Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

X Business, a small e-commerce store dealing in handmade home décor, became the latest victim of a devastating cyberattack orchestrated by a sophisticated malware strain known as Chimera. What begann as a routine inventory management system update spiraled into a…

Read more →

A newly discovered dark web listing claims to sell a critical SS7 protocol exploit for $5,000, raising alarms about global telecom security. The seller, operating under the alias “GatewayPhantom,” is marketing the 0-day vulnerability as a tool for SMS interception,…

Read more →

The LUMMAC.V2 infostealer malware, also known as Lumma or Lummastealer, has emerged as a significant threat, employing the cunning “ClickFix” social engineering technique to compromise unsuspecting users. This malware, rewritten from C to C++ with an advanced binary morpher, targets…

Read more →

MediaTek, a leading provider of chipset technology for smartphones, tablets, AIoT, and smart TVs, has released critical patches addressing several security vulnerabilities across its product portfolio. The newly published MediaTek Product Security Bulletin details the flaws, their potential impacts, and…

Read more →

An employee at Elon Musk’s artificial intelligence venture, xAI, inadvertently disclosed a sensitive API key on GitHub, potentially exposing proprietary large language models (LLMs) linked to SpaceX, Tesla, and Twitter/X. Cybersecurity specialists estimate the leak remained active for two months,…

Read more →

Leading cryptocurrency exchange Kraken has disclosed that it recently thwarted an infiltration attempt by a suspected North Korean hacker posing as a job applicant. The attempted breach highlights the increasing sophistication of state-backed cyber operations targeting the digital assets sector.…

Read more →

Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro Dual-Band Gigabit Wi-Fi 6 Router (Firmware V16.03.30.14), which could allow remote attackers to gain administrative access and, in many cases, full root shell on the device.…

Read more →

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site scripting (XSS) and server-side request forgery (SSRF) attacks. These vulnerabilities, often overlooked in web applications, allow attackers to bypass security controls, steal data, and compromise servers. Email input fields…

Read more →

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed a surge in malicious activity tied to the Luna Moth hacking group. The actors are now leveraging fake helpdesk-themed domains to impersonate legitimate businesses and steal sensitive data.…

Read more →

A researcher has unveiled a novel integration between AI-powered Copilot and Microsoft’s WinDbg, dramatically simplifying Windows crash dump analysis. For decades, debugging Windows crash dumps has been a labor-intensive task. Engineers have been stuck manually entering cryptic commands like !analyze -v and…

Read more →

Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the “SonicBoom Attack Chain,” which allows hackers to bypass authentication and seize administrative control over SonicWall Secure Mobile Access (SMA) appliances. This attack leverages a combination of recently disclosed vulnerabilities,…

Read more →

A high-severity vulnerability (CVE-2025-46762) has been discovered in Apache Parquet Java, exposing systems using the parquet-avro module to remote code execution (RCE) attacks. The flaw, disclosed by Apache Parquet contributor Gang Wu on May 2, 2025, impacts versions up to…

Read more →

National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber attacks targeting UK retailers. These incidents have prompted concerns about the evolving threat landscape, particularly regarding ransomware and data extortion techniques. The NCSC’s National Resilience Director,…

Read more →

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range of adversarial operations, most notably a financially motivated “influence-as-a-service” campaign. This operation leveraged Claude’s advanced language capabilities to manage over 100 social media bot accounts across…

Read more →

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S. citizens, according to a detailed report from Seqrite Labs. Security researchers have uncovered a malicious campaign exploiting the tax season through sophisticated social engineering tactics,…

Read more →

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the notorious financially motivated threat actor Golden Chickens, also known as Venom Spider. Active between January and April 2025, these tools signal a persistent evolution in the…

Read more →

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool in the arsenal of multiple threat actors, including the notorious TAG-124 (LandUpdate808) and SocGholish groups. This malware, identified in phishing and drive-by download campaigns, employs advanced…

Read more →

Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging reverse proxies to intercept sensitive data. As phishing tactics grow more advanced, traditional defenses like spam filters and user training are proving insufficient. Attackers deploy…

Read more →

A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group. Spanning from at least May 2023 to…

