Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Cybersecurity researchers have uncovered a sophisticated phishing campaign where malicious actors exploit Google services to dispatch fraudulent law enforcement requests. This audacious scheme leverages the trust associated with Google’s infrastructure, specifically Google Forms and Google Drive, to craft and distribute…

Read more →

The vulnerability management market is projected to reach US$24.08 billion by 2030, with numerous vendors offering seemingly different solutions to the same problem. How does an organization choose the right vulnerability management tool for its needs?  Today, we compare three…

Read more →

Nova Scotia Power has confirmed that hackers infiltrated its IT infrastructure and exfiltrated sensitive customer data, including banking details from pre-authorized payment systems, in a cyberattack first detected on March 19, 2025. The energy provider revealed on May 14 that…

Read more →

A recently discovered .NET-based multi-stage loader has caught the attention of cybersecurity researchers due to its complex architecture and ability to deploy a range of malicious payloads on Windows systems. Tracked since early 2022 by Threatray, this loader employs a…

Read more →

Luxury fashion house Dior experienced a significant security incident when unauthorized external actors breached their customer database. According to the official notification, Dior immediately implemented containment protocols and engaged cybersecurity experts to investigate the intrusion. The breach exposed various categories…

Read more →

Nucor Corporation, one of North America’s largest steel producers, has temporarily halted production at multiple facilities following a cybersecurity breach that compromised critical operational systems. The incident, disclosed in a May 15, 2025, SEC filing, marks one of the most…

Read more →

Node.js project has released a critical security update addressing several vulnerabilities that could allow attackers to crash server processes and disrupt critical services. The security fixes, announced on May 14, 2025 by Node.js maintainer RafaelGSS, affect multiple release lines (LTS…

Read more →

Artificial intelligence platform named Xanthorox has emerged as a potent new tool for cybercriminals, enabling the automated generation of phishing campaigns, malware, and hyperrealistic deepfakes. Unlike traditional dark-web tools restricted to hidden forums, Xanthorox’s developer openly advertises its capabilities on…

Read more →

European Union Agency for Cybersecurity (ENISA) has officially launched the European Vulnerability Database (EUVD), a groundbreaking platform designed to enhance digital security across the EU. Developed in accordance with the NIS2 Directive, the database is now operational and accessible to…

Read more →

Security researchers from the X-Force Red Adversary Simulation team have uncovered a novel method to bypass Windows Defender Application Control (WDAC), a robust Windows security feature designed to prevent unauthorized code execution through strict application whitelisting policies. Often deployed in…

Read more →

Security researchers have unearthed a sophisticated malware distribution method leveraging Google Calendar invites to deliver malicious payloads through seemingly innocuous links. The attack, centered around a deceptive npm package named os-info-checker-es6, showcases an unprecedented level of obfuscation that begins with…

Read more →

A sophisticated cyberespionage campaign, dubbed Operation RoundPress, has been uncovered by cybersecurity researchers at ESET. Attributed with medium confidence to the Russian-linked Sednit group-also known as APT28, Fancy Bear, and Forest Blizzard-this operation targets high-value webmail servers using cross-site scripting…

Read more →

Unit 42 researchers from Palo Alto Networks have uncovered a series of attacks in January 2025 involving the DarkCloud Stealer malware. This infostealer, first observed in 2022, has evolved with new tactics to bypass traditional detection mechanisms. By leveraging AutoIt…

Read more →

A formidable new malware loader, dubbed TransferLoader, has emerged as a significant cybersecurity threat, as detailed in a recent report by Zscaler ThreatLabz. Active since at least February 2025, this sophisticated malware has been observed deploying multiple components, including a…

Read more →

U.S. energy officials are intensifying scrutiny of Chinese-manufactured power inverters, critical components in renewable energy systems, after discovering undocumented communication equipment embedded within them. These inverters, predominantly produced in China, are essential for connecting solar panels, wind turbines, batteries, heat…

Read more →

The Interlock Ransomware group has emerged as a significant adversary targeting defense contractors and their intricate supply chain networks. First identified in September 2024, Interlock has rapidly shifted from opportunistic attacks across sectors like healthcare and technology to highly targeted…

