Category: CySecurity News – Latest Information Security and Hacking Incidents

  The blockchain security company CertiK disclosed how a new generation of scammers is changing their tactics to target automated trading bots in the wake of the LIBRA meme currency fiasco, in which insiders were given advanced information of the…

Read more →

There was a time when the internet could be considered safe, if the users were careful. Gone are the days, safe internet seems like a distant dream. It is not a user’s fault when the data is leaked, passwords are…

Read more →

  Windows Defender, the built-in antivirus tool in Windows, provides real-time protection against malware by scanning for suspicious activity and blocking known threats using an extensive virus definition database. However, no antivirus software can completely prevent users from unknowingly installing…

Read more →

  Under research conducted by security researchers, it was discovered that a widely used door access control system includes an inherently insecure default password. Thousands of buildings across the country have insecure default passwords that can be accessed easily and…

Read more →

  Spyware applications designed to secretly monitor people’s phones are becoming more common. These programs, known as stalkerware, can track private messages, calls, photos, locations, and other personal data without the user’s knowledge. Often installed without permission, they operate silently…

Read more →

Cybersecurity researchers at Hunt.io have found an updated version of LightSpy implant, a modular surveillance framework for data collection and extraction. Famous for attacking mobile devices initially, further enquiry revealed it can attack macOS, Windows, Linux, and routers.  LightSpy has…

Read more →

  Dubai-based cryptocurrency exchange Bybit Technology Ltd. has fallen victim to a massive cyberattack, with approximately $1.5 billion in cryptocurrency stolen. The breach is believed to be the largest single theft in cryptocurrency history. Bybit, a well-established exchange with over…

Read more →

  A clinical research database containing over 1.6 million patient records was discovered publicly accessible online without encryption or password protection. Security researcher Jeremiah Fowler found the dataset, linked to DM Clinical Research, exposing sensitive information such as names, medical…

Read more →

  McAfee Labs has uncovered a rise in cyber scams where fraudsters use fake viral video links to trick people into downloading malware. These attacks rely on social engineering, enticing users with promises of exclusive or leaked content.  Once a…

Read more →

  A concerning trend has sent shockwaves across cybersecurity authorities, with central cyber and intelligence organisations tracking and documenting large-scale data leaks perpetrated by bank staff and third party contractors.  According to a senior Indian government official, the issue has…

Read more →

  It is not uncommon for fraudsters to develop innovative tactics to deceive their targets, with one of the latest scams being the called merging scam in which the scammers attempt to gain unauthorized access to the victim’s accounts to…

Read more →

  Ransomware remains a major problem for businesses, and a new cybercriminal group is expanding at an alarming rate. Security researchers at ReliaQuest have identified BlackLock as the fastest-growing ransomware operation today, with its activity increasing by 1,425% since late…

Read more →

  Bybit, one of the world’s largest cryptocurrency exchanges, has suffered a massive security breach, resulting in the loss of $1.5 billion in digital assets. The hack, now considered the largest in crypto history, compromised the exchange’s cold wallet—an offline…

Read more →

  Artificial intelligence is inherently dependent on the quality of data that powers it for it to function properly. However, this reliance presents a major challenge to the development of artificial intelligence. There is a recent report that indicates that…

Read more →

  Continuous threat exposure management (CTEM) is a framework for proactively managing and mitigating threat exposure using an iterative approach that emphasises on developing structured organisational procedures as well as leveraging security tools.  In this article, we’ll go over CTEM,…

Read more →

  A concerning rise in large-scale data breaches has put cybersecurity agencies on high alert, with central cyber and intelligence bodies actively tracking incidents linked to bank employees and third-party vendors. According to a senior government official, the matter has…

Read more →

  A cybercriminal group known as Fog Ransomware has claimed responsibility for a cyberattack on the University of Notre Dame in Perth, Australia. According to reports, the group has allegedly stolen 62.2GB of sensitive data, including student medical records, staff…

