Latest Cybersecurity Threats

Real-time threat intelligence from trusted sources

Fake Interpol Investigation Emails Push Ransomware at Small Businesses Globally

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Small businesses are facing a new threat from fake emails that appear to come from Interpol. These emails contain links to Proton Drive, which, when clicked, deliver ransomware to victims' systems. The ransomware encrypts files, effectively locking businesses out of their data. Additionally, the malware directs users to Tox chat, which may facilitate further malicious activity. This incident is particularly concerning as it targets smaller companies that may lack robust cybersecurity measures, making them more vulnerable to such attacks. Businesses need to be vigilant about phishing attempts and ensure they have adequate protections in place.

Impact: Small businesses, Proton Drive users
Remediation: Users should verify the sender's email address before clicking on any links, implement robust email filtering, and ensure regular backups of important data to mitigate ransomware impacts.
Read Original

A WordPress site faced a significant spam attack that flooded its database with malicious accounts. The author utilized a tool named Claude to identify vulnerabilities in their system, while Codex helped write the necessary code to mitigate these issues. In just two days, they implemented a new defense strategy that involved 4,700 lines of code to stop the spam influx. This incident highlights the ongoing challenges many website owners face with spam attacks and the importance of proactive security measures. It serves as a reminder that vulnerabilities can often be exploited if not properly addressed, impacting website performance and user experience.

Impact: WordPress sites
Remediation: Implemented a new defense strategy with 4,700 lines of code
Read Original

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the BlueHammer vulnerability, identified as CVE-2026-33825, is now being exploited in ransomware attacks. This flaw allows attackers to escalate privileges within Microsoft Defender, potentially giving them SYSTEM-level access. Initially, BlueHammer was just a proof-of-concept, but it has now transitioned into a real threat actively being used by cybercriminals. Organizations using Microsoft Defender should be particularly vigilant as this vulnerability poses a significant risk to their security posture. Immediate action is required to mitigate the potential impacts of these ransomware attacks as they become more widespread.

Impact: Microsoft Defender, CVE-2026-33825
Remediation: Organizations should ensure that their Microsoft Defender installations are updated to the latest versions, and they should monitor for any unusual activity that could indicate exploitation of this vulnerability. Implementing strict access controls and regularly reviewing security configurations may also help mitigate risks associated with this flaw.
Read Original

Citrix has announced security patches for its NetScaler product, addressing six vulnerabilities that could pose risks to users. Among these is a severe flaw known as the 'HTTP/2 Bomb', which can lead to system crashes under certain conditions. Additionally, a CitrixBleed-style bug has been identified, which could allow unauthorized information disclosure. Citrix is urging all customers using NetScaler to apply these patches as soon as possible to mitigate potential exploitation. The vulnerabilities underscore the importance of maintaining up-to-date security measures, especially for widely used enterprise solutions like NetScaler.

Impact: Citrix NetScaler products
Remediation: Customers are urged to apply the latest patches provided by Citrix for NetScaler.
Read Original

Anthropic has introduced new security features in its language models, Fable 5 and Mythos 5, aimed at addressing vulnerabilities related to AI jailbreak techniques. These vulnerabilities were significant enough to prompt U.S. export controls. The latest updates include a new classifier that effectively blocks these jailbreak attempts in over 99% of cases. This is crucial because it helps prevent misuse of AI technologies, which could lead to the generation of harmful or misleading content. As AI systems become more integrated into various applications, ensuring their security against exploitation is increasingly important for both developers and users.

Impact: Fable 5, Mythos 5
Remediation: Implementation of the new classifier in Fable 5 and Mythos 5.
Read Original

A recent security incident, dubbed 'BioShocking', involved a website masquerading as a game that tricked AI browsers into revealing sensitive information. Specifically, the AI assistants disclosed the contents of private GitHub files, which could potentially expose proprietary code and private data. This incident raises concerns about the security of AI-driven tools and their ability to handle sensitive information responsibly. Users and organizations relying on AI for coding assistance should be cautious about the data they share and the platforms they interact with. As AI technologies become more integrated into development workflows, understanding their vulnerabilities is crucial for maintaining data privacy.

Impact: GitHub, AI assistants
Remediation: Users should avoid sharing sensitive information with AI tools and regularly review permissions granted to these applications. Additionally, organizations should implement stricter access controls to sensitive data.
Read Original

Kaspersky researchers have identified a large-scale campaign that uses compromised ScreenConnect software to deliver AsyncRAT, a type of remote access Trojan. Attackers are exploiting vulnerabilities in the legitimate ScreenConnect application to drop the malicious payload onto targeted systems. This incident raises concerns for users and organizations that rely on ScreenConnect for remote access, as they may unknowingly become victims of this malware. The report details the infection chain and the command and control (C2) infrastructure used in the attack, emphasizing the need for vigilance in software downloads and updates. Users should ensure they are downloading software from official sources and remain cautious of unsolicited software offers.

Impact: ScreenConnect software, AsyncRAT
Remediation: Users should ensure they download ScreenConnect from official sources and apply any available security updates. Regularly monitor systems for unusual activity.
Read Original

A significant password spray attack has been detected, with hackers executing over 81 million login attempts targeting Azure CLI. These attempts originated from systems linked to the hosting provider LSHIY. The attack raises concerns for Azure users as it highlights the vulnerabilities in authentication protocols. If successful, such attacks can lead to unauthorized access to sensitive data and services. Companies using Azure CLI need to be vigilant and strengthen their login security measures to protect against these types of attacks.

