Meet SpamGPT and MatrixPDF, AI Toolkits Driving Malware Attacks
A new trend lately observed in the world of cybercrime is the demand for user-friendly, plug-and-play tools that make it easier for people…
Google Drive for desktop gets AI-powered ransomware detection
Google has begun rolling out a new AI-powered security feature for Google Drive desktop, which will automatically pause file syncing when it…
Allianz Life says July data breach impacts 1.5 million people
Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are…
Detour Dog’s DNS Hijacking Infects 30,000 Websites with Strela Stealer
New research from Infoblox Threat Intel has revealed that an established, persistent group of cybercriminals, Detour Dog, has been silently…
New MatrixPDF toolkit turns PDFs into phishing and malware lures
A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that…
Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years
Researchers at Palo Alto Networks say a Chinese-linked cyberespionage group has been targeting foreign ministries, embassies, and…
WestJet confirms recent breach exposed customers' passports
Canadian airline WestJet is informing customers that the cyberattack disclosed in June compromised their sensitive information, including…
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws
Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable…
Hack of US Surveillance Provider RemoteCOM Exposes Court Data
A major data breach has compromised the personal records of nearly 14,000 individuals under court supervision, alongside contact information…
US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online
A massive collection of data belonging to customers of ClaimPix, an Illinois-based platform for managing auto insurance claims across the…
Critical WD My Cloud bug allows remote command injection
Western Digital has released firmware updates for multiple My Cloud NAS models to patch a critical-severity vulnerability that could be…
Broadcom fixes high-severity VMware NSX bugs reported by NSA
Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency…
Microsoft Flags AI Phishing Attack Hiding in SVG Files
Forget the old, error-filled emails you could spot easily. Cybercriminals have completely upgraded their methods, using AI (Artificial…
UK convicts "Bitcoin Queen" in world’s largest cryptocurrency seizure
The Metropolitan Police has secured a conviction in what is believed to be the world's largest cryptocurrency seizure, valued at more than…
Japan's largest brewer suspends operations due to cyberattack
Asahi Group Holdings, Ltd (Asahi), the brewer of Japan’s top-selling beer, has disclosed a cyberattack that disrupted several of its…
Ransomware gang sought BBC reporter’s help in hacking media giant
Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a…
UK govt backs JLR with £1.5 billion loan guarantee after cyberattack
The UK Government is providing Jaguar Land Rover (JLR) with a £1.5 billion loan guarantee to restore its supply chain after a…
Harrods suffers new data breach exposing 430,000 customer records
UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records…
Akira ransomware breaching MFA-protected SonicWall VPN accounts
Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully…
Fake Microsoft Teams installers push Oyster malware via malvertising
Hackers have been spotted using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect…
Dutch teens arrested for trying to spy on Europol for Russia
Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday.…
Google Ads Used to Spread Trojan Disguised as TradingView Premium
A malicious advertising campaign that has been tricking content creators and unsuspecting users into downloading harmful software by offering…
Microsoft Edge to block malicious sideloaded extensions
Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web…
Fake Ukraine Police Notices Spread New Amatera Stealer and PureMiner
Hackers are distributing malicious emails that imitate official notices from the National Police of Ukraine. This phishing campaign,…
Maximum severity GoAnywhere MFT flaw exploited as zero day
Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands…
Archer Health Data Leak Exposes 23GB of Medical Records
A large cache of medical and personal information belonging to patients of Archer Health Inc. was left publicly accessible after a database…
Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs
Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating…
Unofficial Postmark MCP npm silently stole users' emails
A npm package copying the official ‘postmark-mcp’ project on GitHub turned bad with the latest update that added a single…
Co-op says it lost $107 million after Scattered Spider attack
The Co-operative Group in the U.K. released its interim financial results report for the first half of 2025 with a massive loss in operating…
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have…
Vietnamese Hackers Use Fake Copyright Notices to Spread Lone None Stealer
A Vietnamese hacking group known as Lone None is running an online scam campaign that has been active since at least November 2024. The…
Cisco warns of ASA firewall zero-days exploited in attacks
Cisco warned customers today to patch two zero-day vulnerabilities that are actively being exploited in attacks and impact the company's…
Amazon pays $2.5 billion to settle Prime memberships lawsuit
Amazon will pay $2.5 billion to settle claims by the U.S. Federal Trade Commission (FTC) that it used dark patterns to trick millions of users…
Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency…
ForcedLeak Flaw in Salesforce Agentforce AI Agent Exposed CRM Data
A vulnerability dubbed ForcedLeak was recently discovered in Salesforce Agentforce, an AI-driven system designed to handle complex business…
Teen suspected of Vegas casino cyberattacks released to parents
A 17-year-old hacker who surrendered to face charges over cyberattacks targeting Vegas casinos in 2023 has been released into the custody of…
Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems
Thousands of companies using Fortra’s GoAnywhere Managed File Transfer (MFT) solution are facing an immediate threat of full system…
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware
A group of hackers with links to China has been caught running a long-term spying operation against US companies. Cybersecurity researchers at…
New Supermicro BMC flaws can create persistent backdoors
Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to…
Kali Linux 2025.3 released with 10 new tools, wifi enhancements
Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. Kali…
PSF Warns of Fake PyPI Login Site Stealing User Credentials
The Python Software Foundation (PSF) is warning developers about a fresh phishing campaign that targets users of the Python Package Index…
Cisco warns of IOS zero-day vulnerability exploited in attacks
Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being…