Hack Read

ESET warns of fake Signal and ToTok apps spreading Android spyware in the UAE, stealing contacts, messages, and chat backups from users.

Paris, France, 6th October 2025, CyberNewsWire

A misconfigured database belonging to a pet insurance company, "Rainwalk Pet Insurance," exposed sensitive PII and veterinary claim data. The data exposure reveals new fraud tactics, including microchip and reimbursement scams.

WatchTowr finds a serious flaw in Dell UnityVSA (CVE-2025-36604) letting attackers run commands without login. Dell issues patch 5.5.1 - update now.

As we all know, the SD card usually stores your multimedia and important mobile files. When Android suddenly…

You tap Update, wait for the progress indicator, and then error. Your iPhone freezes and displays “Update Failed,”…

Discord confirms a data breach via a third-party vendor, exposing government-issued photo IDs, names, emails, and limited billing data of users who contacted customer support. Learn the full risk.

A Zimperium zLabs analysis of 800 free Android and iOS VPN apps exposes critical security flaws, including the Heartbleed bug, excessive system permissions, and non-transparent data practices. Learn how these 'privacy' tools are actually major security risks, especially for BYOD environments.

A leak site from Scattered LAPSUS$ Hunters alleges Salesforce breach, with hackers claiming 1B records stolen and 39 major companies affected

Bitsight warns ICS/OT exposure jumped 12% in 2024, leaving 180,000+ critical infrastructure systems open to attack. Learn about the possible vulnerabilities and new malware strains.

A ‘high-volume’ extortion campaign possibly linked to FIN11 and Cl0p is targeting Oracle E-Business executives. Mandiant and GTIG are investigating unproven data theft claims.

Renault UK warns customers of a third-party data breach exposing personal details, stressing vigilance against fraud and confirming no bank data lost.

Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now.

Cybersecurity firm Tenable found three critical flaws allowing prompt injection and data exfiltration from Google's Gemini AI. Learn why AI assistants are the new weak link.

Cybersecurity firm Blackpoint Cyber reveals a new spear phishing campaign targeting executives. Learn how attackers use fraudulent document ZIPs containing malicious shortcut files, leveraging 'living off the land' tactics, and a unique Anti-Virus check to deliver a custom payload

Ransomware has evolved from a niche hacker tactic into a mainstream threat, and small businesses are increasingly in…

WestJet confirms a data breach starting June 13, 2025, stole passport/ID and personal data. Credit cards and passwords are safe. The airline offers 24 months of free identity monitoring, including $1M insurance.

Cybersecurity researchers at Varonis have discovered two new plug-and-play cybercrime toolkits, MatrixPDF and SpamGPT. Learn how these AI-powered tools make mass phishing and PDF malware accessible to anyone, redefining online security risks.

Infoblox reveals how the Detour Dog group used server-side DNS to compromise 30,000+ sites across 89 countries, installing the stealthy Strela Stealer malware.

Zhimin Qian, the 'Bitcoin Queen,' pleads guilty in the UK after police seized over £5 billion in stolen crypto, the world's largest crypto seizure. Details on the Ponzi scam and fight for the funds.