Read more →

  The activity level of ransomware groups with “black” in their name has varied greatly over the early months of the new year. Despite the significant increase in attacks caused by the BlackLock ransomware group, the long-established Black Basta ransomware…

Read more →

  A previously undocumented ransomware payload named NailaoLocker has been detected in assaults targeting European healthcare entities between June and October 2024.  The attackers employed CVE-2024-24919, a Check Point Security Gateway vulnerability, to obtain access to targeted networks and install…

Read more →

  Bluetooth technology has made wireless connectivity effortless, powering everything from headphones and smartwatches to home automation systems. However, its convenience comes with significant security risks. Many users unknowingly leave their devices vulnerable to cyber threats that can steal personal…

Read more →

  A dangerous security flaw has been discovered in Exim, a widely used email server software. The vulnerability, officially tracked as CVE-2025-26794, allows hackers to inject harmful commands into the system, potentially leading to data theft or even complete control…

Read more →

  A previously unidentified source has leaked what is claimed to be an archive of internal Matrix chat logs linked to the Black Basta ransomware group. The individual behind the leak, known as ExploitWhispers, initially uploaded the stolen messages to…

Read more →

  Cybercriminals have discovered a new way to conceal malicious code inside phishing attacks by using invisible Unicode characters. This technique, identified by Juniper Threat Labs, has been actively used in attacks targeting affiliates of a U.S. political action committee…

Read more →

  Even though phishing scams are predicted to continue to pose a serious cybersecurity threat in the years to come, recent research has highlighted the fact that a worrying gap in awareness among business leaders has been identified as a…

Read more →

  A leading Australian IVF clinic suspects personal patient information may have been compromised during a cyber attack earlier this month.  On February 14, Genea suspended several services and launched an inquiry into suspicious activity discovered on its network. In…

Read more →

  Several major defence contractors, such as Lockheed Martin, Boeing, and Honeywell, as well as the United States Army, and Navy, and several major defence contractors have been recently revealed to be infected with the Infostealer malware, according to Hudson…

Read more →

  Ghost, a ransomware outfit, has been exploiting software and firmware flaws since January, according to an FBI and Cybersecurity and Infrastructure Security Agency (CISA) advisory issued last week. The outfit, also known as Cring and based in China, focusses…

Read more →

  A group of hackers has created a tool that allows people to activate Microsoft Windows and Office software without needing an official license. This method, described as a major breakthrough in software piracy, completely bypasses Microsoft’s security system. Surprisingly,…

Read more →

  Lee Enterprises, one of the largest newspaper publishers in the United States, is facing an ongoing ransomware attack that has severely disrupted its operations for over three weeks. The company confirmed the attack in a filing with the U.S.…

Read more →

  The financial technology behemoth Finastra is alerting victims of a data breach after unidentified hackers initially gained access to its networks in October 2024 and took their personal data. More than 8,100 financial institutions in 130 countries, including 45…

Read more →

  South Korea has taken a firm stance on data privacy by temporarily blocking downloads of the Chinese AI app DeepSeek. The decision, announced by the Personal Information Protection Commission (PIPC), follows concerns about how the company collects and handles…

Read more →

  Around 20 Italian websites, including those of major banks and airports, were targeted by alleged pro-Russian hackers, according to Italy’s cybersecurity agency on Monday. The attack is believed to be linked to escalating diplomatic tensions between Rome and Moscow.…

Read more →

  Artificial intelligence (AI) agents are revolutionizing the cryptocurrency sector by automating processes, enhancing security, and improving trading strategies. These smart programs help analyze blockchain data, detect fraud, and optimize financial decisions without human intervention. What Are AI Agents? AI…

Read more →

  As part of a new security feature being developed by Google, users will no longer be able to modify sensitive settings when they are on a phone call. As a part of the in-call anti-scam protection, users are specifically…

