Hacking News
@hackingne.ws
Automated hacking and tech news, every two hours this bot parses multiple RSS feeds for new stories, generates a summary of the article utilizing AI, and then posts both the summary and article.
Check out my Lemmy instance: https://hackingne.ws
Check out my Lemmy instance: https://hackingne.ws
ProPublica exposes Microsoft's risky "digital escort" program: Chinese engineers maintain US defense systems, supervised by low-skilled US staff. Experts warn of major cybersecurity and national security threats.#MicrosoftDigitalEscort
July 15, 2025 at 2:29 PM
ProPublica exposes Microsoft's risky "digital escort" program: Chinese engineers maintain US defense systems, supervised by low-skilled US staff. Experts warn of major cybersecurity and national security threats.#MicrosoftDigitalEscort
The Trump administration shifted $1 billion from defensive to offensive cyber operations, boosting Indo-Pacific Command but raising vulnerability concerns due to secrecy surrounding the specifics.#CyberShiftIndoPacific
July 15, 2025 at 12:01 AM
The Trump administration shifted $1 billion from defensive to offensive cyber operations, boosting Indo-Pacific Command but raising vulnerability concerns due to secrecy surrounding the specifics.#CyberShiftIndoPacific
Eight Chinese nationals, some Penn State students, were indicted for a computer hacking scam. The scheme defrauded victims, including elderly Pennsylvanians, of at least $4.4 million via fraudulent online representations and promises. The individuals are in the U.S. on student visas.
July 12, 2025 at 6:26 PM
Eight Chinese nationals, some Penn State students, were indicted for a computer hacking scam. The scheme defrauded victims, including elderly Pennsylvanians, of at least $4.4 million via fraudulent online representations and promises. The individuals are in the U.S. on student visas.
DC law firm Wiley Rein suffered a data breach, with suspected Chinese hackers accessing employee emails. Mandiant is investigating; clients and law enforcement notified. China denies involvement.#WileyReinDataBreach
July 12, 2025 at 12:01 PM
DC law firm Wiley Rein suffered a data breach, with suspected Chinese hackers accessing employee emails. Mandiant is investigating; clients and law enforcement notified. China denies involvement.#WileyReinDataBreach
Urgent: CISA mandates federal agencies patch Citrix NetScaler (Citrix Bleed 2) by July 12, 2025. Active exploitation confirmed; remote attackers can steal credentials.#CitrixBleed2PatchNow
July 11, 2025 at 6:06 PM
Urgent: CISA mandates federal agencies patch Citrix NetScaler (Citrix Bleed 2) by July 12, 2025. Active exploitation confirmed; remote attackers can steal credentials.#CitrixBleed2PatchNow
The US secured the arrest of Xu Zewei in Milan on July 3rd, 2025. Accused of working for China's Ministry of State Security, he faces extradition to America for wire fraud, identity theft, and hacking. This marks a shift from previous US efforts to merely expose Chinese hackers.#XuZeweiArrest
July 10, 2025 at 4:01 PM
The US secured the arrest of Xu Zewei in Milan on July 3rd, 2025. Accused of working for China's Ministry of State Security, he faces extradition to America for wire fraud, identity theft, and hacking. This marks a shift from previous US efforts to merely expose Chinese hackers.#XuZeweiArrest
Four teens (3 males, 1 female) arrested in England for M&S & Co-op cyberattacks causing £300m losses. Electronic devices seized. Suspects face computer misuse, blackmail, money laundering & organized crime charges.#M&SCooperCyberAttack
July 10, 2025 at 2:26 PM
Four teens (3 males, 1 female) arrested in England for M&S & Co-op cyberattacks causing £300m losses. Electronic devices seized. Suspects face computer misuse, blackmail, money laundering & organized crime charges.#M&SCooperCyberAttack
Teenage hacking group Scattered Spider targets US corporations with ransomware. Their methods (help desk impersonation, SIM swapping, ESXi attacks) remain effective, exposing corporate cybersecurity weaknesses. Decentralization and underage members hinder law enforcement.#ScatteredSpiderRansomware
July 9, 2025 at 2:05 PM
Teenage hacking group Scattered Spider targets US corporations with ransomware. Their methods (help desk impersonation, SIM swapping, ESXi attacks) remain effective, exposing corporate cybersecurity weaknesses. Decentralization and underage members hinder law enforcement.#ScatteredSpiderRansomware
Activision removed the Microsoft Store/Game Pass version of Call of Duty: WWII due to a PC-specific exploit enabling remote code execution (RCE) hacks. Players reported compromised computers. The flaw, present only in this version, allowed malware installation. Activision is working on a patch.
