Category: CySecurity News – Latest Information Security and Hacking Incidents

  A new wave of the Sha1-Hulud malware campaign has unfolded, indicating further exacerbation of supply-chain attacks against the software development ecosystem. The recent attacks have hit the Node Package Manager, or npm, one of the largest open-source package managers…

Read more →

  In the face of looming Black Friday 2025 frenzy, Amazon has unveiled a warning to its large customer base that is expected to overlap the holiday season’s busiest shopping week. The warning warns of a surge in sophisticated scams…

Read more →

Scammers target government officials  In a likely phishing attempt, over four employees of Kasaragod and Wayanad Collectorates received WhatsApp texts from accounts imitating their district Collectors and asking for urgent money transfers. After that, the numbers have been sent to…

Read more →

  The second wave of the Shai-Hulud malware attack last week led to the exposure of nearly 400,000 raw secrets after compromising hundreds of NPM (Node Package Manager) packages and leaking stolen data across more than 30,000 GitHub repositories. While…

Read more →

  The UK’s National Crime Agency (NCA) has revealed that a billion-dollar money laundering network operating in Britain purchased a majority stake in a bank in Kyrgyzstan to process the proceeds of cybercrime and convert them into cryptocurrency that could…

Read more →

  The developers of the Tor network are preparing to replace one of the project’s oldest encryption systems in an effort to defend users against increasingly sophisticated cyberattacks. Tor confirmed that the relay encryption algorithm known as “tor1” will be…

Read more →

  An ongoing security incident at Gainsight’s customer-management platform has raised fresh alarms about how deeply third-party integrations can affect cloud environments. The breach centers on compromised OAuth tokens connected with Gainsight’s Salesforce connectors, leaving unclear how many organizations touched…

Read more →

  The ransomware gang Rhysida has claimed responsibility for a cyberattack targeting the Cleveland County Sheriff’s Office in Oklahoma. The sheriff’s office publicly confirmed the incident on November 20, stating that parts of its internal systems were affected. However, key…

Read more →

  Researchers at MTI Security have unearthed a particularly advanced strain of Android malware called Sturnus, which threatens to compromise the data and security of mobile phone owners. The malware reportedly employs advanced interception techniques to capture data and circumvent even…

Read more →

  Taking action to demonstrate the United States’ commitment to combating transnational cyber-fraud networks, the Department of Justice has announced a decisive seizure of tickmilleas.com, a domain allegedly used by a sophisticated cryptocurrency investment scam originating in Burma, as a…

Read more →

  Your smartphone stores personal conversations, financial data, photos, and daily movements. This concentration of information makes it attractive to attackers who rely on spyware. Spyware is malicious software that pretends to be a useful app while silently collecting information.…

Read more →

  The U.S. Cybersecurity and Infrastructure Security Agency has issued an unusually direct warning regarding a series of active campaigns deploying advanced spyware against users of encrypted messaging platforms, including Signal and WhatsApp. According to the agency, these operations are…

Read more →

  In an unmistakable demonstration of the speed and sophistication of modern financial fraud, investigators say a sum of almost six crore was transferred within a matter of minutes, passing through an extensive chain of locations and accounts before disappearing…

Read more →

  The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about state-backed threat actors and cyber-mercenaries actively exploiting commercial spyware to compromise Signal and WhatsApp accounts belonging to high-value targets. The alert, published in late November 2025,…

Read more →

Google has confirmed that hackers stole data from more than 200 companies after exploiting apps developed by Gainsight, a customer success software provider. The breach targeted Salesforce systems and is being described as one of the biggest supply chain attacks…

Read more →

  PostHog has described the Shai-Hulud 2.0 npm worm incident as “the largest and most impactful security incident” the company has ever faced, after attackers managed to push tainted versions of its JavaScript SDKs and attempted to automatically harvest developer…

Read more →

  A new phishing operation is misleading users through an extremely subtle visual technique that alters the appearance of Microsoft’s domain name. Attackers have registered the look-alike address “rnicrosoft(.)com,” which replaces the single letter m with the characters r and…

Read more →

  Security analysts have identified a new escalation in cyber operations linked to North Korea, as two of the country’s most well-known threat actors—Kimsuky and Lazarus—have begun coordinating attacks with unprecedented precision. A recent report from Trend Micro reveals that…

Read more →

  X’s new location feature has revealed that many high-engagement US political accounts, particularly pro-Trump ones, are actually operated from countries outside the United States such as Russia, Iran, and Kenya.  This includes accounts that strongly claim to represent American…

Read more →

  As data breaches surge, experts warn consumers to guard personal information before it reaches the dark web With data breaches becoming almost routine, more consumers are being forced to confront the risks of having their personal information exposed online. …

Read more →