Read more →

StealC, a notorious information stealer and malware downloader first sold in January 2023, has rolled out its version 2 (V2) in March 2025 with sophisticated enhancements. This latest iteration introduces a range of new capabilities, focusing on advanced payload delivery…

Read more →

Cybersecurity researchers at Bitdefender have identified a significant uptick in subscription-based scams, characterized by an unprecedented level of sophistication and scale. These fraudulent operations, involving over 200 meticulously crafted websites, are designed to deceive users into divulging sensitive credit card…

Read more →

Cybersecurity researchers uncovered a sophisticated supply chain attack targeting the Go programming language ecosystem in April 2025. Hackers have weaponized three malicious Go modules-github[.]com/truthfulpharm/prototransform, github[.]com/blankloggia/go-mcp, and github[.]com/steelpoor/tlsproxy-to deploy devastating disk-wiping malware. Leveraging the decentralized nature of Go’s module system, where…

Read more →

SocGholish, a notorious loader malware, has evolved into a critical tool for cybercriminals, often delivering payloads like Cobalt Strike and, more recently, RansomHub ransomware. Darktrace’s Threat Research team has tracked multiple incidents since January 2025, where threat actors exploited SocGholish…

Read more →

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at a scale previously underestimated, creating a pervasive threat to IT infrastructure and sensitive data worldwide. Security experts revealed at the RSAC 2025 Conference that the infiltration…

Read more →

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid ongoing conflicts. In 2024, Forescout Technologies Inc. documented 780 hacktivist attacks, predominantly conducted by four groups operating on opposite sides of the Russia-Ukraine and Israel-Palestine conflicts:…

Read more →

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to deploy a stealthy NodeJS backdoor. The attack, part of the broader KongTuke campaign, leverages compromised websites to distribute malicious JavaScript that ultimately deploys advanced remote access…

Read more →

Security researchers have recently discovered a sophisticated malware operation called the “Tsunami-Framework” that combines credential theft, cryptocurrency mining, and potential botnet capabilities. The framework employs advanced evasion techniques to bypass security measures and maintain persistent access to infected systems. Analysis…

Read more →

Researchers have uncovered significant security vulnerabilities in NVIDIA Riva, a breakthrough AI speech technology platform used for transcription, voice assistants, and conversational AI. The flaws, now formally recognized as CVE-2025-23242 and CVE-2025-23243, expose enterprise users to potential unauthorized access and…

Read more →

Check Point Research’s latest AI Security Report 2025 reveals a rapidly evolving cybersecurity landscape where artificial intelligence simultaneously presents unprecedented threats and defensive capabilities. The comprehensive investigation, which included dark web surveillance and insights from Check Point’s GenAI Protect platform,…

Read more →

Security researchers have identified critical vulnerabilities in the Node.js CI/CD infrastructure, exposing internal Jenkins agents to remote code execution and raising the risk of supply chain attacks. These flaws stemmed from the integration and communication gaps between multiple DevOps platforms-specifically…

Read more →

Security researchers from Intrinsec have published a comprehensive analysis revealing significant overlaps in infrastructure between multiple ransomware operations and the open-source offensive tool, Eye Pyramid. Their investigation, which began by examining a Python backdoor used by the RansomHub ransomware group,…

Read more →

MCP, developed by Anthropic, allows Large Language Models (LLMs) to interface seamlessly with external tools, enabling the creation of agentic AI systems that can autonomously perform complex tasks. As organizations increasingly integrate MCP, new attack techniques have emerged, highlighting the…

Read more →

CISOs adopting DevSecOps strategically enhance security measures while ensuring fast-paced software development, responding to the growing landscape of cyber threats. Integrating security practices throughout the entire development lifecycle is critical for organizations seeking to reduce vulnerabilities without sacrificing innovation speed.…

Read more →

Nebulous Mantis, also known as Cuba, STORM-0978, Tropical Scorpius, and UNC2596, is a Russian-speaking cyber espionage group that has been actively deploying the RomCom remote access trojan (RAT) in targeted campaigns since mid-2019. The group primarily focuses on critical infrastructure,…

Read more →

Luxury department store Harrods has become the latest UK retailer to face a cyberattack, joining Marks & Spencer (M&S) and the Co-op in a wave of incidents exposing vulnerabilities across the retail sector. While Harrods’ flagship store and online platform…

