Real-time threat intelligence from trusted sources
BleepingComputer
ChatGPT, an AI service by OpenAI, is experiencing a worldwide outage, preventing users from accessing their conversations and generating errors. The cause of the outage has not been disclosed, raising concerns about the reliability of the service and potential impacts on users who rely on it for various applications.
The Shai-Hulud 2.0 malware attack has compromised approximately 400,000 raw secrets by infecting numerous packages in the NPM registry and leaking the stolen data across 30,000 GitHub repositories. This incident highlights significant vulnerabilities in software supply chains and the potential risks for developers and organizations relying on these tools.
The article discusses the lack of concrete actions taken by Congress and federal agencies in response to Chinese hackers infiltrating U.S. telecom networks, highlighting the need for improved information sharing with the industry to prevent future cyber threats. The situation underscores the ongoing vulnerabilities in critical infrastructure and the necessity for legislative and collaborative efforts to enhance cybersecurity measures.
SCM feed for Latest
NATO is contemplating pre-emptive measures in response to escalating Russian cyberattacks and drone strikes targeting Europe. This shift indicates a heightened concern over the potential for hybrid warfare tactics being employed by Russia, which could have significant implications for European security and defense strategies.
SCM feed for Latest
Switzerland's Privacy Conference has issued a warning to public bodies against using US-based hyperscale cloud and SaaS platforms due to concerns over sovereignty and legal risks. This recommendation highlights the growing unease regarding data security and privacy when relying on foreign cloud services.
Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
The Everest ransomware group has claimed responsibility for breaching ASUS and stealing over 1TB of sensitive data, including camera source code. ASUS has been given a tight deadline of 21 hours to respond to the ransom demand, highlighting the urgency and severity of the situation.
SCM feed for Latest
The 2025 State of Cloud Security report highlights a significant cybersecurity threat due to the prevalence of outdated cloud identities, with 59% of AWS IAM users and 55% of Google Cloud service accounts having active keys older than one year. This creates a substantial attack surface, increasing the risk of unauthorized access and potential breaches.
India's Department of Telecommunications has mandated that messaging apps must operate only with active SIM cards linked to users' mobile numbers. This measure aims to curb fraud and misuse associated with these platforms, highlighting the government's focus on enhancing cybersecurity and user accountability in digital communication.
Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
North Korean hackers have intensified their 'Contagious Interview' campaign by uploading over 200 malicious npm packages designed to install OtterCookie malware. This targeted attack primarily affects blockchain and Web3 developers, leveraging fake job interviews and coding tests to lure victims.
SCM feed for Latest
A man has been sentenced for hacking into a Wi-Fi network on a commercial flight, leading to data theft. This incident highlights the ongoing risks associated with unsecured Wi-Fi networks, particularly in public spaces like airplanes, and underscores the importance of cybersecurity measures for protecting sensitive information.
Infosecurity Magazine
Three critical zero-day vulnerabilities in PickleScan have been identified, impacting Python and PyTorch. These flaws enable undetected attacks on AI model supply chains, posing significant risks to data integrity and security.
The article discusses the development of the Raptor Framework, an open-source AI tool designed to generate vulnerability exploits and patches using large language models. This innovation highlights the potential for automated security measures but also raises concerns about the implications of easily accessible exploit generation capabilities. Researchers emphasize the dual-use nature of such technology in cybersecurity.
The article reports on a joint investigation revealing a remote IT worker infiltration scheme linked to North Korea's Lazarus Group. This scheme highlights the persistent threat posed by state-sponsored cyber actors, emphasizing the need for heightened awareness and security measures against such infiltration tactics.
North Korean IT recruiters are engaging in a scheme where they entice developers to rent out their identities for illicit fundraising activities. This operation poses a significant cybersecurity threat as it exploits individuals' identities to support North Korea's funding efforts, highlighting the growing intersection of cybercrime and geopolitical issues.
Help Net Security
CVE-2025-48633Google has addressed 51 vulnerabilities in Android, including two high-severity flaws (CVE-2025-48633 and CVE-2025-48572) that are potentially under targeted exploitation. Both vulnerabilities impact the Android Framework, which is essential for app development, and could allow malicious applications to access sensitive information.