UK govt backs JLR with £1.5 billion loan guarantee after cyberattack
The UK Government is providing Jaguar Land Rover (JLR) with a £1.5 billion loan guarantee to restore its supply chain after a…
Harrods suffers new data breach exposing 430,000 customer records
UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records…
Akira ransomware breaching MFA-protected SonicWall VPN accounts
Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully…
Fake Microsoft Teams installers push Oyster malware via malvertising
Hackers have been spotted using SEO poisoning and search engine advertisements to promote fake Microsoft Teams installers that infect…
Dutch teens arrested for trying to spy on Europol for Russia
Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday.…
Google Ads Used to Spread Trojan Disguised as TradingView Premium
A malicious advertising campaign that has been tricking content creators and unsuspecting users into downloading harmful software by offering…
Microsoft Edge to block malicious sideloaded extensions
Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web…
Fake Ukraine Police Notices Spread New Amatera Stealer and PureMiner
Hackers are distributing malicious emails that imitate official notices from the National Police of Ukraine. This phishing campaign,…
Maximum severity GoAnywhere MFT flaw exploited as zero day
Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands…
Archer Health Data Leak Exposes 23GB of Medical Records
A large cache of medical and personal information belonging to patients of Archer Health Inc. was left publicly accessible after a database…
Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs
Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating…
Unofficial Postmark MCP npm silently stole users' emails
A npm package copying the official ‘postmark-mcp’ project on GitHub turned bad with the latest update that added a single…
Co-op says it lost $107 million after Scattered Spider attack
The Co-operative Group in the U.K. released its interim financial results report for the first half of 2025 with a massive loss in operating…
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have…
Vietnamese Hackers Use Fake Copyright Notices to Spread Lone None Stealer
A Vietnamese hacking group known as Lone None is running an online scam campaign that has been active since at least November 2024. The…
Cisco warns of ASA firewall zero-days exploited in attacks
Cisco warned customers today to patch two zero-day vulnerabilities that are actively being exploited in attacks and impact the company's…
Amazon pays $2.5 billion to settle Prime memberships lawsuit
Amazon will pay $2.5 billion to settle claims by the U.S. Federal Trade Commission (FTC) that it used dark patterns to trick millions of users…
Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency…
ForcedLeak Flaw in Salesforce Agentforce AI Agent Exposed CRM Data
A vulnerability dubbed ForcedLeak was recently discovered in Salesforce Agentforce, an AI-driven system designed to handle complex business…
Teen suspected of Vegas casino cyberattacks released to parents
A 17-year-old hacker who surrendered to face charges over cyberattacks targeting Vegas casinos in 2023 has been released into the custody of…
Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems
Thousands of companies using Fortra’s GoAnywhere Managed File Transfer (MFT) solution are facing an immediate threat of full system…
China-Linked Hackers Hit US Tech Firms with BRICKSTORM Malware
A group of hackers with links to China has been caught running a long-term spying operation against US companies. Cybersecurity researchers at…
New Supermicro BMC flaws can create persistent backdoors
Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to…
Kali Linux 2025.3 released with 10 new tools, wifi enhancements
Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. Kali…
PSF Warns of Fake PyPI Login Site Stealing User Credentials
The Python Software Foundation (PSF) is warning developers about a fresh phishing campaign that targets users of the Python Package Index…
Cisco warns of IOS zero-day vulnerability exploited in attacks
Cisco has released security updates to address a high-severity zero-day vulnerability in Cisco IOS and IOS XE Software that is currently being…
Unpatched flaw in OnePlus phones lets rogue apps text messages
A vulnerability in multiple versions of OxygenOS, the Android-based operating system from OnePlus, allows any installed app to access SMS data…
Police seizes $439 million stolen by cybercrime rings worldwide
In a five-month joint operation led by Interpol, law enforcement agencies have seized more than $439 million in cash and cryptocurrency linked…
Google: Brickstone malware used to steal U.S. orgs' data for over a year
Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S. organizations in the…
UK arrests suspect for RTX ransomware attack causing airport disruptions
The UK's National Crime Agency has arrested a suspect linked to a ransomware attack that is causing widespread disruptions across European…
PyPI urges users to reset credentials after new phishing attacks
The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset…
GitHub notifications abused to impersonate Y Combinator for crypto theft
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026…
Boyd Gaming discloses data breach after suffering a cyberattack
US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and…
Libraesva ESG issues emergency fix for bug exploited by state hackers
Libraesva rolled out an emergency update for its Email Security Gateway (ESG) solution to fix a vulnerability exploited by threat actors…
WhatsApp adds message translation to iPhone and Android apps
WhatsApp has started rolling out a new translation feature that enables Android and iPhone users to translate messages in chats, groups, and…
Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack
Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and…
CISA says hackers breached federal agency using GeoServer exploit
CISA has revealed that attackers breached the network of an unnamed U.S. federal civilian executive branch (FCEB) agency last year after…
Police dismantles crypto fraud ring linked to €100 million in losses
Law enforcement authorities in Europe have arrested five suspects linked to a cryptocurrency investment fraud ring that stole over €100…
SolarWinds releases third patch to fix Web Help Desk RCE bug
SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without…
SonicWall releases SMA100 firmware update to wipe rootkit malware
SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices.…
GitHub tightens npm security with mandatory 2FA, access tokens
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently.…
NPM package caught using QR Code to fetch cookie-stealing malware
Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The…