Search the Portal

Recent Articles

APR2
Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign

Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration. "This tactic ensures that only valid card data is sent to the attackers, making the operation more efficient and potentially harder to detect," Jscrambler researchers Pedro

The Hacker News by info@thehackernews.com (The Hacker News)
APR2
Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation

In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material (CSAM). "A total of 1.8 million users worldwide logged on to the platform between April 2022 and March 2025," Europol said in a statement. "On March 11, 2025, the server, which contained around 72,000 videos at the time, was seized by

The Hacker News by info@thehackernews.com (The Hacker News)
APR2
Serial Entrepreneurs Raise $43M to Counter AI Deepfakes, Social Engineering

Adaptive is pitching a security platform designed to replicate real-world attack scenarios through AI-generated deepfake simulations. The post Serial Entrepreneurs Raise $43M to Counter AI Deepfakes, Social Engineering appeared first on SecurityWeek.

Security Week by Ryan Naraine
APR2
Vulnerabilities Expose Jan AI Systems to Remote Manipulation

Vulnerabilities in open source ChatGPT alternative Jan AI expose systems to remote, unauthenticated manipulation. The post Vulnerabilities Expose Jan AI Systems to Remote Manipulation appeared first on SecurityWeek.

Security Week by Ionut Arghire
APR2
Cyberhaven Banks $100 Million in Series D, Valuation Hits $1 Billion

Cyberhaven bags $100 million in funding at a billion-dollar valuation, a sign that investors remain bullish on data security startups. The post Cyberhaven Banks $100 Million in Series D, Valuation Hits $1 Billion appeared first on SecurityWeek.

Security Week by Ryan Naraine
APR2
AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor

The rise of zero-knowledge threat actors powered by AI marks a turning point in the business of cybercrime where sophisticated attacks are no longer confined to skilled attackers. The post AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor appeared first on SecurityWeek.

Security Week by Etay Maor
APR2
Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact

The Hacker News by info@thehackernews.com (The Hacker News)
APR2
Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses

DeepMind found that current AI frameworks are ad hoc, not systematic, and fail to provide defenders with useful insights. The post Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses appeared first on SecurityWeek.

Security Week by Kevin Townsend
APR2
North Korea’s IT Operatives Are Exploiting Remote Work Globally

The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk—using fake identities, remote access, and extortion to compromise organizations. The post North Korea’s IT Operatives Are Exploiting Remote Work Globally appeared first on SecurityWeek.

Security Week by Kevin Townsend
APR2
ImageRunner Flaw Exposed Sensitive Information in Google Cloud

Google has patched a Cloud Run vulnerability dubbed ImageRunner that could have been exploited to gain access to sensitive data. The post ImageRunner Flaw Exposed Sensitive Information in Google Cloud appeared first on SecurityWeek.

Security Week by Eduard Kovacs
APR2
Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers

Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices. For service providers, adhering to NIST

The Hacker News by info@thehackernews.com (The Hacker News)
APR2
Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks

North Korea’s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem. The post Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks appeared first on SecurityWeek.

Security Week by Ionut Arghire
APR2
Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers

Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis

The Hacker News by info@thehackernews.com (The Hacker News)
APR2
Questions Remain Over Attacks Causing DrayTek Router Reboots

DrayTek has shared some clarifications regarding the recent attacks causing router reboots, but some questions remain unanswered. The post Questions Remain Over Attacks Causing DrayTek Router Reboots appeared first on SecurityWeek.

Security Week by Eduard Kovacs
APR2
Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users

Gmail now allows enterprise users to send end-to-end encrypted emails to colleagues, and will soon allow sending to any inbox. The post Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users appeared first on SecurityWeek.

Security Week by Ionut Arghire