Read more →

A .NET-based infostealer named “Chihuahua Stealer” has been discovered using sophisticated techniques to infiltrate systems and exfiltrate sensitive data. This malware, which blends common malware strategies with unusually advanced features, was first highlighted through a Reddit post where a user…

Read more →

Security researchers have demonstrated a non-invasive method to bypass Microsoft BitLocker encryption on Windows devices in just five minutes without physically modifying the hardware. The Bitpixie vulnerability (CVE-2023-21563) allows attackers with brief physical access to extract BitLocker encryption keys, potentially…

Read more →

Google has rolled out a fresh Stable Channel update for the Chrome browser across desktop platforms, including Windows, Mac, and Linux. This update elevates Chrome to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux. The deployment will occur…

Read more →

Google Threat Intelligence has unveiled a series of sophisticated threat hunting techniques to detect malicious .desktop files, a novel attack vector leveraged by threat actors to compromise systems. Initially documented by Zscaler researchers in 2023, this technique involves the abuse…

Read more →

The North Korean state-sponsored threat actor TA406, also tracked as Opal Sleet and Konni, has set its sights on Ukrainian government entities. Proofpoint researchers have uncovered a dual-pronged offensive involving both credential harvesting and malware deployment through highly targeted phishing…

Read more →

A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by threat actors deploying Horabot malware, predominantly targeting Spanish-speaking users in Latin America. This high-severity threat, detailed in the 2025 Global Threat Landscape Report, exploits malicious HTML…

Read more →

Adobe has issued an urgent security update for its widely used graphic design software, Adobe Illustrator, following the discovery of a critical heap-based buffer overflow vulnerability tracked as CVE-2025-30330. This flaw, which allows arbitrary code execution on affected systems, impacts…

Read more →

Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in Photoshop 2024 and 2025 that could enable arbitrary code execution on Windows and macOS systems. The flaws, discovered by external researcher yjdfy through Adobe’s HackerOne bug…

Read more →

The HTTPBot Botnet, a novel Trojan developed in the Go programming language, has seen a sharp rise in activity since its first detection in August 2024. According to the latest findings from NSFOCUS Fuying Lab’s Global Threat Hunting system, HTTPBot…

Read more →

Cisco Talos, in collaboration with The Vertex Project, has introduced an innovative approach to tackle the rising complexity of compartmentalized cyber threats. As modern cyberattacks increasingly involve multiple threat actors executing distinct stages of an attack kill chain-such as initial…

Read more →

Newly disclosed vulnerability in Microsoft Outlook (CVE-2025-32705) permits attackers to execute arbitrary code on compromised systems through a memory corruption flaw. Rated 7.8 (CVSS v3.1) and classified as Important by Microsoft, this out-of-bounds read vulnerability (CWE-125) exposes email clients to…

Read more →

Microsoft has disclosed two critical vulnerabilities in its Remote Desktop Gateway (RDG) service, posing significant risks to organizational networks. CVE-2025-26677 and CVE-2025-29831, both rated Important by Microsoft, enable denial-of-service (DoS) attacks and remote code execution (RCE), respectively. These flaws, patched…

Read more →

Newly disclosed information-stealing malware dubbed Katz Stealer has emerged as a significant threat to users of Chromium and Gecko-based browsers, with capabilities to extract sensitive data from over 78 browser variants. Developed in C and Assembly (ASM) for lightweight efficiency,…

Read more →

A recent report from the S2W Threat Intelligence Center, TALON, sheds light on the escalating misuse of generative AI and large language models (LLMs) by threat actors on the dark web for malicious cyber operations. As LLMs like ChatGPT, Claude,…

Read more →

The healthcare sector faced an unprecedented wave of cyber threats, with a staggering 92% of organizations reporting at least one cyberattack. This alarming statistic resulted in the compromise of over 276 million patient records, equating to approximately 758,000 records breached…

Read more →

Newly disclosed vulnerability in Microsoft Defender for Endpoint (CVE-2025-26684) exposes systems to local privilege escalation attacks by exploiting improper handling of file paths. Rated Important with a CVSS score of 6.7, the flaw enables authenticated attackers with high privileges to…

Read more →

The nation-state actors have increasingly set their sights on healthcare institutions worldwide, launching sophisticated cyberattacks aimed at disrupting both Information Technology (IT) and Operational Technology (OT) systems. These attacks, often orchestrated by state-sponsored groups with significant resources, pose a severe…