Read more →

Multiple Dutch organizations have experienced significant service disruptions this week due to a series of coordinated Distributed Denial-of-Service (DDoS) attacks. These attacks, which have also targeted other European organizations, are believed to be the work of a pro-Russian hacktivist group…

Read more →

A major supply chain security incident has rocked the Python open-source community as researchers at Socket’s Threat Research Team uncovered seven interconnected malicious packages published on the Python Package Index (PyPI). These packages Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave, and cfc-bsb-were ingeniously…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical vulnerabilities found in widely used Industrial Control Systems (ICS). Released on May 1, 2025, the advisories spotlight severe security risks affecting KUNBUS GmbH’s Revolution Pi devices…

Read more →

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in its popular TensorRT-LLM framework, urging all users to update to the latest version (0.18.2) to safeguard their systems against potential attacks. Overview of the Vulnerability The…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered and actively exploited vulnerability in the widely used Apache HTTP Server. The flaw, catalogued as CVE-2024-38475, affects the server’s mod_rewrite module and poses significant…

Read more →

A 25-year-old man from Santa Clarita, California, has agreed to plead guilty to hacking into the personal computer of a Walt Disney Company employee and stealing a massive amount of sensitive internal data last year. Ryan Mitchell Kramer faces charges…

Read more →

Quantum cybersecurity risks represent a paradigm shift in cybersecurity, demanding immediate attention from Chief Information Security Officers worldwide. While practical quantum computers capable of breaking current encryption standards may still be years away, the threat is already present through “harvest…

Read more →

Application security in 2025 has become a defining concern for every Chief Information Security Officer (CISO) as organizations accelerate their digital transformation journeys. The explosion of cloud-native applications, microservices, and APIs has created a complex web of interconnected systems. This…

Read more →

Managing Shadow IT risks has become a critical challenge for Chief Information Security Officers (CISOs), as the use of unauthorized technology within organizations continues to grow. With 40% of employees admitting to using unsanctioned tools and one-third of security breaches…

Read more →

Building a scalable cybersecurity framework is essential in today’s rapidly evolving digital landscape, enabling organizations to adapt to changing threats while supporting business growth. A scalable cybersecurity framework isn’t merely about adding more security controls as an organization expands. It’s…

Read more →

In today’s hyper-connected world, securing digital transformation is a technological upgrade and a fundamental reimagining of business models, processes, and customer engagement. Organizations are rapidly shifting to cloud platforms, embracing automation, and integrating digital tools to remain competitive and resilient.…

Read more →

In today’s evolving cybersecurity landscape, CISOs face unprecedented challenges from sophisticated threats, making behavioral analytics for threat detection a critical defense strategy. Traditional security measures like firewalls and antivirus solutions are no longer sufficient against advanced attacks that easily bypass…

Read more →

In today’s digital-first business environment, protecting intellectual property is crucial, as IP remains one of an organization’s most valuable assets. From proprietary algorithms and software code to confidential business strategies and customer data, these digital assets form the competitive backbone…

Read more →

In the digital age, preparing for cyber warfare is essential as organizations face unprecedented threats beyond traditional hacking and data breaches. Cyber warfare-where attacks are orchestrated by nation-states or highly organized groups-can cripple critical infrastructure, disrupt business operations, and erode…

Read more →

Navigating healthcare cybersecurity is crucial in today’s hyper-connected environment, where it underpins both operational resilience and patient trust. The rapid digitization of medical records, proliferation of connected devices, and the growing sophistication of cyber threats have placed Chief Information Security…

Read more →

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own hacking competition, allows attackers to execute malicious code remotely via the vehicle’s Tire Pressure Monitoring System (TPMS). The vulnerability, now patched, highlights growing risks in automotive…

Read more →

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender that could allow remote attackers to gain unauthorized access and steal sensitive data. The flaws affect firmware version 1.0.3.94 and have been assigned the CVEs CVE-2025-4148,…

Read more →

As quantum computing transitions from theoretical research to practical application, Chief Information Security Officers (CISOs) face an unprecedented challenge to cryptographic security. The emergence of cryptanalytically relevant quantum computers (CRQCs) threatens to break widely-used public-key encryption algorithms that safeguard sensitive…