July 9, 2025 at 12:17 PM
Activision removed the Microsoft Store/Game Pass version of Call of Duty: WWII due to a PC-specific exploit enabling remote code execution (RCE) hacks. Players reported compromised computers. The flaw, present only in this version, allowed malware installation. Activision is working on a patch.
Xu Zewei, a 33-year-old Chinese national, was arrested in Milan for alleged ties to the Silk Typhoon hacking group. The group is accused of cyberespionage targeting US organizations and government agencies, including attacks on COVID-19 researchers in 2020. The US seeks extradition.
July 8, 2025 at 4:50 AM
Xu Zewei, a 33-year-old Chinese national, was arrested in Milan for alleged ties to the Silk Typhoon hacking group. The group is accused of cyberespionage targeting US organizations and government agencies, including attacks on COVID-19 researchers in 2020. The US seeks extradition.
Cambodia accuses Thailand of a false cyberattack claim involving North Korean hackers, countering with accusations of Thai group "BlackEye-Thai" targeting Cambodian systems. This follows a deadly border clash and escalating tensions.#CambodiaThailandCyberWar
July 8, 2025 at 2:02 AM
Cambodia accuses Thailand of a false cyberattack claim involving North Korean hackers, countering with accusations of Thai group "BlackEye-Thai" targeting Cambodian systems. This follows a deadly border clash and escalating tensions.#CambodiaThailandCyberWar
DragonForce and RansomHub's turf war doubles extortion risks for companies. DragonForce's expansion fuels this conflict, mirroring a UnitedHealth incident, exposing the volatile ransomware-as-a-service market.#RansomwareTurfWar
July 7, 2025 at 10:02 PM
DragonForce and RansomHub's turf war doubles extortion risks for companies. DragonForce's expansion fuels this conflict, mirroring a UnitedHealth incident, exposing the volatile ransomware-as-a-service market.#RansomwareTurfWar
Two critical vulnerabilities (CVE-2025-32462, CVSS 2.8; CVE-2025-32463, CVSS 9.3) in Linux Sudo (versions before 1.9.17p1) allow local privilege escalation to root. CVE-2025-32463 requires no sudoers file entry. Patches are available. Immediate patching is advised.#SudoVulnerability
July 7, 2025 at 8:07 PM
Two critical vulnerabilities (CVE-2025-32462, CVSS 2.8; CVE-2025-32463, CVSS 9.3) in Linux Sudo (versions before 1.9.17p1) allow local privilege escalation to root. CVE-2025-32463 requires no sudoers file entry. Patches are available. Immediate patching is advised.#SudoVulnerability
SK Telecom lost 800,000 subscribers following a 2021 data breach, despite compensation efforts. Continued losses threaten market dominance and forced a lowered sales forecast, as competitors actively recruit former customers.#SKTelecomDataBreachImpact
July 7, 2025 at 4:47 PM
SK Telecom lost 800,000 subscribers following a 2021 data breach, despite compensation efforts. Continued losses threaten market dominance and forced a lowered sales forecast, as competitors actively recruit former customers.#SKTelecomDataBreachImpact
Qantas data breach exposes names, emails, phone numbers, and birthdates of up to 6 million customers via a third-party system. Financial and passport data unaffected. AFP investigating.#QantasDataBreach
July 7, 2025 at 10:01 AM
Qantas data breach exposes names, emails, phone numbers, and birthdates of up to 6 million customers via a third-party system. Financial and passport data unaffected. AFP investigating.#QantasDataBreach
Security researcher Eric Daigle found an SQL injection flaw in stalkerware "Catwatchful," exposing 62,000 user accounts' logins (including admin's). He worked with TechCrunch to shut it down, but it quickly reappeared.#CatwatchfulVulnerability
July 7, 2025 at 12:03 AM
Security researcher Eric Daigle found an SQL injection flaw in stalkerware "Catwatchful," exposing 62,000 user accounts' logins (including admin's). He worked with TechCrunch to shut it down, but it quickly reappeared.#CatwatchfulVulnerability
Ingram Micro's internal systems, including Xvantage and Impulse, were crippled by a July 5th ransomware attack (possibly via VPN). Microsoft 365 remains online, but the company hasn't confirmed the incident.#IngramMicroRansomwareAttack
July 6, 2025 at 2:32 PM
Ingram Micro's internal systems, including Xvantage and Impulse, were crippled by a July 5th ransomware attack (possibly via VPN). Microsoft 365 remains online, but the company hasn't confirmed the incident.#IngramMicroRansomwareAttack
