Hack Read

Menlo Park, CA, USA, 10th November 2025, CyberNewsWire

Monsta FTP users must update now! A critical pre-authentication flaw (CVE-2025-34299) allows hackers to fully take over web servers. Patch to version 2.11.3 immediately.

The FBI has issued a federal subpoena to domain registrar Tucows, demanding extensive billing and session records to unmask the anonymous operator of Archive.ph (Archive.is and Archive.today). The site, known for bypassing paywalls, is now the subject of an undisclosed criminal investigation.

Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests.

Bolster AI reveals a new scam using a simple JS code via Emkei's Mailer to fake 37% profits and steal crypto. Act fast to secure your wallet.

Account takeover (ATO) attacks can devastate individuals and organisations, from personal profiles to enterprise systems. The financial impact…

Seven vulnerabilities in ChatGPT (including GPT-5) allow attackers to use '0-click' and 'memory injection' to bypass safety features and persistently steal private user data and chat history. Tenable Research exposes the flaws.

Doctor Web uncovers a targeted cyberattack on a Russian government body by the Cavalry Werewolf group using a new ShellNET backdoor and Telegram-based control.

Finding the right partner is less about headcount and more about repeatable outcomes, which is why the profiles…

Nikkei confirms breach after a virus infected an employee PC, exposing 17,368 names and Slack chat histories. The media giant reported the incident voluntarily.

JFrog researchers found a critical RCE vulnerability (CVE-2025-11953) in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw.

Private markets used to operate behind closed doors, exclusive, informal, and built on personal connections more than structure.…

Norton finds a flaw in the new Midnight ransomware built from Babuk code and releases a free decryptor to help victims recover files without paying a ransom.

New AWS report data reveals the top four security failure points in the cloud, including vulnerability exploitation (24%)…

Microsoft Teams vulnerabilities let attackers impersonate users, edit chat history, and spoof calls before Microsoft issued security fixes in late 2025.

The marketplace revolution is here, and it’s transforming how we buy, sell, and share everything from vintage furniture…

Google Chrome browser’s new enhanced autofill feature can now remember and automatically fill in personal data such as…

Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication.

In January 2023, Getty Images filed a major lawsuit in the UK High Court against Stability AI, an…

Delaware, United States, 4th November 2025, CyberNewsWire