Read more →

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered, enabling remote attackers to execute arbitrary code on unpatched systems. Tracked as CVE-2025-29953, this flaw carries a high CVSS score of 8.1 and impacts all versions of…

Read more →

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains associated with the notorious LabHost phishing-as-a-service (PhaaS) platform. This operation, which spanned from November 2021 through April 2024, was recently disabled by law enforcement and had…

Read more →

Commvault, a global leader in data protection and information management, has confirmed that a sophisticated cyberattack involving a zero-day vulnerability breached its Azure cloud environment earlier this week. The breach, attributed to a suspected nation-state threat actor, underscores the evolving…

Read more →

The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a host of security improvements and new features designed to bolster privacy and ease of use for millions around the globe. The new version is now available…

Read more →

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising strategies. Recent investigations have uncovered a disturbingly effective method involving fake software downloads, such as a counterfeit “WinSCP” installer, propagated through malicious ads on platforms like…

Read more →

Darktrace’s Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been exploiting legitimate Software-as-a-Service (SaaS) platforms like Milanote to orchestrate sophisticated phishing campaigns. These attacks, bolstered by the Tycoon 2FA phishing kit, demonstrate an advanced Adversary-in-the-Middle (AiTM)…

Read more →

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing Simulator, designed to empower organizations in proactively identifying and mitigating phishing attacks. As phishing remains a leading cause of security breaches, often exploiting human error as…

Read more →

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat actors in investment scams, which, according to the Federal Trade Commission (FTC), resulted in a record-breaking loss of US$5.7 billion in 2024-a 24% surge from the…

Read more →

Insider threats represent one of the most challenging cybersecurity risks facing organizations today, with incidents on the rise and costs escalating. As the boundary between corporate and personal digital environments continues to blur in today’s hybrid work world, traditional perimeter-based…

Read more →

As organizations accelerate cloud adoption, CISOs face unprecedented challenges securing dynamic, multi-cloud environments. The shift to cloud-native architectures, hybrid workloads, and decentralized data storage has expanded the attack surface, exposing enterprises to sophisticated threats like supply chain compromises, misconfigured APIs,…

Read more →

The responsibilities of Chief Information Security Officers (CISOs) are rapidly evolving as digital transformation and global interconnectivity reshape the modern supply chain. In 2025, the supply chain will be more than just a logistical function; it will be a complex,…

Read more →

The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) has become a fundamental reference for organizations aiming to build and mature their cybersecurity programs. With the release of NIST CSF 2.0 in early 2024, the framework now offers…

Read more →

Security researchers have identified significant connections between two major ransomware-as-a-service (RaaS) operations, with evidence suggesting affiliates from the recently-disabled RansomHub group may have migrated to the Qilin ransomware operation. The investigation reveals sophisticated technical capabilities within both groups and highlights…

Read more →

A newly disclosed vulnerability in SonicWall’s Connect Tunnel Windows Client could allow malicious actors to trigger denial-of-service (DoS) attacks or corrupt files, according to a recent security advisory (SNWLID-2025-0007) published by SonicWall on April 16, 2025. Vulnerability Overview The vulnerability,…

Read more →

ESET researchers have uncovered sophisticated attack techniques employed by a China-aligned threat actor dubbed “TheWizards,” which has been actively targeting entities across Asia and the Middle East since 2022. The group employs a custom lateral movement tool called Spellbinder that…

Read more →

A critical vulnerability in Cato Networks’ widely used macOS VPN client has been disclosed, enabling attackers with limited access to gain full control over affected systems. Tracked as ZDI-25-252 (CVE pending), the flaw highlights mounting risks for enterprises relying on remote-access tools…

Read more →

Proofpoint, a leading cybersecurity firm, has identified and named a new financially motivated Business Email Compromise (BEC) threat actor, dubbed TA2900, actively targeting individuals in France and occasionally Canada. This actor employs sophisticated social engineering tactics, sending French-language emails centered…

Read more →

Security researchers at Quarkslab have developed a new covert channel technique that exploits Microsoft’s recommended Azure Storage firewall configurations to bypass network restrictions. Their proof-of-concept tool, named “ProxyBlob,” leverages Azure Blob Storage to create a SOCKS5 proxy, allowing attackers to…