Read more →

  Backed by the Chinese government, a cyber-espionage group has been observed engaging in ransomware-related activities as part of its intelligence activities. Further, this observation demonstrates how nation-state cyber operations and financially motivated cybercrimes have become increasingly convergent as a…

Read more →

  Before and after Russia’s 2022 invasion, U.S.-funded initiatives played a crucial role in strengthening Ukraine’s cybersecurity. Many of these efforts, backed by the United States Agency for International Development (USAID), aimed to protect the country against cyber threats.  However,…

Read more →

  The Cofense Phishing Defence Centre (PDC) has uncovered a new phishing campaign aimed particularly at Amazon Prime members, trying to steal login passwords, security answers, and payment details. The attacker sends out a well-crafted email mimicking Amazon, encouraging users…

Read more →

  Security cameras are meant to keep us safe, but they can also become targets for hackers. If cybercriminals gain access, they can spy on you or tamper with your footage. To prevent this, follow these straightforward tips to ensure…

Read more →

  A newly identified malware, FinalDraft, has been leveraging Microsoft Outlook email drafts for command-and-control (C2) communication in targeted cyberattacks against a South American foreign ministry. Elastic Security Labs uncovered the attacks, which deploy an advanced malware toolset comprising a…

Read more →

  A group of hackers has been caught running a large-scale cyber spying operation, now called REF7707. The attack was first noticed in November 2024 when strange activity was detected in the Foreign Ministry of a South American country. As…

Read more →

  A hacking outfit potentially linked to Russia is running an active operation that uses device code phishing to target Microsoft 365 accounts of individuals at organisations of interest. The targets are in the government, non-governmental organisations (NGOs), IT services…

Read more →

  A newly identified hacking group, the Belsen Group, has leaked critical data from over 15,000 FortiGate devices on the dark web, making sensitive technical details freely available to cybercriminals. The leak includes configuration files, IP addresses, and VPN credentials,…

Read more →

  A security issue has surfaced involving an unprotected database linked to Mars Hydro, a Chinese company known for making smart devices like LED grow lights and hydroponic equipment. Security researcher Jeremiah Fowler discovered this database was left open without…

Read more →

  It was at the 2025 World Government Summit in Dubai on 15th-17th November that Sundar Pichai, CEO of Google and its parent company Alphabet, engaged in a virtual fireside conversation with the Moroccan Minister of State for Artificial Intelligence,…

Read more →

  SIO, an Italian spyware company known for selling surveillance tools to government agencies, has been linked to a series of malicious Android apps designed to mimic WhatsApp and other popular services while secretly stealing private data, TechCrunch has revealed.…

Read more →

  Datadog Security Labs researchers developed a new name confusion attack technique known as whoAMI, which allows threat actors to execute arbitrary code within an Amazon Web Services (AWS) account by uploading an Amazon Machine Image (AMI) with a specified…

Read more →

  Cybercriminals are evolving their tactics, shifting from traditional email-based phishing scams to more sophisticated Android phishing apps. According to the 2025 State of Malware report by Malwarebytes, over 22,800 phishing apps were detected on Android devices in 2024 alone.…

Read more →

  A major hacking incident has hit zkLend, a decentralized lending platform that operates on the Starknet blockchain. The attacker managed to steal about $9.5 million worth of cryptocurrency by exploiting a vulnerability in the system. According to blockchain security…

Read more →

  It is common for cybersecurity criminals to exploit vulnerabilities in Magento to inject an obfuscated script, which has been delivered through Google Tag Manager (GTM), into Magento-based eCommerce platforms, which allows them to intercept and steal credit card information…

Read more →

  Zacks Investment Research reportedly suffered a data breach in 2024, exposing sensitive information from approximately 12 million accounts. The American investment research firm provides data-driven insights through its proprietary stock assessment tool, ‘Zacks Rank,’ assisting investors in making informed…