Impact: Azure CLI
Remediation: Users are advised to implement multi-factor authentication and monitor login attempts closely.
Read Original

A China-linked hacking group has compromised at least 10 organizations across Southeast Asia, including two state-owned entities. Researchers discovered that the attackers deployed a new backdoor, which allows them to maintain access to the targeted networks. This incident raises concerns about the security of critical systems in the region, as state-owned organizations often manage essential infrastructure. The breaches could have serious implications for national security and economic stability. Authorities and organizations in Southeast Asia need to enhance their cybersecurity measures to protect against such sophisticated attacks.

Impact: At least 10 regional organizations, including two state-owned entities.
Remediation: Organizations should enhance their cybersecurity measures, conduct thorough security audits, and monitor for unusual network activity.
Read Original

A new attack method known as 'BioShocking' can exploit AI-powered browsers by manipulating them into considering real-world risky actions as part of a fictional scenario. This allows the browsers to bypass important safety measures, potentially leading to data theft. Researchers are concerned that this vulnerability could affect users who rely on AI for web browsing, as it may enable attackers to extract sensitive information without triggering typical security protocols. The implications are significant, as it raises questions about the reliability of AI systems in safeguarding user data. Users and companies alike need to be aware of this emerging threat and take necessary precautions to protect their information.

Impact: AI-powered browsers, user data
Remediation: Users should be cautious when interacting with AI-powered browsers and avoid inputting sensitive information until further updates are provided by vendors.
Read Original

Recent reports reveal that attackers are exploiting unsecured AI endpoints to carry out offensive operations. These endpoints can be accessed without any special authentication, making them easy targets for malicious actors. The lack of security measures means that anyone who knows the location of these endpoints can potentially take control of them. This situation raises serious concerns for organizations using AI technologies, as it exposes them to various risks, including data breaches and service disruptions. Companies need to prioritize securing their AI systems to prevent unauthorized access and protect their valuable data.

Impact: AI endpoints, potentially affecting various AI applications and services
Remediation: Organizations should implement authentication measures for AI endpoints and conduct regular security audits to identify and secure exposed endpoints.
Read Original

Recent reports have surfaced regarding the use of AI to generate recipes for illicit drugs, including cocaine, which raises serious concerns about the potential for increased drug production and trafficking. Additionally, a Russian hacking group has been implicated in a series of cyberattacks targeting various organizations, showcasing their ongoing efforts to exploit vulnerabilities for espionage and financial gain. Meanwhile, the cybersecurity group known as Scattered Spider has been linked to multiple incidents involving data breaches and ransomware attacks, further complicating the security landscape. Companies like Cisco and Amazon have also found themselves in the spotlight as new vulnerabilities have been identified in their systems, prompting urgent calls for updates and patches to safeguard user data. The combination of these threats emphasizes the need for heightened security measures across industries to protect against both physical and digital dangers.

Impact: Cisco systems, Amazon services, AI-generated drug recipes
Remediation: Companies should implement security patches and updates as soon as they are available; users are advised to monitor their systems for unusual activity.
Read Original

A new malware called RustDuck is actively hijacking various devices, including home routers, IP cameras, Android boxes, and poorly secured servers. The malware operates in two stages and connects these compromised devices into a botnet designed to launch Distributed Denial of Service (DDoS) attacks, effectively taking websites and online services offline. Researchers from QiAnXin's XLab have been monitoring RustDuck since February 2026 and note that its rapid evolution is particularly concerning. This highlights the vulnerability of consumer devices and poorly secured servers, which can be easily exploited by attackers. Users and organizations need to ensure their devices are secured to prevent becoming part of such a botnet.

Impact: Home routers, IP cameras, Android boxes, poorly secured servers
Remediation: Users should secure their devices with strong passwords and keep firmware updated to the latest versions.
Read Original

The article discusses the growing reliance on AI for writing code and the security vulnerabilities that can arise from this practice. Researchers have found that AI-generated code often contains flaws and security weaknesses that can be exploited by attackers. This is a concern for developers and companies who use these tools, as insecure code can lead to data breaches and other serious security incidents. The article emphasizes the importance of reviewing and testing AI-generated code before deployment to mitigate risks. With more organizations adopting AI for software development, understanding these potential security pitfalls is crucial.

Impact: AI-generated code from various development tools and platforms
Remediation: Developers should review and test AI-generated code rigorously, implement code reviews, and use security scanning tools.
Read Original

Researchers have discovered that attackers are exploiting a serious vulnerability in Langflow, identified as CVE-2026-33017, which has a CVSS score of 9.3. This flaw allows for unauthenticated remote code execution (RCE), making it a prime target for cybercriminals. In recent attacks, these hackers have been using the vulnerability to deploy a Monero cryptocurrency miner on exposed AI application endpoints. Organizations using Langflow need to be particularly vigilant as the vulnerability is actively being exploited. This situation underscores the critical need for timely updates and security measures to protect sensitive systems from unauthorized access.

Impact: Langflow (version not specified)
Remediation: Organizations should immediately apply security patches for Langflow once available, and ensure that exposed endpoints are secured against unauthorized access. Regularly updating software and employing network segmentation can also help mitigate the risk of exploitation.
Read Original
Page 1 of 241Next