Read more →

Microsoft has issued a security advisory for a newly identified vulnerability in Active Directory Certificate Services (AD CS), tracked as CVE-2025-29968, which could allow authenticated attackers to disrupt critical certificate management operations over a network. Rated Important with a CVSS…

Read more →

Security researchers at RL have discovered a malicious Python package called “solana-token” on PyPI that is intended to prey on developers working with the Solana blockchain, serving as a terrifying reminder of the ongoing hazards that lurk in the open-source…

Read more →

Microsoft has disclosed two critical security vulnerabilities in the Windows Common Log File System (CLFS) Driver that are currently being exploited in the wild. Released on May 13, 2025, the vulnerabilities-identified as CVE-2025-32706 and CVE-2025-32701-both allow local privilege escalation and…

Read more →

A group of cybersecurity specialists from Hunters, working under the prestigious Team Axon, have presented sophisticated threat-hunting techniques in a ground-breaking research paper titled “Mastering Azure Managed Identities: Attack & Defense, Part 2,” with the goal of identifying and preventing…

Read more →

EclecticIQ analysts have uncovered a sophisticated cyber-espionage campaign orchestrated by China-nexus nation-state Advanced Persistent Threats (APTs) targeting critical infrastructure worldwide. In April 2025, these threat actors launched a high-tempo exploitation campaign against SAP NetWeaver Visual Composer, exploiting a zero-day vulnerability…

Read more →

Samsung’s SmartTV and digital signage ecosystem faces renewed cybersecurity scrutiny following the disclosure of a critical path traversal vulnerability (CVE-2025-4632) in its MagicINFO 9 Server platform. The flaw, cataloged as SVE-2025-50001 and addressed in the May 2025 Security Vulnerability Patch…

Read more →

Microsoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock, tracked as CVE-2025-32709. This use-after-free flaw enables local attackers with basic user privileges to gain SYSTEM-level access, posing significant risks to…

Read more →

The threat actor group known as Earth Ammit, believed to be associated with Chinese-speaking APTs, has emerged as a significant concern for military and industrial sectors in Eastern Asia. This group orchestrated two distinct campaigns-VENOM and TIDRONE-primarily targeting Taiwan and…

Read more →

Microsoft has disclosed two critical vulnerabilities in its Windows Remote Desktop services that could allow attackers to execute arbitrary code on vulnerable systems over a network. Designated CVE-2025-29966 and CVE-2025-29967, these heap-based buffer overflow flaws affect the Windows Remote Desktop…

Read more →

Microsoft has addressed three critical security flaws in its Office suite, including two vulnerabilities rated Critical and one Important, all enabling remote code execution (RCE) via use-after-free memory corruption weaknesses. These vulnerabilities, disclosed between March and May 2025, expose systems…

Read more →

Critical zero-day vulnerability in Microsoft’s Scripting Engine (CVE-2025-30397) has been confirmed to enable remote code execution (RCE) attacks over networks, raising urgent concerns for enterprises and individual users alike. The flaw, classified as a type confusion weakness (CWE-843), allows attackers…

Read more →

Microsoft has disclosed a significant security vulnerability (CVE-2025-30400) affecting the Windows Desktop Window Manager (DWM) that is actively being exploited in the wild. The flaw, rated as “Important” with a CVSS score of 7.8, allows attackers with local access to…

Read more →

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across its software portfolio, including Windows, Microsoft Office, Azure, and Visual Studio. Microsoft patched a total of 72 vulnerabilities, including 29 related to Remote Code Execution, 18…

Read more →

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across several products, including Endpoint Manager Mobile (EPMM), Neurons for ITSM (on-premises), Cloud Services Application (CSA), and Neurons for MDM (N-MDM). These vulnerabilities, ranging from medium to…

Read more →

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. A critical zero-day vulnerability in FortiVoice systems is being actively exploited in the wild. It allows unauthenticated attackers to…

Read more →

Penetration testing is still essential for upholding strong security procedures in a time when cybersecurity threats are changing quickly. Recently, a team of security professionals has announced significant advancements in penetration testing tools with the introduction of a new agent…

