Category: CySecurity News – Latest Information Security and Hacking Incidents

  Cybersecurity experts have uncovered a supply chain compromise targeting the Open VSX Registry, where unknown attackers abused a legitimate developer’s account to distribute malicious updates to unsuspecting users. According to findings from Socket, the attackers infiltrated the publishing environment…

Read more →

Currently, the modern internet is characterized by near-constant contention, in which defensive controls are being continuously tested against increasingly sophisticated adversaries. However, there are some instances where even experienced security teams are forced to rethink long-held assumptions about scale and…

Read more →

Cybercriminals are running a large-scale email scam that falsely claims cloud storage subscriptions have failed. For several months, people across different countries have been receiving repeated messages warning that their photos, files, and entire accounts will soon be restricted or…

Read more →

  A former Google software engineer has been found guilty in the United States for unlawfully taking thousands of confidential Google documents to support a technology venture in China, according to an announcement made by the Department of Justice (DoJ)…

Read more →

Mandiant recently said that it found an increase in threat activity that deploys tradecraft for extortion attacks carried out by a financially gained group ShinyHunters. These attacks use advanced voice phishing (vishing) and fake credential harvesting sites imitating targeted organizations…

Read more →

  Security researchers at Varonis have uncovered a new prompt-injection technique targeting Microsoft Copilot, highlighting how a single click could be enough to compromise sensitive user data. The attack method, named Reprompt, abuses the way Copilot and similar generative AI…

Read more →

MicroWorld Technologies has acknowledged that there was a breach of its update distribution infrastructure due to a compromise of a server that is used to deliver eScan antivirus updates to end users, which was then used to send an unauthorized…

Read more →

  Indirect prompt injection happens when an AI system treats ordinary input as an instruction. This issue has already appeared in cases where bots read prompts hidden inside web pages or PDFs. Now, researchers have demonstrated a new version of…

Read more →

Ivanti has released urgent security updates for two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) platform that were already being abused by attackers before the flaws became public. EPMM is widely used by enterprises to manage and secure mobile…

Read more →

  Operating entirely in system memory, Cyble Research & Intelligence Labs (CRIL) uncovered ShadowHS, a Linux post-exploitation toolkit built for covert persistence after an initial breach. Instead of dropping binaries on disk, it runs filelessly, helping it bypass standard security…

Read more →

  Cybersecurity researchers have uncovered a alarming surge in malicious Google Chrome extensions that hijack affiliate links, steal sensitive data, and siphon OpenAI ChatGPT authentication tokens. These deceptive add-ons, masquerading as handy shopping aids and AI enhancers, infiltrate the Chrome…

Read more →

  There was an ongoing quiet, methodical campaign unfolding across many sections of the web infrastructure in Asia by the spring of 2025, a campaign which did not rely on loud disruptions or overt destruction, but instead relied on subtle…

Read more →

  The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance warning that insider threats represent a major and growing risk to organizational security. The advisory was issued during the same week reports emerged about a senior agency…

Read more →

A wave of connected cyber intrusions struck multiple points in Poland’s electricity infrastructure near the end of 2025. Dragos, an industrial control system security firm, assessed with limited certainty that the activity aligns with a Russia-linked group known as ELECTRUM.…

Read more →

  Security researchers have raised alarms over a remote administration tool that can quietly turn into a stealthy entry point for cybercriminals. The program, flagged as HEURRemoteAdmin.GoToResolve.gen, is now classified as a Potentially Unwanted Application (PUA) due to the way…

Read more →

  The underlying ecosystem of legitimate proxy and VPN providers might appear to be fragmented at the surface, but as far as Google is concerned, there is something much more coordinated and deceptive below the surface. In a recent investigation…

Read more →

Google has updated its Chrome browser by adding a built-in artificial intelligence panel powered by its Gemini model, marking a stride toward automated web interaction. The change reflects the company’s broader push to integrate AI directly into everyday browsing activities.…

Read more →

  Anthropic has rolled out a new set of technical controls aimed at stopping third-party applications from impersonating its official coding client, Claude Code, to gain cheaper access and higher usage limits to Claude AI models. The move has directly…

Read more →

  A massive cyberattack was launched against Delta, a leading Russian smart alarm system supplier for residential, commercial, and automotive use, on 26 January 2026, causing widespread operational disruptions across the country. The attack crippled Delta’s information technology systems, bringing…

Read more →

  A familiar, uneasy brink appears to be looming between India and Pakistan once again, where geopolitical tension spills over borders into less visible spheres and risks spilling over into more obscure regions. As the war intensified in May 2025,…

Read more →