Hackread – Cybersecurity News, Data Breaches, AI and More
Actively Exploited
Cybersecurity researchers at Forcepoint have discovered new indirect prompt injection attacks that exploit AI assistants, particularly targeting tools like GitHub Copilot. These attacks work by embedding hidden instructions within website code, which the AI assistants unknowingly execute. This poses a significant risk as it allows attackers to manipulate the AI's responses without direct interaction. Companies using these AI tools should be vigilant about the code they incorporate into their platforms, as these vulnerabilities could lead to unintended outputs or security breaches. The findings emphasize the need for better safeguards in AI systems to prevent such exploitation.
The ransomware group known as 'The Gentlemen' has quickly gained notoriety for its rapid operational growth and advanced tactics. Researchers have noted that this gang is not only expanding its reach but also enhancing its methods, making it a significant player in the ransomware space. Their swift rise poses a serious risk to various organizations, as they can potentially exploit vulnerabilities faster than many can respond. This development emphasizes the need for companies to strengthen their cybersecurity measures and remain vigilant against such emerging threats. As ransomware attacks continue to evolve, understanding the capabilities of groups like The Gentlemen is crucial for effective defense.
A new campaign linked to the Mirai malware is exploiting a serious command-injection vulnerability in D-Link DIR-823X routers, identified as CVE-2025-29635. This vulnerability allows attackers to take control of the routers and integrate them into a botnet. Users of these routers are at risk as their devices can be hijacked for malicious purposes, including launching distributed denial-of-service (DDoS) attacks. This situation is particularly concerning since the affected routers are at the end of their life cycle, meaning they are unlikely to receive security updates. It’s crucial for users to be aware of this exploit and take necessary precautions to secure their networks.
A recent report from Mozilla reveals that the Claude Mythos AI model has identified hundreds of bugs within the Firefox browser. While this discovery can enhance the security of Firefox by allowing developers to patch vulnerabilities, it also poses a risk by potentially lowering the barriers for attackers. With these bugs exposed, malicious actors could exploit them before they are addressed. This situation raises concerns about the balance between improving security through vulnerability detection and the risk of making it easier for attackers to find and exploit weaknesses. Users of Firefox should stay alert for updates and patches to ensure their browsing experience remains secure.
The Mirai botnet is exploiting a newly discovered vulnerability in older D-Link routers, identified as CVE-2025-29635. This command injection flaw allows attackers to execute arbitrary commands through specially crafted POST requests. The vulnerability is particularly concerning because it affects discontinued models that many users may still have in operation. With the public disclosure of a proof-of-concept (PoC) exploit, the risk of widespread attacks increases, putting users who have not updated their devices at significant risk. It's crucial for affected users to take immediate action to secure their routers to prevent unauthorized access.
France Titres, the agency responsible for managing official identity and registration documents in France, has reported a data breach that may have compromised user data from its online portal. The breach was detected on April 15 and is currently under investigation. This incident raises concerns about the security of sensitive information related to driver's licenses, national ID cards, and passports, potentially affecting many users who rely on these services. As the agency works to address the breach, users are being alerted to the possibility of phishing attempts that could exploit the situation. It’s crucial for individuals to remain vigilant and protect their personal information during this time.
The Mirai botnet is exploiting a command injection vulnerability found in certain discontinued D-Link routers. This issue emerged about a year after the vulnerability was publicly disclosed and proof-of-concept exploit code was released. Users of these routers are at risk, as the botnet can take control of the devices, potentially turning them into part of a larger network for launching attacks. The fact that these routers are no longer supported by D-Link means that affected users will not receive any official security updates or patches, leaving them vulnerable. It's crucial for individuals and organizations still using these routers to take immediate action to secure their networks, as the exploitation is ongoing.
