Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari
PALO ALTO, California, 29th May 2025, CyberNewsWire
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
New Malware Spotted Corrupts Its Own Headers to Block Analysis
Fortinet spots new malware that corrupts its own headers to block forensic analysis, hide behavior, and communicate with its C2 server.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Victoria’s Secret Website Taken Offline After Cyberattack
Website remains offline following suspected cyber incident, as experts warn of escalating threats targeting major retailers
The post Victoria’s Secret Website Taken Offline After Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Adidas Data Breach Linked to Third-Party Vendor
Adidas said hackers accessed a “third-party customer service provider” and stole customer information.
The post Adidas Data Breach Linked to Third-Party Vendor appeared first on SecurityWeek.
SecurityWeek – Read More
Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management
Join the live webinar to understand why data in itself is not enough to make informed decisions for prioritization.
The post Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management appeared first on SecurityWeek.
SecurityWeek – Read More
The US Is Storing Migrant Children’s DNA in a Criminal Database
Customs and Border Protection has swabbed the DNA of migrant children as young as 4, whose genetic data is uploaded to an FBI-run database that can track them if they commit crimes in the future.
Security Latest – Read More
‘Haozi’ Gang Sells Turnkey Phishing Tools to Amateurs
The phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.
darkreading – Read More
Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025
Agentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake.
The post Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025 appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2).
The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities.
“Misuse of cloud
The Hacker News – Read More
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files.
TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social
The Hacker News – Read More