware attack affecting 1,000 systems but dams remain safe. Learn how authorities are fighting back without paying the ransom.

Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how "Anna’s Archive" bypassed security, and why experts warn against downloading the leaked files.

Ukrainian man pleads guilty in United States to deploying Nefilim ransomware in global extortion scheme targeting companies across multiple countries.

Kaspersky warns of 'Frogblight,' a new Android malware draining bank accounts in Turkiye. Learn how this 'court case' scam steals your data and how to stay safe.

Cybersecurity firm Ontinue reveals how the open-source tool Nezha is being used as a Remote Access Trojan (RAT) to bypass security and control servers globally.

There’s a new era for training and development programs, making the LMS (Learning Management System) cloud model the…

A new report from Check Point Research reveals a growing trend of cyber criminals recruiting employees at banks, telecoms, and tech giants. Learn how hackers use the darknet and Telegram to offer payouts up to $15,000 for internal access to companies like Apple, Coinbase, and the Federal Reserve.

Learn how DevOps and DevSecOps strengthen cybersecurity through automation, CI/CD, and secure DevOps development services.

US authorities have charged Zahid Hasan with running TechTreek, a $2.9 million online marketplace selling fake ID templates. The investigation, involving the FBI and Bangladesh police, uncovered a global scheme selling fraudulent passports and social security cards to over 1,400 customers.

Amazon Security Chief explains how a subtle keyboard delay exposed a North Korean impostor. Read about the laptop farm scheme and how 110 milliseconds of lag ended a major corporate infiltration.

Torrance, United States / California, 19th December 2025, CyberNewsWire

Pillar Security has identified a critical indirect prompt injection vulnerability in Docker’s ‘Ask Gordon’ assistant. By poisoning metadata on Docker Hub, attackers could bypass security to exfiltrate private build logs and chat history. Discover how the "lethal trifecta" enabled this attack and why updating to Docker Desktop 4.50.0 is essential for developer security.

Crypto’s public image lagged reality. Stablecoins, tokenization, and regulation now power a blockchain backend settling global finance at institutional scale.

Cary, North Carolina, USA, 18th December 2025, CyberNewsWire

North Korea’s Lazarus Group deploys a new BeaverTail variant to steal credentials and crypto using fake job lures, dev tools, and smart contracts.