Category: CySecurity News – Latest Information Security and Hacking Incidents

A single line of malicious code hidden in a counterfeit npm package has exposed potentially thousands of sensitive emails every day, raising fresh alarms about software supply-chain security.  The package, uploaded to npm under the name postmark-mcp, impersonated the legitimate…

Read more →

  Canadian police have shut down the cryptocurrency trading platform TradeOgre and seized digital assets valued at more than $40 million USD, marking both the country’s largest cryptocurrency seizure and the first time a crypto exchange has been dismantled by…

Read more →

  A ransomware operation claiming affiliation with the Medusa gang attempted to recruit BBC cybersecurity correspondent Joe Tidy as an insider threat, offering him substantial financial incentives in exchange for access to the broadcaster’s systems.  The threat actor, using the…

Read more →

An incident at the Federal Emergency Management Agency allowed threat actors to steal employee data from the US Customs and Border Protection and the disaster management office. The breach has allegedly triggered the removal of dozens of Federal Emergency Management…

Read more →

  Researchers have uncovered a previously undocumented Android banking trojan, dubbed Datzbro, that is being used in device-takeover campaigns aimed squarely at older adults. ThreatFabric, a Dutch mobile security firm, first tied the activity to a social-engineering network in August…

Read more →

  In today’s digitised world, where artificial intelligence tools are rapidly reshaping the way people work, communicate, and work together, it’s important to be aware that a quiet but pressing risk has emerged-that what individuals choose to share with chatbots…

Read more →

  Cybersecurity researchers at Cyble have revealed 22 vulnerabilities currently being exploited by threat actors, with nine of them missing from the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog. In its latest blog post, Cyble…

Read more →

  Phishing has long been associated with deceptive emails, but attackers are now widening their reach. Malicious links are increasingly being delivered through social media, instant messaging platforms, text messages, and even search engine ads. This shift is reshaping the…

Read more →

  Cloud misconfigurations persist as the foremost driver of cloud breaches in 2025, revealing deep-seated challenges in both technological and operational practices across organizations.  While cloud services promise remarkable agility and scale, the complexity of modern infrastructure and oversight failures…

Read more →

  A malicious npm package called fezbox was recently uncovered using an unusual trick: it pulls a dense QR code image from the attacker’s server and decodes that barcode to deliver a second-stage payload that steals browser cookies and credentials.…

Read more →

It has been reported that American Income Life, one of the world’s largest supplemental insurance providers, is now under close scrutiny following reports of a massive cyberattack that may have compromised the personal and insurance records of hundreds of thousands…

Read more →

  At DEF CON 33, independent security researcher Marek Tóth revealed a new class of attack called DOM-based extension clickjacking that can manipulate browser-based password managers and, in limited scenarios, hijack passkey authentication flows. This is not a failure of…

Read more →

  In recent months, reports of retail data breaches have surfaced with alarming frequency, showing that both luxury and high-street retailers are under relentless attack. During the second quarter of 2025, ransomware incidents publicly disclosed in the global retail sector…

Read more →

  A highly dangerous self-replicating malware called “Shai-Hulud” has recently swept through the global software supply chain, becoming one of the largest incidents of its kind ever documented.  Named after the sandworms in the Dune series, this worm has infected…

Read more →

  The wireless network has become a powerful invisible infrastructure that powers both homes and businesses in today’s interconnected world, silently enabling everything from personal communication to business operations.  In the same way that electricity has transformed from being an…

Read more →

  While most people have heard of ChatGPT, a new threat called SpamGPT is now making headlines. Security researchers at Varonis have discovered that this professional-grade email campaign tool is designed specifically for cybercriminals. The platform, they report, offers “all…

Read more →

  Cybersecurity today often feels like a never-ending contest between attackers and defenders. New threats emerge, and companies respond with stronger locks and barriers. But what if security could be built so firmly into the foundation of digital systems that…

Read more →

  We are living in an era where fast and effective solutions for data challenges are crucial. Relying solely on backups is no longer enough to guarantee business continuity in the face of cyberattacks, hardware failures, human error, or natural…

Read more →

  Retail is currently at a crossroads where digital transformation has redefined the very fabric of commerce. The industry has become increasingly dependent on digital technology, which has redefined commerce as we know it. As retail once revolved around physical…

Read more →

  Major U.S. wireless carriers have faced contrasting legal outcomes in their battles against Federal Communications Commission fines for selling customer location data without consent, creating an uncertain landscape for consumer privacy protection . Background on data selling practices In…

Read more →