Read more →

  There has been a significant shift in the Telecom Regulatory Authority of India (TRAI)’s efforts to curb spam calls and unsolicited commercial communications (UCC) as part of its effort to improve consumer protection, as TRAI has introduced stringent regulations.…

Read more →

  An anonymous hacker group called the “puppygirl hacker polycule” recently made headlines by leaking over 8,500 files from Lexipol, a private company that provides training materials and policy manuals for police departments across the United States.  As first reported…

Read more →

  Google is developing a new security feature for Android that prevents users from updating sensitive settings while a phone call is in process. The in-call anti-scammer measures include prohibiting users from enabling settings to install apps from unidentified sources…

Read more →

  A critical security vulnerability in YouTube allowed attackers to uncover the email addresses of any account on the platform. Cybersecurity researchers discovered the flaw and reported it to Google, which promptly fixed the issue. While no known attacks exploited…

Read more →

  There has been a marked change in daily life as a result of the proliferation of IoT devices, and Transforma Insights estimates that 14 billion such devices are connected globally, indicating that this type of technology has profound effects.…

Read more →

  Hackers are increasingly exploiting outdated security flaws in poorly maintained systems, with vulnerabilities from 2022 and 2023 seeing a surge in attacks. According to threat intelligence platform GreyNoise, malicious actors are actively targeting CVE-2022-47945 and CVE-2023-49103, affecting the ThinkPHP…

Read more →

  Samoa’s national cybersecurity office issued an urgent advisory after the Chinese state-sponsored cyber outfit APT40 escalated its attacks on government and critical infrastructure networks across the Pacific.  Samoa’s Computer Emergency Response Team, or SamCERT, has warned that APT40 is…

Read more →

  Sandworm, also known as Russia’s Military Unit 74455 within the GRU, has established itself as one of the most notorious advanced persistent threats (APT). Its cyber operations have included NotPetya, the attack on the 2018 Winter Olympics, and two…

Read more →

  Cyberattacks are undergoing a significant transformation, shifting away from malware-driven methods toward identity exploitation. According to the CrowdStrike 2024 Global Threat Report, three out of four cyberattacks now leverage valid credentials instead of malicious software. This change is fueled…

Read more →

  The debate over Elon Musk’s Department of Government Efficiency continues, with the world’s richest man accused of snooping on some of America’s most sensitive data. The DOGE has been tasked with reducing government spending by a paltry $2 trillion,…

Read more →

  The incidence of cyberattacks globally increased by 125% in 2021 compared to 2020, posing a serious threat to businesses and individuals alike. Phishing continues to be the most prevalent form of cybercrime worldwide and is expected to continue this…

Read more →

  The launch of DeepSeek AI has created waves in the tech world, offering powerful artificial intelligence models at a fraction of the cost compared to established players like OpenAI and Google.  However, its rapid rise in popularity has also…

Read more →

  Your smart home is a technological marvel. However, when camera flaws allow our neighbours to spy on us, smart speakers are manipulated with lasers, robot vacuums are breached to shout obscenities, and entire security systems are compromised by a…

Read more →

  Ransomware groups are adapting their strategies to outsmart stronger cybersecurity defenses and increasing law enforcement pressure, according to the Huntress 2025 Cyber Threat Report. The findings reveal that attackers are moving beyond traditional encryption-based ransomware, instead focusing on data…

Read more →

  Earlier this year, news reports revealed that a Florida-based data brokerage company had engaged in the sale of location data belonging to US military and intelligence personnel stationed overseas in the course of its operations. While at the time,…

Read more →

  Scientists have raised concerns after artificial intelligence (AI) crossed a major threshold — self-replication. A new study from researchers at Fudan University in China reveals that two popular large language models (LLMs) successfully created functional copies of themselves, raising…

Read more →

  Authorities in the United States have charged two Russian nationals with carrying out widespread cyberattacks using Phobos ransomware. The suspects, Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39), were arrested in Thailand for allegedly orchestrating more than a thousand…

Read more →

  Over the past decade, there has been a rise in the number of cyber threats targeting the country, including the XE Group, a hacker collective with Vietnamese connections. According to recent investigations, the group was responsible for exploiting two…

Read more →

  The Reserve Bank of India (RBI) has made the “bank.in” domain exclusive to all authorised banking institutions in India in an effort to strengthen digital banking security and shield customers from online banking fraud. This effort aims to minimise…

Read more →

  Cybercriminals are increasingly setting their sights on password managers as a way to infiltrate critical digital accounts. According to Picus Security’s Red Report 2025, which analyzed over a million malware samples from the past year, a quarter (25%) of…

Read more →

  A persistent cybersecurity concern has long been robocall scams. However, recent developments indicate that this type of attack is becoming increasingly sophisticated and dangerous as a result of these developments. In a recent incident, Telnyx, a provider of Voice…

Read more →

  Tech giant Apple fixed a vulnerability that “may have been leveraged in a highly sophisticated campaign against specific targeted individuals” in its iOS and iPadOS mobile operating system updates earlier this week. According to the company’s release notes for…

Read more →

  SMS phishing scams targeting tollway users have been spreading across the U.S., with fraudsters impersonating tolling agencies to steal personal information. These scams typically involve sending text messages claiming the recipient has an unpaid toll balance. Victims are then…

Read more →

Apple and Google have removed 20 apps from their respective app stores after cybersecurity researchers discovered that they had been infected with data-stealing malware for nearly a year. According to Kaspersky, the malware, named SparkCat, has been active since March…

Read more →

  As technology advances, the volume of data being generated daily has reached unprecedented levels. In 2024 alone, people are expected to create over 147 zettabytes of data. This rapid growth presents major challenges for businesses in terms of processing,…

Read more →

  A major international police operation has resulted in the arrest of two individuals suspected of carrying out ransomware attacks worldwide. The operation also led to the takedown of dark web platforms associated with a notorious cybercrime group.   Suspects Arrested…

Read more →

  Phishing scams have been around for many years, but they are now more sophisticated than ever due to the introduction of artificial intelligence (AI).  As reported in the Hoxhunt Phishing Trends Report, AI-based phishing attacks have increased dramatically since…

Read more →

  Virtual credit cards are digital versions of traditional credit cards, designed to enhance security in online transactions. Instead of using a physical card number, they generate a unique number for each purchase, reducing the risk of data breaches and…

Read more →

  Astaroth is the latest phishing tool discovered by cybercriminals. It has advanced capabilities that allow it to circumvent security measures such as two-factor authentication (2FA) when used against it. In January 2025, Astaroth made its public debut across multiple…

Read more →

  Bishop Fox cybersecurity researchers have discovered a critical security flaw in approximately 4,500 SonicWall firewalls that are exposed to the Internet as a result of a critical security breach. The flaw, CVE-2024-53704, is a high-severity authentication bypass vulnerability within…

Read more →

  Cybersecurity researchers have uncovered a sharp rise in credential-stealing malware, with 25% of over a million malware samples analyzed in 2024 targeting user credentials. This marks a threefold increase from 2023, propelling credential theft from password stores into the…

Read more →

  Cybercriminals are exploiting leaked cryptographic keys to manipulate authentication systems, decode protected data, and install harmful software on vulnerable web servers. These attacks can give hackers unauthorized control over websites and would allow them to maintain access for long…

Read more →

  Almost 2.8 million IP addresses are being used in a massive brute force password attack that aims to guess the login credentials for a variety of networking devices, including those generated by Palo Alto Networks, Ivanti, and SonicWall. A…

Read more →

  Researchers at TEHTRIS Threat Intelligence have uncovered a new wave of LegionLoader, a malware downloader also known as Satacom, CurlyGate, and RobotDropper. This sophisticated threat has been rapidly gaining momentum, with over 2,000 samples identified in recent weeks.  According…

Read more →

  European authorities are raising concerns about DeepSeek, a thriving Chinese artificial intelligence (AI) company, due to its data practices. Italy, Ireland, Belgium, Netherlands, France regulators are examining the data collection methods of this firm, seeing whether they comply with…

Read more →

  Researchers at Cyble have identified a highly advanced malware attack that successfully bypasses Google Chrome’s App-Bound Encryption. This security feature was designed to prevent infostealer malware from accessing user data, particularly cookies.  However, the newly discovered malware employs dual…

Read more →

  Yesterday, Cloudflare attempted to block an unintentional phishing URL within its R2 object storage platform, causing an outage that affected multiple services for nearly an hour. The outage was caused by an attempt to prevent spammers from accessing the…

Read more →

  Hospital Sisters Health System informed nearly 882,000 patients that a cyberattack in August 2023 resulted in a data breach that compromised their private and medical data.  Established in 1875, HSHS works with about 2,200 physicians and employs over 12,000…

Read more →

  Zimperium’s zLabs research team has uncovered a significant mobile malware campaign that targets Indian banks. First reported on February 5, 2025, this threat was orchestrated by a threat actor called FatBoyPanel. Nearly 900 malware samples are used in the…

Read more →

  Management (RMM) clients to gain administrative control, install backdoors, and possibly set the stage for ransomware deployment. The vulnerabilities, identified as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, were initially flagged by Arctic Wolf as potential attack vectors last week. While the…

Read more →

  A help desk phishing campaign uses spiofed login pages to target Microsoft Active Directory Federation Services (ADFS) within an organisation in order to obtain credentials and get around multi-factor authentication (MFA) protections. The campaign’s main targets, as reported by…

Read more →

Currently, India is battling with a fake banking applications spoofing genuine institutions to loot credentials and money. The scale of the campaign is massive, impacting around 900 different malware samples linked to more than 1000 different contact numbers used to…

Read more →

  WhatsApp has warned users about a highly advanced hacking attack that infected nearly 90 people across 24 countries. Unlike traditional cyberattacks that rely on tricking victims into clicking malicious links, this attack used zero-click spyware, meaning the targets were…

Read more →

  Cybersecurity experts and analysts have expressed growing concerns over the potential threat posed by quantum computing to modern cryptographic systems. Unlike conventional computers that rely on electronic circuits, quantum computers leverage the principles of quantum mechanics, which could enable…

Read more →

  DeepSeek-R1, an AI model developed in China, is facing intense scrutiny following a study by cybersecurity firm Enkrypt AI, which found it to be 11 times more vulnerable to cybercriminal exploitation compared to other AI models. The research highlights…

Read more →

  In an effort to prevent Elon Musk’s Department of Government Efficiency from gaining access to Treasury Department documents that hold private information like Social Security numbers and bank account numbers for millions of Americans, 19 Democratic attorneys general filed…

Read more →

  A hospital in North Yorkshire has introduced artificial intelligence (AI) technology to improve the detection of lung cancer and other serious illnesses. Harrogate and District NHS Foundation Trust announced that the AI-powered system would enhance the efficiency and accuracy…

Read more →

  A sophisticated cyber-espionage campaign attributed to the Chinese hacking group Evasive Panda, also known as DaggerFly, has been uncovered, targeting network appliances through a newly identified attack suite. According to cybersecurity researchers at Fortinet’s FortiGuard Labs, the attackers are…

Read more →

A help desk phishing campaign attacked a company’s Microsoft Active Directory Federation Services (ADFS) via fake login pages and stole credentials by escaping multi-factor authentication (MFA) safety. The campaign attacked healthcare, government, and education organizations, targeting around 150 victims, according…

Read more →

  The Indian government has introduced significant changes to its Aadhaar authentication system, expanding its use to a wider range of industries. Previously restricted to sectors like banking, telecommunications, and public utilities, Aadhaar verification will now be available to businesses…

Read more →