A recent analysis reveals that many organizations are struggling to effectively utilize Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) data in their cybersecurity strategies. Researchers indicate that without a governance-driven intelligence layer, security teams are unable to convert this data into actionable security decisions. This gap has contributed to a rise in supply chain attacks, where malicious actors exploit vulnerabilities in software dependencies. The findings suggest that companies need to improve their data management and decision-making processes to better protect themselves against these types of threats. As supply chain vulnerabilities continue to pose risks, addressing this issue is becoming increasingly urgent for businesses relying on third-party software components.
Recent cyberattacks attributed to North Korean hackers have targeted financial organizations, particularly those involved in cryptocurrency, venture capital, and blockchain. These attacks utilize AppleScript and a tool called ClickFix to exploit vulnerabilities in macOS systems. The campaigns aim to compromise the security of these entities, which are often seen as lucrative targets due to the significant amounts of money involved in digital currencies and investments. This shift in tactics marks a concerning trend in how threat actors approach financial institutions, making it crucial for companies in these sectors to strengthen their cybersecurity measures.
The article discusses the evolving role of Chief Information Security Officers (CISOs) in the context of rapidly advancing AI technologies. With attackers now able to exploit vulnerabilities within minutes, traditional security audits are becoming outdated. CISOs are urged to move towards real-time monitoring and awareness to keep pace with these threats. This shift is crucial as organizations face increasing risks from sophisticated cyber attacks that can bypass static defenses. The call for change emphasizes the need for CISOs to adapt their strategies to ensure better protection for their organizations.
Oracle has released a significant update, patching 481 vulnerabilities across 28 of its product families. Among these, over 300 patches address remotely exploitable flaws that do not require authentication, making them particularly concerning for users. This update is part of Oracle's April 2026 Critical Patch Update (CPU), which aims to enhance security for its various software products. Users of Oracle software should prioritize applying these patches to protect their systems from potential attacks. The vulnerabilities could allow attackers to exploit systems without needing any user credentials, which increases the urgency for swift action.
A serious security flaw has been identified in the Python-based sandbox environment known as Terrarium. This vulnerability, assigned the identifier CVE-2026-5752, has a CVSS score of 9.3, indicating its high severity. Attackers can exploit this flaw to execute arbitrary code with root privileges on the host machine by manipulating the JavaScript prototype chain. This issue is particularly concerning for developers and organizations using Terrarium, as it may allow unauthorized access to sensitive systems and data. Users of this sandbox environment should prioritize addressing this vulnerability to mitigate potential risks.
The article discusses how identity-based attacks, particularly those involving stolen credentials, remain a primary method for cybercriminals to gain unauthorized access to systems. Despite the focus on advanced threats like zero-day vulnerabilities and AI-driven exploits, attackers often rely on simpler tactics such as credential stuffing to exploit weak passwords or reused credentials. This trend affects organizations across various sectors, as compromised accounts can lead to significant data breaches and financial losses. Companies are urged to implement stronger authentication measures and educate users about secure password practices to mitigate these risks.
The recent dismantling of the Tycoon 2FA phishing-as-a-service platform has left a significant gap in the cybercrime ecosystem. In a crackdown that took down over 300 active domains associated with Tycoon 2FA, security researchers noted that cybercriminals are now shifting their focus to other similar platforms, namely Mamba 2FA, Sneaky 2FA, and EvilProxy. These alternative services have quickly integrated the tools and techniques that made Tycoon 2FA popular among attackers. This transition underscores the persistent nature of phishing threats, as criminals adapt and find new ways to exploit users. The ongoing evolution of these platforms poses a continuous risk to individuals and organizations, highlighting the need for enhanced security measures against phishing attempts.
Vercel recently experienced a security breach that began with malware disguised as cheats for the popular game Roblox. This incident, which originated at Context.ai, highlights the risks associated with interconnected cloud applications and Software as a Service (SaaS) integrations that have excessive permissions. Attackers were able to exploit these vulnerabilities, raising concerns about the security practices in place at Vercel and similar companies. As more organizations rely on cloud services, ensuring that permissions are appropriately managed is crucial to prevent such breaches. This incident serves as a wake-up call for companies to review their security measures and strengthen their defenses against similar threats.