Category: CySecurity News – Latest Information Security and Hacking Incidents

  Inside a government building in Rome, located opposite the ancient Aurelian Walls, dozens of cybersecurity professionals have been carrying out continuous monitoring operations for nearly a year. Their work focuses on tracking suspicious discussions and coordination activity taking place…

Read more →

A Farsi-speaking threat actor believed to be aligned with Iranian state interests is suspected of carrying out a new cyber campaign targeting non-governmental organizations and individuals documenting recent human rights abuses in Iran, according to a report by HarfangLab.  The…

Read more →

Hackers and other criminals can easily hijack computers running open-source large language models and use them for illicit activity, bypassing the safeguards built into major artificial intelligence platforms, researchers said on Thursday. The findings are based on a 293-day study…

Read more →

  WhatsApp has launched a new high-security mode called “Strict Account Settings,” providing users with enhanced defenses against sophisticated cyber threats. This feature, introduced on January 27, 2026, allows one-click activation and builds on the platform’s existing end-to-end encryption. It…

Read more →

Apple has introduced a new privacy feature that allows users to restrict the accuracy of location data shared with cellular networks on a few iPad models and iPhone.  About the feature The “Limit Precise Location” feature will start after updating…

Read more →

  A new data theft has surfaced linked to ShinyHunters, which now claims it stole more than 10 million user records from Match Group, the U.S. company behind several major swipe-based dating platforms. The group has positioned the incident as…

Read more →

  Cybersecurity experts have uncovered a supply chain compromise targeting the Open VSX Registry, where unknown attackers abused a legitimate developer’s account to distribute malicious updates to unsuspecting users. According to findings from Socket, the attackers infiltrated the publishing environment…

Read more →

Currently, the modern internet is characterized by near-constant contention, in which defensive controls are being continuously tested against increasingly sophisticated adversaries. However, there are some instances where even experienced security teams are forced to rethink long-held assumptions about scale and…

Read more →

Cybercriminals are running a large-scale email scam that falsely claims cloud storage subscriptions have failed. For several months, people across different countries have been receiving repeated messages warning that their photos, files, and entire accounts will soon be restricted or…

Read more →

  A former Google software engineer has been found guilty in the United States for unlawfully taking thousands of confidential Google documents to support a technology venture in China, according to an announcement made by the Department of Justice (DoJ)…

Read more →

Mandiant recently said that it found an increase in threat activity that deploys tradecraft for extortion attacks carried out by a financially gained group ShinyHunters. These attacks use advanced voice phishing (vishing) and fake credential harvesting sites imitating targeted organizations…

Read more →

  Security researchers at Varonis have uncovered a new prompt-injection technique targeting Microsoft Copilot, highlighting how a single click could be enough to compromise sensitive user data. The attack method, named Reprompt, abuses the way Copilot and similar generative AI…

Read more →

MicroWorld Technologies has acknowledged that there was a breach of its update distribution infrastructure due to a compromise of a server that is used to deliver eScan antivirus updates to end users, which was then used to send an unauthorized…

Read more →

  Indirect prompt injection happens when an AI system treats ordinary input as an instruction. This issue has already appeared in cases where bots read prompts hidden inside web pages or PDFs. Now, researchers have demonstrated a new version of…

Read more →

Ivanti has released urgent security updates for two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) platform that were already being abused by attackers before the flaws became public. EPMM is widely used by enterprises to manage and secure mobile…

Read more →

  Operating entirely in system memory, Cyble Research & Intelligence Labs (CRIL) uncovered ShadowHS, a Linux post-exploitation toolkit built for covert persistence after an initial breach. Instead of dropping binaries on disk, it runs filelessly, helping it bypass standard security…

Read more →

  Cybersecurity researchers have uncovered a alarming surge in malicious Google Chrome extensions that hijack affiliate links, steal sensitive data, and siphon OpenAI ChatGPT authentication tokens. These deceptive add-ons, masquerading as handy shopping aids and AI enhancers, infiltrate the Chrome…

Read more →

  There was an ongoing quiet, methodical campaign unfolding across many sections of the web infrastructure in Asia by the spring of 2025, a campaign which did not rely on loud disruptions or overt destruction, but instead relied on subtle…

Read more →

  The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance warning that insider threats represent a major and growing risk to organizational security. The advisory was issued during the same week reports emerged about a senior agency…

Read more →

A wave of connected cyber intrusions struck multiple points in Poland’s electricity infrastructure near the end of 2025. Dragos, an industrial control system security firm, assessed with limited certainty that the activity aligns with a Russia-linked group known as ELECTRUM.…

Read more →