Category: CySecurity News – Latest Information Security and Hacking Incidents

  Pet wellness brand Petco has temporarily taken parts of its Vetco Clinics website offline after a security failure left large amounts of customer information publicly accessible. TechCrunch notified the company about the exposed Vetco customer and pet data, after…

Read more →

  Ivanti is urging customers to quickly patch a critical vulnerability in its Endpoint Manager (EPM) product that could let remote attackers execute arbitrary JavaScript in administrator sessions through low-complexity cross-site scripting (XSS) attacks.The issue, tracked as CVE-2025-10573, affects the…

Read more →

  While December’s Patch Tuesday gave us a lighter release than normal, it arrived with several urgent vulnerabilities that need attention immediately. In all, Microsoft released 57 CVE patches to finish out 2025, including one flaw already under active exploitation…

Read more →

  The United Kingdom’s National Cyber Security Centre has issued a strong warning about a spreading weakness in artificial intelligence systems, stating that prompt-injection attacks may never be fully solved. The agency explained that this risk is tied to the…

Read more →

  The generative AI revolution is reshaping the foundations of modern work in an age when organizations are increasingly relying on large language models like ChatGPT and Claude to speed up research, synthesize complex information, and interpret extensive data sets…

Read more →

  OpenAI revealed a security incident in late- November 2025 that allowed hackers to access data about users via its third-party analytics provider, Mixpanel. The breach, which took place on November 9, 2025, exposed a small amount of personally identifiable information for…

Read more →

  Researchers have now identified four distinct threat activity clusters associated with the malware loader CastleLoader, bolstering previous estimates that the tool was being supplied to multiple cybercriminal groups through a malware-as-a-service model. In this, the operator of this ecosystem…

Read more →

  Nearly 200 people — including several minors linked to murder attempts — have been taken into custody over the past six months under Europol’s Operational Taskforce (OTF) GRIMM. The initiative focuses on dismantling what authorities describe as “violence-as-a-service” networks,…

Read more →

Rise in hypervisor ransomware incidents  Cybersecurity experts from Huntress have noticed a sharp rise in ransomware incidents on hypervisors and have asked users to be safe and have proper back-up.  The Huntress case data has disclosed a surprising increase in…

Read more →

  It is estimated that there are more than 1,000 sophisticated virtual kidnapping scams being perpetrated right now, prompting fresh warnings from the FBI, as criminals are increasingly using facial recognition software to create photos, videos, and sound files designed…

Read more →

  The market for initial access brokers has expanded rapidly over the past two years, creating a system that allows advanced threat actors to outsource the early stages of an intrusion, according to new research from Check Point. The report…

Read more →

  Security researcher Lyra Rebane has developed a new type of clickjacking attack that cleverly exploits Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS) to bypass traditional web protections. Rebane first showcased this discovery during BSides Tallinn in October…

Read more →

Retailers rely heavily on the year-end shopping season, but it also happens to be the period when online threats rise faster than most organizations can respond. During the rush, digital systems handle far more traffic than usual, and internal teams…

Read more →

  FinCEN’s most recent report has revealed that ransomware activity reached a new peak in 2023, accumulating over $1.1 billion in payments before a decline in 2024, as law enforcement pursued major gangs such as ALPHV/BlackCat, LockBit. In general, FinCEN data…

Read more →

  A newly disclosed vulnerability in Apache Tika has had the cybersecurity community seriously concerned because researchers have confirmed that it holds a maximum CVSS severity score of 10.0. Labeled as CVE-2025-66516, the vulnerability facilitates XXE attacks and may allow…

Read more →

New Android malware found Researchers have revealed details of two Android malware strains called SeedSnatcher and FvncBot. Upgraded version of ClayRat was also found in the wild.  About the malware  FvncBot works as a security app built by mBank and…

Read more →

  The recently discovered wave of malicious activity has raised fresh concerns for cybersecurity analysts, who claim that ShadowV2 – a fast-evolving strain of malware that is quietly assembling a global network of compromised devices – is quietly causing alarm.…

Read more →

Cybersecurity researchers have sounded the alarm about a new malware campaign called JS#SMUGGLER, which is using hacked websites to distribute the NetSupport remote access trojan (RAT). Securonix analysed the attack method, describing it as a multi-stage sequence designed to evade…

Read more →

Your organization can now read your texts Microsoft stirred controversy when it revealed a Teams update that could tell your organization when you’re not at work. Google did the same. Say goodbye to end-to-end encryption. With this new RCS and…

Read more →

  Meta has started taking down accounts belonging to Australians under 16 on Instagram, Facebook and Threads, beginning a week before Australia’s new age-restriction law comes into force. The company recently alerted users it believes are between 13 and 15…

Read more →