An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies. This article has been indexed from FortiGuard Labs Threat Research Read the original article: Interlock Ransomware: New Techniques, Same Old…
Category: EN
eSkimming Attacks Fuelled with Persistent Threats, Evolving Tactics, and Unfinished Recovery
eSkimming attacks, commonly known as Magecart attacks, continue to plague e-commerce websites across the globe, stealing payment card data from unsuspecting customers at checkout. These malicious campaigns inject JavaScript code into compromised websites, capturing sensitive financial information as users complete…
Hackers Exploiting FreePBX Vulnerability to Deploy Webshell and Gain Control of Systems
A sophisticated attack campaign leveraging a critical FreePBX vulnerability to deploy a persistent webshell dubbed “EncystPHP,” enabling threat actors to gain complete administrative control over compromised VoIP systems. The campaign, launched in early December 2025, exploits CVE-2025-64328, a post-authentication command-injection…
Cal.com Broken Access Controls Exposes Millions of Bookings and Leads to Complete Account Takeover
Cal.com, an open-source scheduling platform that millions of people use to book meetings and manage their calendars, recently faced a serious security problem. The platform provides an alternative to tools like Calendly, offering features like calendar syncing, team scheduling, and…
Microsoft 365 Outlook Add-ins Weaponized to Exfiltrate Sensitive Email Data Without Leaving Traces
A significant architectural blind spot in the Microsoft 365 ecosystem that allows threat actors to exfiltrate sensitive email data without leaving forensic traces. Dubbed “Exfil Out&Look,” this attack technique leverages the Outlook add-in framework to intercept outgoing communications stealthily. Unlike…
Google Disrupted World’s Largest IPIDEA Residential Proxy Network
Google and its partners launched a major operation this week to shut down what security experts consider one of the world’s largest residential proxy networks: IPIDEA. The proxy service operates by routing internet traffic through millions of everyday consumer devices…
France Travail fined €5 million for failing to protect job seeker data
France data protection authority CNIL has fined public employment agency France Travail €5 million for failing to ensure the security of personal data of job seekers. Attackers gained access to the organization’s systems through social engineering techniques that targeted accounts…
Druva Threat Watch offers continuous threat monitoring of backup data
Druva announced the launch of Threat Watch, a zero-touch, automated cloud-native solution for proactive threat monitoring of backup data. Threat Watch is designed to continuously scan backup snapshots to identify dormant threats and indicators of compromise (IOCs), empowering IT and…
Grist Core Flaw Enables Remote Code Execution
A critical security vulnerability known as Cellbreak has been discovered in Grist-Core, an open-source spreadsheet-database platform that uses Pyodide for formula execution. This article has been indexed from CyberMaterial Read the original article: Grist Core Flaw Enables Remote Code Execution
Kontigo Stablecoin Bank Hit By Cyberattack
US neobank Kontigo recently experienced a cybersecurity breach involving an authentication flaw that resulted in the theft of over 340,000 USDT from 1,005 user accounts. This article has been indexed from CyberMaterial Read the original article: Kontigo Stablecoin Bank Hit…
Cyberattack Disrupts Dresden Museum Systems
Germany’s Dresden State Art Collections has been targeted by a cyberattack that has disrupted its digital infrastructure and phone services. This article has been indexed from CyberMaterial Read the original article: Cyberattack Disrupts Dresden Museum Systems
Inverclyde Schools Offline After Phishing
Inverclyde schools and nurseries lost internet connectivity on Monday after a phishing attack compromised a senior education official’s email account. This article has been indexed from CyberMaterial Read the original article: Inverclyde Schools Offline After Phishing
Google Updates Android Theft Protection
Google has implemented advanced authentication protocols and recovery systems designed to deter smartphone theft and protect sensitive owner data. This article has been indexed from CyberMaterial Read the original article: Google Updates Android Theft Protection
US Sentences Chinese National for Role in $36.9 Million Crypto Scam
A Chinese national has been sentenced for his role in a massive $36.9 million cryptocurrency scam operated from… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: US Sentences Chinese…
The UK Threat Landscape Is Shifting. And Many Security Teams Are Looking the Wrong Way.
For years, ransomware dominated the UK cyber risk conversation. In 2025, that assumption quietly broke. The UK became the most targeted country in Europe, accounting for 16 percent of all recorded attacks across the region. But the most striking change…
Celebrating Check Point’s 2025 Americas Partner Award Winners
At Check Point, our partners are more than collaborators. They are the driving force behind our customers’ success, our innovation, and our ability to stay ahead of today’s rapidly evolving cyber threat landscape. This year, we are thrilled to recognize…
Microsoft Previews Windows 11 Update With Smarter AI and Phone Continuity
Here’s a peek at AI assistance, phone-to-PC handoff, accessibility improvements, security fixes, and stability updates. The post Microsoft Previews Windows 11 Update With Smarter AI and Phone Continuity appeared first on TechRepublic. This article has been indexed from Security Archives…
Patch or perish: Vulnerability exploits now dominate intrusions
Apply fixes within a few hours or face the music, say the pros What good is a fix if you don’t use it? Experts are urging security teams to patch promptly as vulnerability exploits now account for the majority of…
MIND Extends DLP Reach to AI Agents
MIND extends its data loss prevention platform to secure agentic AI, enabling organizations to discover, monitor, and govern AI agents in real time to prevent sensitive data exposure, shadow AI risks, and prompt injection attacks. The post MIND Extends DLP…
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day. Many of the stories…