Rey (HellCat) claims a May 30th Telefónica breach, stealing 106GB of data. A 5GB sample was leaked; Telefónica denies it. Full data release is threatened unless demands are met. A prior breach occurred in January.#TelefónicaDataBreach
July 5, 2025 at 8:12 AM
Rey (HellCat) claims a May 30th Telefónica breach, stealing 106GB of data. A 5GB sample was leaked; Telefónica denies it. Full data release is threatened unless demands are met. A prior breach occurred in January.#TelefónicaDataBreach
SK Telecom faces penalties for a massive data breach. A South Korean investigation found negligence; hackers stole ~10GB of subscriber data due to insufficient security since August 2021. Expect fines and mandated security upgrades.#SKTelecomDataBreach
July 5, 2025 at 2:02 AM
SK Telecom faces penalties for a massive data breach. A South Korean investigation found negligence; hackers stole ~10GB of subscriber data due to insufficient security since August 2021. Expect fines and mandated security upgrades.#SKTelecomDataBreach
C&M Software, a Brazilian bank service provider, suffered a $140M heist. A compromised employee's credentials, sold for ~$2700, allowed hackers to steal from six institutions. $30-40M was laundered via Latin American crypto exchanges, exposing centralized system weaknesses.#CMSoftwareHeist
July 5, 2025 at 12:01 AM
C&M Software, a Brazilian bank service provider, suffered a $140M heist. A compromised employee's credentials, sold for ~$2700, allowed hackers to steal from six institutions. $30-40M was laundered via Latin American crypto exchanges, exposing centralized system weaknesses.#CMSoftwareHeist
Former NSA hacker David Kennedy warned on Fox Business' Mornings with Maria about the hacking group "Scattered Spider" expanding its cyberattacks to target the airline industry. The segment aired July 3, 2025.#ScatteredSpiderAirlineThreat
July 3, 2025 at 2:02 PM
Former NSA hacker David Kennedy warned on Fox Business' Mornings with Maria about the hacking group "Scattered Spider" expanding its cyberattacks to target the airline industry. The segment aired July 3, 2025.#ScatteredSpiderAirlineThreat
Chinese hackers (Houken/UNC5174) exploited three zero-day vulnerabilities (CVE-2024-8963, CVE-2024-9380, CVE-2024-8190) in Ivanti CSA devices, targeting French government and telecoms, deploying web shells, rootkits, and GOREVERSE malware across various sectors.#IvantiCSAZeroDayExploit
July 3, 2025 at 12:01 PM
Chinese hackers (Houken/UNC5174) exploited three zero-day vulnerabilities (CVE-2024-8963, CVE-2024-9380, CVE-2024-8190) in Ivanti CSA devices, targeting French government and telecoms, deploying web shells, rootkits, and GOREVERSE malware across various sectors.#IvantiCSAZeroDayExploit
A politically motivated cyberattack hit Columbia University on June 24th. Stolen student data and campus outages followed, with Trump's image displayed on monitors. The university is investigating the breach's extent and ties to administration disputes.#ColumbiaCyberattack
July 2, 2025 at 8:25 PM
A politically motivated cyberattack hit Columbia University on June 24th. Stolen student data and campus outages followed, with Trump's image displayed on monitors. The university is investigating the breach's extent and ties to administration disputes.#ColumbiaCyberattack
Iranian hackers threaten to leak stolen emails from Trump associates, including his chief of staff and Stormy Daniels. US officials deem it a smear campaign and promise prosecution, amid broader Iranian cyberattack warnings.#IranTrumpCyberAttack
July 2, 2025 at 2:30 PM
Iranian hackers threaten to leak stolen emails from Trump associates, including his chief of staff and Stormy Daniels. US officials deem it a smear campaign and promise prosecution, amid broader Iranian cyberattack warnings.#IranTrumpCyberAttack
Microsoft, DocuSign, and other brands are impersonated in PDF phishing campaigns. Victims are tricked into calling spoofed numbers (TOAD), enabling attackers to steal data or install malware via VoIP and social engineering. The FBI warns of this urgent threat.#PDFPhishingScam
July 2, 2025 at 12:24 PM
Microsoft, DocuSign, and other brands are impersonated in PDF phishing campaigns. Victims are tricked into calling spoofed numbers (TOAD), enabling attackers to steal data or install malware via VoIP and social engineering. The FBI warns of this urgent threat.#PDFPhishingScam