Security
Headlines
HeadlinesLatestCVEs

Tag

#git

UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp

The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stas_vl,” ran a long-running bulletproof hosting operation used by top ransomware groups.

HackRead
Open in Source
#web#git#auth
Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July 2025. "The specific flaw exists

Mac users warned about new DigitStealer information stealer

DigitStealer is a new infostealer built for macOS, and it stands out for being smarter than most. Here's how it works and how to stay safe.

The Cloudflare Outage May Be a Security Roadmap

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic.

Critical Railway Braking Systems Open to Tampering

It only takes recycled cans, copper, and cheap gadgets off the Web to trick a train conductor into doing something dangerous.

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network. The router hijacking activity has been codenamed Operation WrtHug by SecurityScorecard's STRIKE team. Southeast Asia and European countries are some of the other regions where infections have

Attackers are using “Sneaky 2FA” to create fake sign-in windows that look real

The Phishing-as-a-Service kit Sneaky 2FA was found to use Browser-in-the-browser attacks to steal login credentials.

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered the network, is fundamentally risky and contributes significantly to the half-trillion-dollar annual cost of cybercrime. Zero Trust fundamentally shifts

Sharenting: are you leaving your kids’ digital footprints for scammers to find? 

Our children build digital lives long before they understand them. Here’s how to shrink their online footprint and stay smart about “sharenting.”

Vaping Is ‘Everywhere’ in Schools—Sparking a Bathroom Surveillance Boom

Schools in the US are installing vape-detection tech in bathrooms to thwart student nicotine and cannabis use. A new investigation reveals the impact of using spying to solve a problem.