Read more →

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in ransomware attacks during 2024, driven largely by sophisticated exploitation of third-party vendor ecosystems. As cybercriminals refine their tactics, third-party vendors have emerged as the predominant entry…

Read more →

Threat actors have successfully exploited the widely-used open-source password manager, KeePass, to spread malware and facilitate large-scale password theft. The attack, which was reported by WithSecure’s Incident Response team, involved modifying and re-signing KeePass installers with trusted certificates to deliver…

Read more →

A newly identified advanced persistent threat (APT) campaign, dubbed “Swan Vector” by Seqrite Labs, has been targeting educational institutions and mechanical engineering industries in East Asian nations, particularly Taiwan and Japan. Discovered in April 2025, this campaign leverages intricate social…

Read more →

British retail giant Marks & Spencer has officially confirmed that customer personal data was compromised during a cyber attack that began three weeks ago. The retailer revealed that the breach affects potentially millions of customers whose information has been stolen,…

Read more →

Security researchers have disclosed a new macOS sandbox escape vulnerability tracked as CVE-2025-31258, accompanied by a proof-of-concept (PoC) exploit demonstrating partial sandbox bypass via Apple’s RemoteViewServices framework. The flaw, discovered by researcher wh1te4ever, exposes weaknesses in macOS’s inter-process communication (IPC)…

Read more →

Zoom has released multiple security bulletins addressing seven newly discovered vulnerabilities in Zoom Workplace Apps, with one rated as high severity. All vulnerabilities were disclosed on May 13, 2025, and could potentially allow attackers to escalate privileges through various attack…

Read more →

Scattered Spider, also known as Roasting 0ktapus and Scatter Swine, has emerged as a formidable threat actor targeting UK retail organizations. Active since May 2022, this financially motivated group has historically focused on telecommunications and business process outsourcing (BPO) sectors…

Read more →

Critical security vulnerability in F5 BIG-IP systems has been discovered that allows authenticated administrators to execute arbitrary system commands, effectively bypassing security boundaries. Identified as CVE-2025-31644, the command injection flaw affects multiple versions of BIG-IP running in Appliance mode. Security…

Read more →

U.S. authorities unsealed charges against four foreign nationals accused of operating a global cybercrime scheme that hijacked outdated wireless routers to create malicious proxy networks. Russian nationals Alexey Viktorovich Chertkov (37), Kirill Vladimirovich Morozov (41), Aleksandr Aleksandrovich Shishkin (36), and…

Read more →

Jamf Threat Labs has identified a novel macOS infostealer that exploits PyInstaller, a legitimate open-source tool used to bundle Python scripts into standalone Mach-O executables. This marks the first documented instance of PyInstaller being weaponized to deploy infostealers on macOS,…

Read more →

A newly identified information-stealing malware dubbed PupkinStealer has emerged as a significant threat to Windows users, with its first sightings reported in April 2025. Written in C# using the .NET framework, this malicious software is engineered to pilfer sensitive data,…

Read more →

The security of fundamental technologies like Intel Boot Guard and UEFI Secure Boot has been seriously questioned due to persistent cryptographic key management issues within the UEFI firmware ecosystem, which have been exposed in a number of concerning exposes. These…

Read more →

Critical security vulnerability in ASUS DriverHub software has been discovered that allowed attackers to execute arbitrary code with administrator privileges through a simple web visit. Security researcher identified and reported the vulnerability in April 2025, which has since been patched…

Read more →

Cybersecurity and Infrastructure Security Agency (CISA) has escalated its advisory for TeleMessage TM SGNL, adding a critical hidden functionality vulnerability (CVE-2025-47729) to its Known Exploited Vulnerabilities (KEV) catalog. This flaw exposes cleartext copies of user messages within the platform’s archiving…

Read more →

Cobalt Strike has announced the release of version 4.11.1, an out-of-band update addressing several critical issues discovered in the previous 4.11 release. The update primarily fixes a module stomping issue that could cause system crashes in specific circumstances, resolves problems…

Read more →

A Türkiye-affiliated espionage threat actor, tracked by Microsoft Threat Intelligence as Marbled Dust (also known as Sea Turtle and UNC1326), has been exploiting a zero-day vulnerability in Output Messenger, a popular multiplatform chat software. Identified as CVE-2025-27920, this directory traversal…

