Zoomcar Holdings, Inc., the prominent car-sharing platform, has confirmed a significant data breach that has compromised the personal information of approximately 8.4 million users. The incident, which was first detected on June 9, 2025, was disclosed in a recent filing…
Category: EN
Microsoft adds export option to Windows Recall in Europe
But lose your code and it’s gone for good Windows 11 users in the European Economic Area will shortly receive a new Recall Export feature, allowing Recall snapshots to be shared with third-party apps and websites.… This article has been…
Washington Post Journalists’ Microsoft Email Accounts Hacked
The Microsoft email accounts of several Washington Post journalists whose coverage includes national security and economic policy, including China, where hacked and could give the bad actors access to the messages that were sent and received. The post Washington Post…
⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More
Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren’t. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something’s wrong.…
Threat Actors Deploy XWorm Malware via Fake Travel Websites to Infect Users’ PCs
The HP Threat Research team discovered a sophisticated malware campaign in Q1 2025 that targets vacation planners by imitating Booking.com using phony travel websites. As detailed in the latest HP Wolf Security Threat Insights Report, attackers are leveraging users’ “click…
Canadian Airline WestJet Suffers Cyberattack, Halts App and Web Services
Calgary-based WestJet Airlines, Canada’s second-largest carrier, is grappling with the fallout from a significant cybersecurity incident that has disrupted access to its mobile app and internal systems. The breach, first detected on June 13, has led to intermittent outages and…
BERT Ransomware Escalates Attacks on Linux Machines with Weaponized ELF Files
The BERT ransomware group, first detected in April 2025 but active since mid-March, has expanded its reach from targeting Windows environments to launching sophisticated attacks on Linux machines as of May 2025. Initially spotted through phishing campaigns, BERT has evolved…
Scaling Beyond Borders: Establishing a Global Footprint
In 2025, amid the changing economic landscape, your business is more important than ever. You have customers to serve, revenue opportunities to capture, and an internal culture to foster. Success breeds opportunity and, while your leadership and board are all…
How PureVPN’s Password Manager Closes A Major Security Gap Hackers Exploit
Your passwords are more than just logins – they’re the gateway to your identity, finances, work, and private life. But here’s the truth: storing them in a password manager is no longer enough. Why? Because traditional password managers protect credentials…
Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation
In a sophisticated cybersecurity incident discovered on June 16, 2025, security researchers identified a malicious payload cleverly hidden within a JPEG image using a combination of steganography and modified Base64 encoding techniques. The malware, embedded after the file’s End Of…
46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks
A critical vulnerability affecting over 46,000 publicly accessible Grafana instances worldwide, with 36% of all public-facing deployments vulnerable to complete account takeover attacks. The newly discovered flaw, designated CVE-2025-4123 and dubbed “The Grafana Ghost,” represents a significant threat to organizations…
20+ Malicious Apps on Google Play Actively Attacking Users to Steal Login Credentials
A sophisticated phishing operation involving more than 20 malicious applications distributed through the Google Play Store, specifically designed to steal cryptocurrency wallet credentials from unsuspecting users. The discovery, made by Cyble Research and Intelligence Labs (CRIL), reveals a coordinated campaign…
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS, CI/CD and macOS Data
A sophisticated malware campaign has emerged targeting the Python Package Index (PyPI) repository, with cybercriminals deploying weaponized packages designed to steal sensitive cloud infrastructure credentials and corporate data. The malicious package, identified as “chimera-sandbox-extensions,” represents a new breed of supply…
Zoomcar Says Hackers Accessed Data of 8.4 Million Users
The Indian car sharing marketplace Zoomcar learned that its systems were hacked after a threat actor contacted employees. The post Zoomcar Says Hackers Accessed Data of 8.4 Million Users appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Asheville Eye Associates Says 147,000 Impacted by Data Breach
Asheville Eye Associates says the personal information of 147,000 individuals was stolen in a November 2024 data breach. The post Asheville Eye Associates Says 147,000 Impacted by Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Police shut down long-running dark web drug market
Law enforcement authorities across Europe have dismantled Archetyp Market, the most enduring dark web drug market, following a large-scale operation involving six countries, supported by Europol and Eurojust. Between 11 and 13 June, a series of coordinated actions took place…
Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine
Introduction The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations worldwide. While businesses face mounting pressure from regulators, insurers, and rising threats, many still treat cybersecurity as an afterthought. As a result, providers may struggle…
⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More
Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren’t. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something’s wrong.…
North Korean APT Hackers Target Ukrainian Government Agencies to Steal Login Credentials
North Korean Advanced Persistent Threat (APT) hackers, specifically the Konni group, have shifted their focus to Ukrainian government agencies in a targeted phishing campaign aimed at stealing login credentials and distributing malware. This attack, observed in February 2025, marks a…
New Anubis RaaS includes a wiper module
Anubis RaaS now includes a wiper module, permanently deleting files. Active since Dec 2024, it launched an affiliate program in Feb 2025. Anubis is a new RaaS that combines file encryption capability with a rare “wipe mode,” permanently deleting files…