Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Everest Ransomware Says It Stole 1.5M Dublin Airport Passenger Records

Everest ransomware group claims to have stolen 1.5 million passenger records from Dublin Airport and personal data of 18,000 Air Arabia employees in latest breaches.

HackRead
Open in Source
#web#auth
Amazon Explains How Its AWS Outage Took Down the Web

Plus: The Jaguar Land Rover hack sets an expensive new record, OpenAI’s new Atlas browser raises security fears, Starlink cuts off scam compounds, and more.

DHS Wants a Fleet of AI-Powered Surveillance Trucks

US border patrol is asking companies to submit plans to turn standard 4x4 trucks into AI-powered watchtowers—combining radar, cameras, and autonomous tracking to extend surveillance on demand.

Everest Ransomware Claims AT&T Careers Breach with 576K Records

Everest ransomware group claims a breach of AT&T Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing.

GHSA-5qjg-9mjh-4r92: Karmada Dashboard API Unauthorized Access Vulnerability

### Impact This is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g., /api/v1/secret, /api/v1/service) did not enforce authentication, allowing unauthenticated users to access sensitive cluster information such as Secrets and Services directly. Although the web UI required a valid JWT for access, the API itself remained exposed to direct requests without any authentication checks. Any user or entity with network access to the Karmada Dashboard service could exploit this vulnerability to retrieve sensitive data. ### Patches The issue has been fixed in Karmada Dashboard v0.2.0. This release enforces authentication for all API endpoints. Users are strongly advised to upgrade to version v0.2.0 or later as soon as possible. ### Workarounds If upgrading is not immediately feasible, users can mitigate the risk by: - Restricting network access to the Karmada Dashboard service using Kubernetes Network Policies, firewall rules, or ingress con...

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign

A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. It also builds upon a prior

Is AI moving faster than its safety net?

From agentic browsers to chat assistants, the same tools built to help us can also expose us.

Baohuo Android Malware Hijacks Telegram Accounts via Fake Telegram X

New Android malware Baohuo hijacks Telegram X accounts, stealing data and controlling chats. Over 58,000 devices infected, mainly in India and Brazil.

Think passwordless is too complicated? Let's clear that up

We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths.