Category: CySecurity News – Latest Information Security and Hacking Incidents

  Several cybersecurity experts have recently identified a worrying evolution in ransomware tactics. These actors are now concealing and deploying fully undetectable ransomware payloads using JPEG images, resulting in an outbreak of completely undetectable ransomware. It is a major advance…

Read more →

  Cyberattacks are evolving fast, and one of the biggest threats on the horizon is ransomware that doesn’t just take over your files but could directly attack your computer’s processor. Usually, ransomware blocks access to your files or system until…

Read more →

  A new family of malware that steals information, dubbed ‘Noodlophile,’ is being spread using fake AI-powered video generating tools that pose as generated media content. The websites are promoted on Facebook groups with a high level of visibility and…

Read more →

  It has been estimated that SIM-swap fraud has increased by more than 1,000% in the United Kingdom in just a year, a shocking increase that has resulted from the recent surge in reported cases. Using newly released data from…

Read more →

  The integration of artificial intelligence into cybersecurity solutions has accelerated dramatically, driving the global market to an estimated value of $32.5 billion in 2024. This surge—an annual growth rate of 23%—reflects organizations’ urgent need to defend against increasingly sophisticated cyber…

Read more →

  A proposed law in Florida that raised concerns about online privacy has now been officially dropped. The bill, called “Social Media Use by Minors,” aimed to place tighter controls on how children use social media. While it was introduced…

Read more →

  A rising number of top-tier tech companies in the U.S. have unknowingly employed North Korean cyber agents disguised as remote IT professionals, with the operatives channeling lucrative tech salaries back to Pyongyang to support the regime’s weapons program. Cybersecurity…

Read more →

  As a consequence of the fact that a single set of login credentials can essentially unlock an individual’s financial, professional, and personal life, the exposure of billions of passwords represents more than just a routine cybersecurity concern today- it…

Read more →

  The Indian government has issued an urgent security warning to iPhone and iPad users, citing major flaws in Apple’s iOS and iPadOS software. If not addressed, these vulnerabilities could allow cybercriminals to access sensitive user data or make devices…

Read more →

  Weeks after a significant cyberattack disrupted operations at major British retailers, companies like Marks & Spencer (M&S) and Co-op are still struggling to restore full functionality. Despite public reassurances, the scope of the attack is proving more serious than…

Read more →

    A Türkiye-aligned cyberespionage group, Marbled Dust, has exploited a previously unknown zero-day vulnerability to launch attacks on users of Output Messenger — specifically those associated with the Kurdish military in Iraq, according to a report from Microsoft Threat…

Read more →

  Modern digital workflows have become increasingly dependent on browser extensions, supporting a variety of tasks ranging from grammar correction, password management, and advanced AI integrations into everyday tasks. Browser extensions have become widely used across both personal and corporate…

Read more →

  Cybersecurity experts have uncovered a novel technique for a malicious web browser extension to spoof any installed add-on. “The polymorphic extensions create a pixel perfect replica of the target’s icon, HTML popup, workflows and even temporarily disables the legitimate…

Read more →

  A new wave of cyber espionage has emerged, with Russian hackers deploying a sophisticated malware strain known as “Lostkeys” to infiltrate the systems of Western officials, journalists, and NGOs. According to researchers from Google’s Threat Intelligence Group, the malware…

Read more →

  Bangladesh has taken a big step to protect its people online by introducing the Cyber Security Ordinance 2025. This law updates the country’s approach to digital threats, replacing the older and often criticized 2023 act. One of its most…

Read more →

  Cybercriminals are using fake AI-powered video generation tools to spread a newly discovered malware strain called ‘Noodlophile’, disguised as downloadable media content. Fraudulent websites with names like “Dream Machine” are being promoted in high-visibility Facebook groups, pretending to be…

Read more →

  A growing trend of artificial intelligence-powered image creation tools has revolutionised the way users interact with digital creativity, providing visually captivating transformations in just a matter of clicks. The ChatGPT and Grok 3 platforms, which use artificial intelligence, offer…

Read more →

  Cybersquatting remains a persistent threat in the digital landscape, targeting businesses, individuals, and public figures alike. This deceptive practice involves registering domain names that closely resemble those of legitimate brands or individuals, often with malicious intent. Despite rising awareness…

Read more →

  Some websites allow you to totally remove adverts after subscribing, while others now offer “ad-lite” memberships. However, when you subscribe to ad-supported streaming services, you do not get the best value.  Not removing all ads Ads are a significant…

Read more →

  Cybersecurity researchers have discovered that cybercriminals are misusing a legitimate employee monitoring tool called Kickidler to execute targeted ransomware attacks. Originally developed to help businesses track productivity and ensure compliance, Kickidler offers features like real-time screen monitoring, keystroke logging,…

Read more →

  Cofense Intelligence cybersecurity researchers have discovered a new and increasingly successful technique that attackers are using to deliver credential phishing pages straight to users’ email inboxes.  This technique, which first surfaced in mid-2022, makes use of “blob URIs” (binary…

Read more →

  Hackers behind the 2024 cyberattack on PowerSchool have returned, this time going after individual schools. They’re now threatening to leak private data unless schools pay them ransom. PowerSchool is a major digital platform used in the education sector. It…

Read more →

  It is no longer a secret that downloading software is becoming an integral part of everyday computing in today’s digitally based environment. It is used to enhance productivity, explore new tools, and stay connected to an ever-increasing online world,…

Read more →

  The state of Texas has declared victory after reaching a $1 billion-plus settlement from Google parent firm Alphabet over charges that it illegally tracked user activity and collected private data.  Texas Attorney General Ken Paxton announced the state’s highest…

Read more →

  Technology has advanced dramatically in the last few decades, and data has been exchanged across devices, networks, and borders at a rapid pace. It is imperative to safeguard sensitive information today, as it has never been more important-or more…

Read more →

  In the aftermath of India’s military action under Operation Sindoor, Pakistan responded not only with conventional threats but also with a wave of coordinated cyberattacks. While India’s defense systems effectively intercepted aerial threats like drones and missiles, a simultaneous…

Read more →

  Many people don’t realize how much of their personal data is floating around the internet. Even if you’re careful and don’t use the internet much, your information like name, address, phone number, or email could still be listed on…

Read more →

  A widely-used npm package, rand-user-agent, has fallen victim to a supply chain attack, where cybercriminals injected obfuscated code designed to install a Remote Access Trojan (RAT) on users’ systems. Originally developed to generate randomized user-agent strings—helpful in web scraping,…

Read more →

  The FBI has issued an urgent warning to American consumers and businesses: replace outdated internet routers immediately or risk becoming an unwitting accomplice in cybercrime. According to the agency, cybercriminals are actively targeting “end-of-life” routers—older models that no longer…

Read more →

  A breach of an administration panel used by the LockBit ransomware outfit resulted in the exposure of information that can be extremely valuable to law enforcement and the cybersecurity community. The breach was discovered on May 7, when a…

Read more →

  With the introduction of a new feature within Google Maps that is already getting mixed reviews from users, this update is already making headlines around the world. Currently available on iPhones, this update allows users to scan screenshots and…

Read more →

  Microsoft has openly said that its workers are not allowed to use the DeepSeek app. This announcement came from Brad Smith, the company’s Vice Chairman and President, during a recent hearing in the U.S. Senate. He said the decision…

Read more →

  While looking for a new job can be enjoyable, it is surely not fun to lose your personal information in the process. In the meantime, the Cybernews investigation team found an unprotected GCS bucket belonging to the talent pool…

Read more →

  The Polish authorities have succeeded in dismantling a sophisticated criminal network offering distributed denial-of-service (DDoS) for-hire services to hit the cybercrime infrastructure hard. As the result of a coordinated operation, four people were arrested who were suspected of operating…

