Deeba Ahmed

1875 posts

Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage.

2 minute read

Cursor AI IDE vulnerability allows code execution via hidden Git hooks

Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories.

byDeeba Ahmed

April 29, 2026

2 minute read

New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords

Forcepoint’s X-Labs reports an 11-step DHL phishing scam that uses fake OTP codes and EmailJS to harvest user credentials and device telemetry.

byDeeba Ahmed

April 28, 2026

Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise

3 minute read

Security

Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise

Security experts have found a high-severity flaw named Pack2TheRoot in PackageKit that allows hackers to gain full root access on multiple Linux distributions.

byDeeba Ahmed

April 28, 2026

Cisco Firewalls Hit by Stealthy FIRESTARTER Backdoor

3 minute read

New Linux FIRESTARTER Backdoor Targets Cisco Firepower Devices

CISA and NCSC warn that FIRESTARTER, a Linux-based backdoor, targets Cisco Firepower devices, evades patches, and enables persistent access even after firmware updates.

byDeeba Ahmed

April 28, 2026

2 minute read

UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware

UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks.

byDeeba Ahmed

April 27, 2026

3 minute read

Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files

New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data.

byDeeba Ahmed

April 27, 2026

2 minute read

Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation

Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft.

byDeeba Ahmed

April 26, 2026

Fake CAPTCHA Pages Exploit Clicks to Send Costly International Texts

2 minute read

Fake CAPTCHA Scam Abuses Verification Clicks to Send Costly International Texts

Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts.

byDeeba Ahmed

April 25, 2026

3 minute read

New ClickFix attack Hides in Native Windows Tools to Reduce Detection Risk

Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows

byDeeba Ahmed

April 24, 2026

3 minute read

TeamPCP Hijacks Bitwarden CLI, Uses Dependabot to Deploy Shai-Hulud Malware

GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools.

byDeeba Ahmed

April 24, 2026

The Latest

AI Voice Cloning: The Technology Behind It, Who’s Building It, and Where It’s Headed

Critical ‘Claw Chain’ Vulnerabilities Put Thousands of OpenClaw AI Servers at Risk

The Next Cybersecurity Challenge May Be Verifying AI Agents

Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4

Deeba Ahmed

Cursor AI IDE vulnerability allows code execution via hidden Git hooks

New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords

Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise

New Linux FIRESTARTER Backdoor Targets Cisco Firepower Devices

UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware

Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files

Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation

Fake CAPTCHA Scam Abuses Verification Clicks to Send Costly International Texts

New ClickFix attack Hides in Native Windows Tools to Reduce Detection Risk

TeamPCP Hijacks Bitwarden CLI, Uses Dependabot to Deploy Shai-Hulud Malware

Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program

LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations

Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations

Brinker Introduces a Novel Approach to Deepfake Detection

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation