Category: CySecurity News – Latest Information Security and Hacking Incidents

  Backed by the Chinese government, a cyber-espionage group has been observed engaging in ransomware-related activities as part of its intelligence activities. Further, this observation demonstrates how nation-state cyber operations and financially motivated cybercrimes have become increasingly convergent as a…

Read more →

  Before and after Russia’s 2022 invasion, U.S.-funded initiatives played a crucial role in strengthening Ukraine’s cybersecurity. Many of these efforts, backed by the United States Agency for International Development (USAID), aimed to protect the country against cyber threats.  However,…

Read more →

  The Cofense Phishing Defence Centre (PDC) has uncovered a new phishing campaign aimed particularly at Amazon Prime members, trying to steal login passwords, security answers, and payment details. The attacker sends out a well-crafted email mimicking Amazon, encouraging users…

Read more →

  Security cameras are meant to keep us safe, but they can also become targets for hackers. If cybercriminals gain access, they can spy on you or tamper with your footage. To prevent this, follow these straightforward tips to ensure…

Read more →

  A newly identified malware, FinalDraft, has been leveraging Microsoft Outlook email drafts for command-and-control (C2) communication in targeted cyberattacks against a South American foreign ministry. Elastic Security Labs uncovered the attacks, which deploy an advanced malware toolset comprising a…

Read more →

  A group of hackers has been caught running a large-scale cyber spying operation, now called REF7707. The attack was first noticed in November 2024 when strange activity was detected in the Foreign Ministry of a South American country. As…

Read more →

  A hacking outfit potentially linked to Russia is running an active operation that uses device code phishing to target Microsoft 365 accounts of individuals at organisations of interest. The targets are in the government, non-governmental organisations (NGOs), IT services…

Read more →

  A newly identified hacking group, the Belsen Group, has leaked critical data from over 15,000 FortiGate devices on the dark web, making sensitive technical details freely available to cybercriminals. The leak includes configuration files, IP addresses, and VPN credentials,…

Read more →

  A security issue has surfaced involving an unprotected database linked to Mars Hydro, a Chinese company known for making smart devices like LED grow lights and hydroponic equipment. Security researcher Jeremiah Fowler discovered this database was left open without…

Read more →

  It was at the 2025 World Government Summit in Dubai on 15th-17th November that Sundar Pichai, CEO of Google and its parent company Alphabet, engaged in a virtual fireside conversation with the Moroccan Minister of State for Artificial Intelligence,…

Read more →

  SIO, an Italian spyware company known for selling surveillance tools to government agencies, has been linked to a series of malicious Android apps designed to mimic WhatsApp and other popular services while secretly stealing private data, TechCrunch has revealed.…

Read more →

  Datadog Security Labs researchers developed a new name confusion attack technique known as whoAMI, which allows threat actors to execute arbitrary code within an Amazon Web Services (AWS) account by uploading an Amazon Machine Image (AMI) with a specified…

Read more →

  Cybercriminals are evolving their tactics, shifting from traditional email-based phishing scams to more sophisticated Android phishing apps. According to the 2025 State of Malware report by Malwarebytes, over 22,800 phishing apps were detected on Android devices in 2024 alone.…

Read more →

  A major hacking incident has hit zkLend, a decentralized lending platform that operates on the Starknet blockchain. The attacker managed to steal about $9.5 million worth of cryptocurrency by exploiting a vulnerability in the system. According to blockchain security…

Read more →

  It is common for cybersecurity criminals to exploit vulnerabilities in Magento to inject an obfuscated script, which has been delivered through Google Tag Manager (GTM), into Magento-based eCommerce platforms, which allows them to intercept and steal credit card information…

Read more →

  Zacks Investment Research reportedly suffered a data breach in 2024, exposing sensitive information from approximately 12 million accounts. The American investment research firm provides data-driven insights through its proprietary stock assessment tool, ‘Zacks Rank,’ assisting investors in making informed…

Read more →

  There has been a significant shift in the Telecom Regulatory Authority of India (TRAI)’s efforts to curb spam calls and unsolicited commercial communications (UCC) as part of its effort to improve consumer protection, as TRAI has introduced stringent regulations.…

Read more →

  An anonymous hacker group called the “puppygirl hacker polycule” recently made headlines by leaking over 8,500 files from Lexipol, a private company that provides training materials and policy manuals for police departments across the United States.  As first reported…

Read more →

  Google is developing a new security feature for Android that prevents users from updating sensitive settings while a phone call is in process. The in-call anti-scammer measures include prohibiting users from enabling settings to install apps from unidentified sources…

Read more →

  A critical security vulnerability in YouTube allowed attackers to uncover the email addresses of any account on the platform. Cybersecurity researchers discovered the flaw and reported it to Google, which promptly fixed the issue. While no known attacks exploited…

Read more →