Read more →

  Agentic AI took center stage at the 2025 RSA Conference, signaling a major shift in how cybersecurity professionals will work in the near future. No longer a futuristic concept, agentic AI systems—capable of planning, acting, and learning independently—are already…

Read more →

  In zero-day attacks, the Play ransomware gang exploited a critical Windows Common Log File System flaw to gain SYSTEM access and install malware on infected PCs. The vulnerability, known as CVE-2025-29824, was identified by Microsoft as being exploited in…

Read more →

  A sophisticated phishing campaign named Meta Mirage is targeting companies using Meta’s Business Suite, according to a new report by cybersecurity experts at CTM360. This global threat is specifically engineered to compromise high-value accounts—including those running paid ads and…

Read more →

  Banks and shops are facing more advanced types of fraud that mix online tricks with real-world scams. To fight back, experts from Barclays and a security company called Threat Fabric have created a detailed model to understand how these…

Read more →

  A growing number of Mac users are being tricked into downloading harmful software through fake verification messages. These scams look like normal human checks, such as Google’s “I’m not a robot” box, but are actually part of a malware…

Read more →

  Audio and Video Chat Recording Could Be Part of Nintendo Switch 2.    In an official announcement from Nintendo, a new in-game communication system known as GameChat will be included in the Nintendo Switch 2 console, which is due…

Read more →

  iHeartMedia, the largest audio media company in the United States, has confirmed a significant data breach following a cyberattack on several of its local radio stations. In official breach notifications sent to affected individuals and state attorney general offices…

Read more →

  Marks & Spencer is facing prolonged disruption after falling victim to a large-scale cyberattack. Experts warn that restoring normal operations could take months, highlighting a growing trend of sophisticated breaches targeting major retailers. This incident follows a wave of…

Read more →

  In the aftermath of escalating cross-border tensions following the April 22 Pahalgam terror assault, Indian cybersecurity agencies have noticed a worrying shift in strategy: a digital onslaught aimed at civilians. The malware campaign, reportedly linked to Pakistani threat actors,…

Read more →

  A new generation of artificial intelligence—known as agentic AI—is emerging, and it promises to fundamentally change how technology is used. Unlike generative AI, which mainly responds to prompts, agentic AI operates independently, solving complex problems and making decisions without…

Read more →

  Several cybersecurity incidents have recently come to light, revealing the growing vulnerabilities that organisations face when handling large amounts of personal data. A significant data breach has occurred at Kelly & Associates Insurance Group, which operates under the name…

Read more →

  kAs tensions continue to rise in the wake of the Pahalgam terror attack and India’s subsequent launch of Operation Sindoor, a fierce cyber confrontation has simultaneously unfolded in the digital realm. Hacktivist groups aligned with both India and Pakistan…

Read more →

  Cybersecurity experts have discovered a new attack that targets Linux systems using fake programming tools. These harmful tools were shared on GitHub, a popular website where developers post and download code. Inside these fake packages was dangerous malware designed…

Read more →

  Worldcoin, the cryptocurrency firm backed by Sam Altman, is experiencing serious legal challenges on multiple fronts. On May 5, 2025, the Kenyan High Court ruled that Worldcoin violated Data Protection Act 2019 restrictions. According to Justice Aburili Roselyn, the…

Read more →

  NordVPN has launched a new identity theft recovery benefit for its UK subscribers, offering up to £5,000 in reimbursement to help users recover from the financial and emotional toll of identity fraud. This latest addition to its cybersecurity toolkit…

Read more →

  During a time when global cybersecurity is experiencing rapid evolution, malicious actors are also employing new methods to accomplish their goals. As part of International Anti-Ransomware Day, leading cybersecurity company KnowBe4 is announcing a critical warning about a looming…

Read more →

  Visa has rolled out a new system that allows artificial intelligence (AI) to not only suggest items to buy but also complete purchases for users. The newly launched platform, called Visa Intelligent Commerce, lets AI assistants shop on your…

Read more →

A rising tension between India and Pakistan has resulted in an intensified digital war, whose hacktivist groups have launched coordinated cyber offensives targeting government systems and critical infrastructure as a result of increasing tensions between the two countries. The attacks,…

Read more →

  A newly discovered exploit has revealed a critical vulnerability in SentinelOne’s endpoint detection and response (EDR) system, allowing cybercriminals to bypass its tamper protection and deploy the Babuk ransomware. The method, identified as a “Bring Your Own Installer” technique,…

Read more →

  A Maryland-based outsourced benefits and payroll manager is notifying nine large customers and nearly 264,000 individuals that their private and sensitive data may have been compromised in a December hack. The number of impacted people has increased by eight-fold…

Read more →

  A harmful computer virus called StealC has recently been updated. It is now harder to detect and better at stealing personal data from users. This malware has been around for a few years, but its latest version makes it…

Read more →

  Millions of Co-op members are being urged to remain vigilant following a significant cyberattack that led to a temporary shutdown of the retailer’s IT infrastructure. The company confirmed that the breach resulted in unauthorized access to sensitive customer data,…

Read more →

  A new wave of AI tools developed with no ethical restrictions is allowing hackers to detect and exploit software vulnerabilities faster than ever before. As these “evil AI” platforms advance quickly, cybersecurity experts fear that traditional defences will fail…

Read more →

  The recent cyber attacks against local governments have been concerning, with Cobb County in Georgia being targeted in March 2025 by a sophisticated ransomware attack. In an attempt to gain an edge over their competitors, the cybercriminals known as…

Read more →

  A new type of artificial intelligence (AI) has been designed to help self-driving cars share useful road data with each other, even if they aren’t connected to the internet. This could make future roads safer and help driverless vehicles…

Read more →

  A new wave of cyberattacks is sweeping across digital infrastructures globally, leveraging weaponised PDF invoices to infiltrate systems with a sophisticated Java-based Remote Access Trojan (RAT). Security researchers from Fortinet have identified a multi-stage, evasive malware campaign targeting Windows,…

Read more →

  In today’s hyper-connected world, your address isn’t just a piece of contact info; it’s a data point that companies can sell and exploit. Whenever you move or update your address, that information often gets picked up and distributed by…

Read more →

Regulators said that the EU has fined TikTok 530 million euros (around $600 million). Chinese tech giant ByteDance owns TikTok, which has been found guilty of illegally sending the private data of EU users to China and lack of compliance…

Read more →

  Hackers who attacked Marks & Spencer and the Co-op duped IT professionals into giving them access to their companies’ networks, according to a report. The “social engineering” attack on the Co-op allowed fraudsters to reset an employee’s password before…

Read more →

  Several cyberattacks on major British retailers including Marks & Spencer, the Co-op Group, and others have been attributed to social engineering, the practice of deceiving internal support teams by impersonating legitimate employees to deceive internal support teams. It has…

Read more →

  A coordinated supply chain attack has compromised between 500 and 1,000 Magento-based e-commerce websites through 21 backdoored extensions, according to new research from cybersecurity firm Sansec. The breach affected sites globally, including the one being operated by a multinational…

Read more →

  Kintetsu World Express (KWE), a large logistics and freight company based in Japan, recently experienced a ransomware attack that caused trouble with some of its systems. As a result, certain customers are facing interruptions in service. The company has…

Read more →

Google plans to roll out its Gemini artificial intelligence chatbot next week for children younger than 13 with parent-managed Google accounts, as tech companies vie to attract young users with AI products. Google will launch its Gemini AI chatbot soon…

Read more →

  In a major international crackdown, a law enforcement operation spearheaded by the London Metropolitan Police and coordinated by Europol has successfully taken down LabHost, one of the most notorious phishing-as-a-service (PhaaS) platforms used by cybercriminals worldwide. Between April 14…

Read more →

  Radware’s 2025 E-commerce Bot Threat Report reveals that automated bots generated 57% of online shopping website traffic during the 2024 holiday season, rather than human buyers. According to Radware’s analytics, this is the first time non-DDoS generating bots have…

Read more →

  The United Kingdom’s National Cyber Security Centre (NCSC) has issued a stark warning following a wave of cyberattacks targeting some of the country’s most prominent retail chains. Calling the incidents a “wake-up call,” the agency urged organisations to strengthen…

Read more →

  Several Dutch public and private organizations have experienced significant service outages this week following a wave of distributed denial-of-service (DDoS) attacks linked to pro-Russian hacktivists. The Netherlands’ National Cyber Security Center (NCSC), part of the Ministry of Justice, confirmed…

Read more →

  Earlier this week, Ryan Mitchell Kramer, 25, of Santa Clarita, pleaded guilty in Los Angeles County Superior Court to hacking the personal device of an employee of The Walt Disney Company in 2024. Kramer managed to obtain login information…

Read more →

  At the RSA Conference 2025, John Fokker, head of threat intelligence at the Trellix Advanced Research Center, issued a stark reminder to the cybersecurity community that the behind of every cyberattack is a human being and the boundaries between…

Read more →

China-linked group attacks ESET discovered both SpellBinder and WizardNet, tools used by Chinese hackers. A China-based APT group, “The Wizards,” has been linked to a lateral movement tool, Spellbinder, which allows adversary-in-the-middle (AitM) attacks.  It does so via IPv6 stateless…

Read more →

  A newly discovered cyberattack is targeting WordPress websites by using a plugin that pretends to improve security but actually opens a backdoor for criminals. This fake plugin secretly gives attackers full control of affected sites. How the Infection Begins…

Read more →

  In the ever-evolving landscape of cybersecurity, Multi-Factor Authentication (MFA) has emerged as a robust defense mechanism, adding layers of security beyond traditional passwords. However, a deceptive tactic known as “push-bombing” is undermining this very safeguard, posing significant risks to…

Read more →

  The LabHost cybercrime platform, one of the biggest worldwide phishing-as-a-service (PhaaS) platforms, was shut down in April 2024, but the FBI has disclosed 42,000 phishing domains associated with it. In order to raise awareness and offer signs of compromise,…

Read more →

  The Wi-Fi network is a wireless gateway that connects homes and businesses to the Internet via the air, and it is typically provided by a router, which transmits data signals across the network. Mobile devices, laptops, and tablets can…

Read more →

  In a concerning escalation of cyber hostilities, a Pakistan-based threat group known as the Pakistan Cyber Force launched a coordinated cyber offensive on multiple Indian defence-related websites on Monday. The group claimed responsibility for defacing the official site of…

Read more →

  A new report released alongside the Centre for Emerging Technology and Security (CETaS) 2025 event sheds light on growing public unease around automated data processing in national security. Titled UK Public Attitudes to National Security Data Processing: Assessing Human…

Read more →

WhatsApp claims even it can not process private data WhatsApp has introduced ‘Private Processing,’ a new tech that allows users to use advanced AI features by offloading tasks to privacy-preserving cloud servers, without exposing their chat to Meta. Meta claims…

Read more →

In a recent security evaluation, a researcher discovered a severe remote code execution (RCE) vulnerability caused by improper backend input validation and misplaced reliance on frontend filters. The vulnerability centered on a username field within a target web application.  On…

Read more →

  There has been an official disclosure from Ascension Healthcare, one of the largest non-profit healthcare systems in the United States, that there has been a data breach involving patient information due to a cybersecurity incident linked to a former…

