HackRead

A new Microsoft 365 phishing scam tricks users into calling fake support numbers by exploiting Microsoft’s legitimate email infrastructure.

A misconfigured database exposed 108.8 GB of sensitive data belonging to over 86,000 healthcare workers linked to ESHYFT, a HealthTech company operating in 29 states.

Several US healthcare organizations reported significant data breaches affecting over 560,000 individuals.

Outpost24's KrakenLabs uncovered EncryptHub’s malware campaign, exposing their tactics through OPSEC failures such as directory listing leaks, exposed Telegram bot configurations, and storing stolen data alongside malware.

JavaGhost, a threat group tracked by Unit 42, has shifted from website defacement to targeting AWS environments through phishing and IAM abuse.

The 360XSS campaign exploited a reflected XSS vulnerability (CVE-2020-24901) in the Krpano virtual tour framework to hijack search results and distribute spam ads across 350+ websites, including government, university, and news portals.

A data breach at DISA Global Solutions exposed personal information of over 3.3 million individuals, including 15,000 Maine residents.

ACRStealer, a new information-stealing malware, is rapidly increasing in distribution since 2025, leveraging legitimate platforms like Google Docs and Steam for its command-and-control communications.

Bybit, one of the world's leading cryptocurrency exchanges, experienced a significant security breach on February 21, 2025, resulting in the theft of approximately $1.4 billion worth of Ethereum.

This year, the tech job market is experiencing volatility, with AI advancements driving demand while companies struggle with adaptation, leading to job cuts.

Meta awarded over $2.3 million in bug bounties in 2024 after receiving nearly 10,000 vulnerability reports, with around 600 qualifying for payouts.

The newly discovered Astaroth phishing kit, uncovered by SlashNext researchers, is designed to bypass two-factor authentication (2FA) by using an evilginx-style reverse proxy to intercept login credentials and session tokens in real-time.