Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

/in

Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies.
Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and

The Hacker News – ​Read More

NSO Group asks judge for new trial, calling $167 million in damages ‘outrageous’

/in

The spyware maker claims the damages it was ordered to pay are “excessive,” and that the jury wanted to “bankrupt” the company.

Security News | TechCrunch – ​Read More

US Sanctions Philippines’ Funnull Technology Over $200M Crypto Scam

/in

The US Department of the Treasury has taken action against Funnull Technology Inc. for enabling massive pig butchering…

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More

Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says

/in

BO Team, also known as Black Owl, has been active since early 2024 and appears to operate independently, with its own arsenal of tools and tactics, researchers at Russian cybersecurity firm Kaspersky said.

The Record from Recorded Future News – ​Read More

Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure

/in

Cryptocurrency mining operation hits exposed Consul dashboards, Docker Engine APIs and Gitea code-hosting instances to push Monero miner.

The post Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure appeared first on SecurityWeek.

SecurityWeek – ​Read More

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

/in

Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.
The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below –

CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) – Two incorrect authorization vulnerabilities in the Graphics

The Hacker News – ​Read More

Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently

/in

Chipmaker says there are indications from Google Threat Analysis Group that a trio of flaws “may be under limited, targeted exploitation.”

The post Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently appeared first on SecurityWeek.

SecurityWeek – ​Read More

vBulletin Vulnerability Exploited in the Wild

/in

Exploitation of the vBulletin vulnerability tracked as CVE-2025-48827 and CVE-2025-48828 started shortly after disclosure.

The post vBulletin Vulnerability Exploited in the Wild appeared first on SecurityWeek.

SecurityWeek – ​Read More

Maximize Your Minecraft: Optimal PC Setup and Server Hosting Essentials

/in

Among all ages, Minecraft still rules the gaming scene as a preferred choice. The game provides a broad…

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More

Iranian Robbinhood Ransomware Operator Pleads Guilty in US City Attacks

/in

Iranian Robbinhood ransomware operator pleads guilty to major US city attacks, crippling services in Baltimore, Greenville, and more since 2019.

Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – ​Read More