Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Why Legitimate Bot Traffic Is a Growing Security Blind Spot

Security teams have spent years improving their ability to detect and block malicious bots. That effort remains critical.…

HackRead
Open in Source
#web#windows#git
One million customers on alert as extortion group claims massive Brightspeed data haul

The Crimson Collective claims to have stolen data on more than a million Brightspeed customers. The broadband provider is investigating.

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally. "Threat actors have leveraged this vector to deliver a wide variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms such as Tycoon 2FA," the

How to Avoid Phishing Incidents in 2026: A CISO Guide

Phishing in 2026 is harder to detect and verify. Learn how CISOs can speed up investigations, reduce noise, and respond with confidence.

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat

Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD) errors in attacks targeting the European hospitality sector. The end goal of the multi-stage campaign is to deliver a remote access trojan known as DCRat, according to cybersecurity company Securonix.

New VVS Stealer Malware Targets Discord Users via Fake System Errors

Palo Alto Networks’ new report reveals VVS Stealer uses Discord Injection and fake error messages to steal tokens and MFA codes. Protect your account from this new Python-based threat.

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. "This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025," the 360 Threat Intelligence Center said in

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week’s stories share one pattern. Nothing flashy. No single moment. Just steady abuse of trust — updates, extensions,

How To Build Ransomware-Resilient AI Data Pipelines: A Practical Guide for Modern Enterprises

Modern enterprises depend on AI data pipelines for analytics and automated decision-making. As these pipelines become more integrated…

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far back as April 2025, according to a report from Palo Alto Networks Unit 42. "VVS stealer's code is obfuscated by Pyarmor," researchers