Read more →

The United States indicted fourteen North Korean nationals for orchestrating a sophisticated scheme to secure remote IT jobs at American companies and nonprofits using stolen identities. This operation, which has funneled at least $88 million USD to the North Korean…

Read more →

Apple released critical security updates for macOS Sequoia 15.5 on May 12, 2025, addressing over 40 vulnerabilities across system components ranging from kernel-level memory corruption risks to app sandbox escapes. The patches target flaws that could allow attackers to access…

Read more →

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as a lure. Dubbed Noodlophile Stealer, this previously undocumented infostealer targets unsuspecting users by exploiting their enthusiasm for AI-powered content creation tools. Disguised as legitimate services promising…

Read more →

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has evolved with sophisticated PowerShell tools and advanced evasion tactics, leveraging fake CAPTCHA sites to deceive users. Active since mid-2022 and offered as Malware-as-a-Service (MaaS) by…

Read more →

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear phishing campaign targeting activists focused on North Korean issues. Named “Operation: ToyBox Story” by Genians Security Center (GSC), this campaign exploited legitimate cloud services, primarily Dropbox,…

Read more →

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black Banshee,” has been active since at least 2012, targeting nations like South Korea, Japan, and the United States with sophisticated cyber espionage campaigns. Recently, new Indicators…

Read more →

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core Update 194, packed with security enhancements, performance improvements, and new features to safeguard networks of all sizes. Renowned for its robust feature set, IPFire continues to…

Read more →

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s Black Lotus Labs, the U.S. Department of Justice, the Federal Bureau of Investigation (FBI), and the Dutch National Police. This botnet, operational since 2004 according to…

Read more →

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded by script kiddies and hacktivists, have undergone a sophisticated transformation in today’s complex, hybrid-cloud environments. No longer just blunt instruments aimed at overwhelming systems, DDoS attacks…

Read more →

Cybersecurity researchers at Cofense Intelligence have identified a sophisticated phishing tactic leveraging Blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages directly to users’ inboxes while evading traditional email security measures. Blob URIs, typically used by browsers to handle…

Read more →

A new information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to individuals and enterprises. Developed in C# using the .NET framework, this 32-bit GUI-based Windows executable targets sensitive user data with a focused and efficient approach. First observed…

Read more →

Broadcom-owned VMware has released security patches addressing a moderate severity insecure file handling vulnerability in VMware Tools, tracked as CVE-2025-22247 with a CVSS base score of 6.1. The vulnerability allows non-administrative users to manipulate files within guest virtual machines to…

Read more →

The open-source penetration testing toolkit Metasploit has unveiled a major update, introducing four new modules, including a highly anticipated exploit targeting Erlang/OTP SSH servers and a scanner for OPNSense firewalls. The release also enhances diagnostic tools and addresses critical bugs,…

Read more →

Google Project Zero researchers have uncovered new sandbox escape vulnerabilities in macOS using an innovative approach that leverages Mach Interprocess Communication (IPC) mechanisms-core components of Apple’s operating system. Their public research details how low-level message passing between privileged and sandboxed…

Read more →

A sophisticated and highly coordinated cyberattack campaign came to light, as tracked by Guardz Research. This operation zeroed in on legacy authentication protocols within Microsoft Entra ID, exploiting outdated methods to sidestep modern security measures like Multi-Factor Authentication (MFA) and…

Read more →

A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image files to deliver fully undetectable (FUD) ransomware, according to a recent disclosure by cybersecurity researchers. This technique, which bypasses traditional antivirus systems, highlights an alarming evolution in…

Read more →

A pair of vulnerabilities in Mitel’s 6800 Series, 6900 Series, and 6900w Series SIP Phones-including the 6970 Conference Unit-could enable attackers to execute arbitrary commands or upload malicious files to compromised devices, posing significant risks to enterprise communication systems. The…

Read more →

Cybersecurity developers have released a new tool called “defendnot,” a successor to the previously DMCA-takedown-affected “no-defender” project. This innovative utility leverages undocumented Windows Security Center APIs to disable Windows Defender by registering itself as a third-party antivirus solution. The developer…

Read more →

Microsoft’s Copilot for SharePoint, designed to streamline enterprise collaboration through generative AI, has become an unexpected weapon for cybercriminals targeting organizational secrets. Recent findings from cybersecurity researchers reveal that attackers are exploiting AI agents embedded in SharePoint sites to bypass…

Read more →

Microsoft has announced the upcoming release of a groundbreaking “Prevent Screen Capture” feature for Teams, designed to block unauthorized screenshots and recordings during virtual meetings. The new capability, slated for worldwide deployment in July 2025, underscores Microsoft’s increasing commitment to…

Read more →

A novel exploit method leveraging Beacon Object Files (BOFs) has emerged, enabling attackers to extract Microsoft Entra (formerly Azure AD) tokens from compromised endpoints, even on non-domain-joined or BYOD devices. This technique sidesteps traditional detection mechanisms and expands access to…

Read more →

Security researchers have published proof-of-concept (PoC) exploit code for CVE-2024-26809, a high-severity double-free vulnerability in Linux’s nftables firewall subsystem. The flaw allows local attackers to escalate privileges and execute arbitrary code, posing significant risks to unpatched systems. Technical Breakdown of CVE-2024-26809…

Read more →

Cybersecurity experts are raising alarms over the proliferation of increasingly sophisticated phishing techniques that leverage dedicated Phishing-as-a-Service (PhaaS) toolkits to create authentic-looking pages. These advanced tools allow even technically inexperienced attackers to generate convincing replicas of legitimate websites in real-time,…

Read more →

Microsoft has patched four critical security vulnerabilities affecting its Azure cloud services and Power Apps platform that could allow attackers to escalate privileges, perform spoofing attacks, or access sensitive information. Security researchers discovered these high-severity flaws, with one receiving a…

Read more →

In today’s rapidly evolving cybersecurity landscape, enterprise networks face a particularly insidious threat: backdoors, making detecting backdoors crucial. These clandestine entry points allow attackers to bypass standard authentication procedures, gain unauthorized access to systems, and potentially remain undetected for months…

Read more →

Bluetooth SIG’s decision to transition to a bi-annual release cadence marks a strategic pivot toward fostering rapid iteration and market responsiveness. The organization seeks to empower developers to integrate enhancements more efficiently by streamlining the delivery of completed features, reducing…

Read more →

Securing Windows endpoints is a top priority for organizations seeking to protect sensitive data and maintain operational integrity. Group Policy Objects (GPOs) are among the most effective tools for IT administrators to manage and enforce security settings across all domain-joined…

Read more →

Google has unveiled a groundbreaking defense mechanism in Chrome 137, integrating its on-device Gemini Nano large language model (LLM) to detect and block these malicious campaigns in real time. This update marks a significant leap in combating evolving cyber threats…

Read more →

Kyle Schutt, a 37-year-old DOGE employee identified in federal payroll records, has had his personal email address and associated passwords exposed in at least four distinct “stealer log” datasets published between late 2023 and early 2024. The revelations follow earlier…

Read more →

Google has integrated artificial intelligence into its cybersecurity toolkit to shield users from financial and data theft scams. On Friday, May 09, 2025, the company unveiled a comprehensive report detailing its latest AI-driven initiatives across Search, Chrome, and Android, marking…

Read more →

In the era of remote and hybrid work, Chief Information Security Officers (CISOs) are now tasked with cultivating a strong cybersecurity culture in remote work, extending far beyond traditional responsibilities like managing firewalls and monitoring networks. The shift to distributed…

Read more →

A North Korea-linked attack group, known as WaterPlum (also referred to as Famous Chollima or PurpleBravo), has been actively targeting financial institutions, cryptocurrency operators, and FinTech companies globally. Since 2023, their infamous Contagious Interview campaign has utilized malware such as…

Read more →

Cybercriminals are increasingly impersonating IT support personnel and trusted authorities to manipulate victims into granting access to critical systems, according to recent analyses by cybersecurity experts. This tactic exploits inherent human tendencies to defer to perceived authority figures, enabling attackers…

Read more →

Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three distinct threat actors employing unique and highly technical strategies to exploit vulnerabilities in the job market. As economic pressures like wage stagnation, the cost-of-living crisis, and…

Read more →

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender Labs, exploiting the trust associated with major cryptocurrency exchanges to distribute multi-stage malware. This ongoing operation, active for several months as of May 2025, leverages advanced…

Read more →