The Handala hacker group has launched a targeted campaign against Israeli high-tech and aerospace professionals, marking a concerning shift in geopolitically motivated cyber operations. The group recently published a list of individuals working in these critical sectors, accompanied by hostile…
Category: Cyber Security News
Poland Arrested Suspected Russian Citizen Hacking for Local Organizations Computer Networks
Polish authorities have arrested a Russian citizen suspected of conducting unauthorized cyberattacks against the computer networks of local organizations. The arrest marks a significant development in the country’s efforts to combat cybercrime targeting Polish and European businesses. On November 16,…
Comcast to Pay a $1.5 Million Fine to Settle an FCC Investigation Linked to Vendor Data Breach
The company has agreed to pay a $1.5 million fine to settle a Federal Communications Commission investigation into a data breach that exposed personal information from over 237,000 customers. Reuters reports that the FCC announced the settlement on Monday, ending…
London Councils’ IT Systems Impacted by CyberAttack, Including Phone Lines
Three West London councils are struggling with significant disruption to IT systems and phone lines after a cyberattack on a shared services provider, which officials are publicly describing only as an “IT incident”. The Royal Borough of Kensington and Chelsea…
Microsoft to Block External Scripts in Entra ID Logins to Enhance Protections
Microsoft has announced a significant security upgrade to its Microsoft Entra ID authentication process, as part of the company’s broader Secure Future Initiative. Microsoft is updating its Content Security Policy (CSP) to block the execution of external scripts during user…
Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments
A sophisticated, complex new cyber offensive has emerged from the “Scattered Lapsus$ Hunters,” a threat collective that has aggressively shifted toward exploiting supply-chain vulnerabilities. This latest campaign targets Zendesk, a critical customer support platform, effectively turning a trusted business tool…
Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets
The Shai Hulud 2.0 worm, first detected on November 24, 2025, has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology firms. While initial reports described it as a simple npm supply chain attack that flooded…
Vulnerable Codes in Legacy Python Packages Enables Attacks on Python Package Index Via Domain Compromise
Hidden vulnerabilities in legacy code often create unseen risks for modern development environments. One such issue recently surfaced within the Python ecosystem, where outdated bootstrap scripts associated with the zc.buildout tool expose users to domain takeover attacks. These scripts, designed…
Over 390 Abandoned iCalendar Sync Domains Could Expose ~4 Million Devices to Security Risks
Digital calendars have become indispensable tools for managing personal and professional schedules. Users frequently subscribe to external calendars for public holidays, sports schedules, or community events to keep their agendas up to date. While these subscriptions offer convenience, they create…
Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets
The software supply chain is under siege from “Shai Hulud v2,” a sophisticated malware campaign that has compromised 834 packages across the npm and Maven ecosystems. This new wave specifically targets GitHub Actions workflows, exploiting pull_request_target triggers to inject malicious…
NVIDIA DGX Spark Vulnerabilities Let Attackers Execute Malicious Code and DoS Attacks
An urgent security update for its DGX Spark AI workstation after discovering 14 vulnerabilities in the system’s firmware that could allow attackers to execute malicious code and launch denial-of-service attacks. The most severe flaw has a CVSS score of 9.3…
Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks
GitLab’s Vulnerability Research team has uncovered a large-scale supply chain attack spreading a destructive malware variant through the npm ecosystem. The malware, an evolved version of “Shai-Hulud,” contains a dangerous feature that threatens to destroy user data if attackers lose…
Qilin RaaS Exposed 1 Million Files and 2 TB of Data Linked to Korean MSP Breach
The “Korean Leaks” campaign has emerged as one of the most sophisticated supply chain attacks targeting South Korea’s financial sector in recent memory. This operation combined the capabilities of the Qilin Ransomware-as-a-Service (RaaS) group with potential involvement from North Korean…
Hackers Actively Exploiting IoT Vulnerabilities to Deploy New ShadowV2 Malware
During late October 2025, a new malware campaign dubbed ShadowV2 emerged, coinciding with a global AWS disruption. This sophisticated threat actively exploits vulnerabilities in IoT devices to assemble a botnet for distributed denial-of-service (DDoS) attacks. The malware’s rapid deployment indicates…
Gitlab Patches Multiple Vulnerabilities that Enable Authentication Bypass and DoS Attacks
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. The patches, rolled out in versions 18.6.1, 18.5.3, and 18.4.5, fix security flaws that could allow attackers to bypass authentication, steal user credentials,…
North Korean Hackers Exploiting npm, GitHub, and Vercel to Deliver OtterCookie Malware
A major security threat has emerged targeting software developers worldwide. North Korean state-sponsored threat actors, operating under the “Contagious Interview” campaign, are systematically spreading malicious packages across npm, GitHub, and Vercel infrastructure to deliver OtterCookie malware. This sophisticated multi-stage operation…
KawaiiGPT – Free WormGPT Variant Leveraging DeepSeek, Gemini, and Kimi-K2 AI Models
KawaiiGPT emerges as an accessible, open-source tool that mimics the controversial WormGPT, providing unrestricted AI assistance via jailbroken large language models. Hosted on GitHub with over 188 stars and 52 forks, it requires no API keys and installs quickly on…
Threat Actors Leverage Fake Update Lures to Deliver SocGholish Malware
Threat actors continue to exploit a dangerous vulnerability in user behavior by deploying fake software updates to deliver the SocGholish malware. This malware delivery framework has evolved significantly since its discovery in 2017, transforming from a simple web-based nuisance into…
ByteToBreach Cybercriminal Selling Sensitive Global Data from Airlines, Banks, and Governments
A cybercriminal operating under the alias ByteToBreach has emerged as a notable threat actor in the underground market, actively selling and leaking sensitive data from airlines, banks, universities, and government entities worldwide. Active since at least June 2025, this threat…
Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain
A critical security vulnerability has been discovered in the Angular framework that could allow attackers to steal sensitive user security tokens. The vulnerability, tracked as CVE-2025-66035, affects the Angular HttpClient and involves the accidental leakage of Cross-Site Request Forgery (XSRF) tokens. Angular applications…