Hack Read

Philadelphia, PA, United States, 9th March 2026, CyberNewswire

Researchers say Iran's MuddyWater hackers targeted US companies and an Israeli software firm’s department in a cyber campaign using the Dindoor malware - All this amid the ongoing conflict.

Security firm Pillar reveals the Chaos Agent in which Hackerbot-Claw, an AI agent, used natural language to compromise major GitHub projects and hijack developer tools.

A new phishing campaign is targeting thousands in the US by posing as the Social Security Administration. Learn how scammers use fake 2025/2026 tax statements and Datto RMM software to hijack computers and steal data, as shared with Hackread.com

Researchers at Acronis have discovered a malicious trojanized version of the Red Alert rocket warning app targeting Israeli Android users. Distributed via fake Home Front Command SMS messages, this spyware steals GPS data, SMS messages, and contact lists while maintaining full alert functionality.

A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub.

Cisco patches 48 vulnerabilities in Secure Firewall products, including two critical CVSS 10 flaws that could allow authentication bypass and remote code execution.

Hidden cyber risks in remote work include insecure home Wi-Fi, phishing attacks, and data exposure, leaving businesses and employees vulnerable to breaches.

Bitdefender research reveals Pakistani group APT36 is using AI-generated vibeware and trusted cloud services like Google Sheets to target Indian officials.

Discover the best next-gen endpoint protection platforms in 2026, built to detect modern threats, stop credential abuse, and secure enterprise devices.

Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files.

Hydrolix expert Tom Howe explains how AI bots impact ecommerce, how to spot good vs malicious bots, and why blocking them can hurt sales.

Europol seizes LeakBase cybercrime and hacker forum used to trade stolen data, disrupting a global platform with over 140,000 members.

Europol and partners dismantle Tycoon 2FA phishing service used to bypass MFA, disrupting a global phishing-as-a-service operation targeting organisations.

Institutional DeFi helps corporations improve treasury liquidity, speed cross-border settlements, and manage capital using secure permissioned blockchain protocols.

Startups often expose sensitive data during pitches and hiring. Learn when to use NDAs and simple workflows to close confidentiality gaps.

A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks

Best DeleteMe alternatives for 2026 compared, including Incogni, Optery, Aura, Kanary, and Privacy Bee for data broker removal and privacy protection.

The University of Hawaii Cancer Centre has confirmed a massive ransomware attack affecting 1.24 million people. Sensitive data, including Social Security numbers and historical voter records dating back to 1993, was compromised.

Swap scams target traders through fake DEX sites, token approvals, and phishing. Learn how to detect swap scams and protect funds before you swap now.