SecurityHungry.com - Cybersecurity News and Updates
Tidal Cyber Raises $10 Million for CTI and Adversary Behavior Platform
<p>Co-founded by former MITRE experts, the startup will use the funding to accelerate product innovation and fuel company growth.</p><p>The post <a href="https://www.securityweek.com/tidal-cyber-raises-10-million-for-cti-and-adversary-behavior-platform/">Tidal Cyber Raises $10 Million for CTI and Adversary Behavior Platform</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar."The two npm packages abused smart contracts to conceal malicious
Japan, South Korea Take Aim at North Korean IT Worker Scam
With the continued success of North Korea's IT worker scams, Asia-Pacific nations are working with private firms to blunt the scheme's effectiveness.
Russia's APT28 Targets Microsoft Outlook With 'NotDoor' Malware
The notorious Russian state-sponsored hacking unit, also known as Fancy Bear, is abusing Microsoft Outlook for covert data exfiltration.
Cloudflare Holds Back the Tide on 11.5Tbps DDoS Attack
It's the equivalent of watching more than 9,350 full-length HD movies or streaming 7,480 hours of high-def video nonstop in less than a minute.
US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack
<p>Flaw allows attackers to reset and hijack TP-Link TL-WA855RE devices; CISA urges users to retire discontinued extenders.</p><p>The post <a href="https://www.securityweek.com/us-cybersecurity-agency-flags-wi-fi-range-extender-vulnerability-under-active-attack/">US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Threat actors abuse X’s Grok AI to spread malicious links
Threat actors are using Grok, X's built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. [...]
Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws.HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,
Detecting Data Leaks Before Disaster
In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access
Hacked Routers Linger on the Internet for Years, Data Shows
While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked.
Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks.The vulnerabilities are listed below -CVE-2025-38352 (CVSS score: 7.4) - A privilege escalation flaw in the Linux Kernel component CVE-2025-48543 (CVSS score: N/A) - A
Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats
An Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice."Emails were sent to
US offers $10 million bounty for info on Russian FSB hackers
The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government. [...]
Google Patches High-Severity Chrome Vulnerability in Latest Update
<p>Chrome's latest release addresses a high-severity use-after-free vulnerability in the V8 JavaScript engine that could be exploited for remote code execution.</p><p>The post <a href="https://www.securityweek.com/google-patches-high-severity-chrome-vulnerability-in-latest-update/">Google Patches High-Severity Chrome Vulnerability in Latest Update</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws
Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. [...]
US sues robot toy maker for exposing children's data to Chinese devs
The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children's geolocation data without their knowledge and parental consent. [...]
Cato Networks Acquires AI Security Firm Aim Security
<p>Founded in 2022 to help organizations with the secure deployment of generative-AI utilities, Aim emerged from stealth in January 2024.</p><p>The post <a href="https://www.securityweek.com/cato-networks-acquires-ai-security-firm-aim-security/">Cato Networks Acquires AI Security Firm Aim Security</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
WhatsApp Bug Anchors Targeted Zero-Click iPhone Attacks
A "sophisticated" attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware.
Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack
Cloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps)."Over the past few weeks, we've autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps," the web infrastructure and security company said in a post on X. "
Police disrupts Streameast, largest pirated sports streaming network
The Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have shut down Streameast, the world's largest illegal live sports streaming network, and arrested two people allegedly associated with the operation. [...]