Read more →

  Posture management is rapidly evolving into a cornerstone of enterprise cybersecurity as organizations grapple with increasing digital complexity. With infrastructures now sprawling across cloud platforms, identity services, and data environments, the traditional model of siloed risk monitoring is no…

Read more →

  Security experts believe that more than 30,000 Australians’ banking details have been compromised online. According to Dvuln, an Australian computer security firm, the exposed data, discovered during the last four years, refers to “multiple major banks”. However, rather than…

Read more →

Commvault, a well-known company that helps other businesses protect and manage their digital data, recently shared that it had experienced a cyberattack. However, the company clarified that none of the backup data it stores for customers was accessed or harmed…

Read more →

  Artificial intelligence is rapidly reshaping software development at major tech companies, with Microsoft CEO Satya Nadella revealing that between 20% and 30% of code in the company’s repositories is currently generated by AI tools.  Speaking during a fireside chat…

Read more →

  Patrick Opet, the Chief Information Security Officer of JPMorgan Chase, has called on software companies to slow down and focus more on building secure systems rather than rushing their products to market. In a public letter, he warned that…

Read more →

  A new report has exposed a staggering 500% rise in infostealer malware attacks, with over 1.7 billion passwords leaked on the dark web in 2024 alone. Despite the growing threat, poor password hygiene continues to be a critical issue,…

Read more →

  Iran thwarted a “widespread and complex” cyberattack on Sunday that targeted the nation’s infrastructure, a senior official told Tasnim News Agency, which is affiliated with the Islamic Revolutionary Guard Corps.  Behzad Akbari, the head of the government’s Telecommunications Infrastructure…

Read more →

  Security researchers have issued a warning about a severe vulnerability affecting SAP systems, with over 1,200 instances potentially exposed to remote exploitation. This comes after SAP disclosed a critical flaw in the NetWeaver Visual Composer’s Metadata Uploader earlier this…

Read more →

The UK government has introduced a new policy that stops public sector organizations from making payments to cybercriminals during ransomware attacks. This decision was made to reduce the number of attacks by taking away the money motivation behind them. The…

Read more →

  A major firm being hacked, facing a cyber threat, or having critical digital data leaked seems to make headlines every day. Cyberattacks increased dramatically worldwide in the first quarter of 2025, with an average of 1,925 attacks per organisation…

Read more →

  After months of delays stemming from privacy and security concerns, Microsoft has officially rolled out its Recall AI feature for users of Windows 11 Copilot+ PCs. The feature, which has now exited its beta phase, is included in the…

Read more →

Microsoft alerts users about password-spraying attacks Microsoft has warned users about a new password-spraying attack by a hacking group Storm-1977 that targets cloud users. The Microsoft Threat Intelligence team reported a new warning after discovering threat actors are abusing unsecured…

Read more →

Global cybersecurity experts are raising serious concerns over the newly identified cyber threat known as Data Splicing Attacks, which poses a significant threat to thousands of businesses worldwide. It seems that even the most advanced Data Loss Prevention (DLP) tools…

Read more →

  While the General Data Protection Regulation (GDPR) was introduced with noble intentions—to protect user privacy and control over personal data—its practical side effects have caused widespread frustration. For many internet users, GDPR has become synonymous with endless cookie consent…

Read more →

  Apple has issued threat notifications to users across 100 countries, warning them that their devices may have been targeted by sophisticated commercial spyware. The alerts, sent earlier this week, were confirmed by at least two recipients, including Italian journalist…

Read more →

  A tech startup based in Ahmedabad is changing how businesses use artificial intelligence. The company has launched a platform that allows users to hire AI tools the same way they hire freelancers— on demand and for specific tasks. Over…

Read more →

  Jeremiah Fowler, a security researcher, uncovered a non-password-protected database thought to be owned by Carolina Anaesthesiology PA, a healthcare organisation based in North Carolina. This dataset included several states, had 21,344 records, and was about 7GB in size. The…

Read more →