Read more →

A groundbreaking report from Rubrik Zero Labs, titled The State of Data Security: A Distributed Crisis, reveals a staggering reality for global IT and cybersecurity leaders: 90% of surveyed professionals have experienced cyberattacks within the last year, with many facing…

Read more →

A critical vulnerability in Ruby on Rails’ Cross-Site Request Forgery (CSRF) protection mechanism has been identified, affecting all versions since the 2022/2023 “fix” and persisting in the current implementation. This flaw undermines the framework’s ability to secure applications against CSRF…

Read more →

The Wordfence Threat Intelligence team has identified a new strain of WordPress malware that masquerades as a legitimate plugin, often named ‘WP-antymalwary-bot.php.’ First detected on January 22, 2025, during a routine site cleanup, this malware exhibits advanced capabilities, enabling attackers…

Read more →

A newly disclosed vulnerability in Microsoft’s Telnet Server component is making headlines after researchers revealed that attackers could exploit the flaw to bypass established guest login restrictions. Security analysts warn that the flaw could pave the way for unauthorized access…

Read more →

Mozilla has officially released Firefox 138, marking a significant update focused on user security. The new version addresses multiple high-severity vulnerabilities, following the Mozilla Foundation Security Advisory 2025-28. The Firefox browser continues its tradition of proactive security practices, ensuring users…

Read more →

A recent threat report from Anthropic, titled “Detecting and Countering Malicious Uses of Claude: March 2025,” published on April 24, has shed light on the escalating misuse of generative AI models by threat actors. The report meticulously documents four distinct…

Read more →

A recent investigation by security researchers has exposed critical vulnerabilities in the default IAM roles of several Amazon Web Services (AWS) offerings, including SageMaker, Glue, and EMR, as well as open-source projects like Ray. These roles, often automatically created or…

Read more →

A security researcher has uncovered a serious vulnerability resulting from incorrectly configured OAuth2 credentials in a startling discovery from a recent YesWeHack bug reward engagement. This discovery, made during an in-depth analysis of a target’s web application, highlights the severe…

Read more →

A leading U.S.-based cybersecurity firm, sophisticated cyber-espionage campaigns attributed to Chinese state-sponsored actors have come to light. Tracked as the PurpleHaze activity cluster, these adversaries have targeted SentinelOne’s infrastructure alongside high-value organizations associated with its business ecosystem. Uncovering the PurpleHaze…

Read more →

A recently discovered vulnerability in Docker Desktop for macOS is raising concerns in the developer and security communities. The flaw, which stems from the improper application of Registry Access Management (RAM) policies under certain conditions, could allow unauthorized access to potentially malicious…

Read more →

PowerDNS has issued an urgent security advisory for its DNSdist software, warning users of a critical vulnerability that could let attackers trigger denial-of-service (DoS) conditions by exploiting flawed DNS-over-HTTPS (DoH) exchanges. The flaw, tracked as CVE-2025-30194 (CVSS score: 7.5), affects DNSdist versions 1.9.0…

Read more →

WhatsApp, the world’s most popular messaging platform, has announced a major expansion of artificial intelligence (AI) capabilities, promising to enhance user experience while reinforcing its longstanding commitment to privacy and message secrecy. Meta, WhatsApp’s parent company, has integrated its generative…

Read more →

A major set of vulnerabilities-collectively named “AirBorne”-in Apple’s AirPlay protocol and SDK have been unveiled, enabling an array of severe attack vectors. Most critically, these flaws allow zero-click “wormable” Remote Code Execution (RCE), meaning attackers can take over Apple and third-party…

Read more →

Google has begun rolling out Chrome 136 to the stable channel for Windows, Mac, and Linux, bringing significant security and privacy upgrades to millions of users worldwide. The update, set to be distributed over the coming days and weeks, addresses…

Read more →

A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest Uyghur diaspora organization, using a weaponized version of UyghurEditPP-a trusted open-source Uyghur language text editor. This incident exemplifies the technical evolution of digital transnational repression and…

Read more →

Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads and a Linux ELF Cobalt Strike beacon. The discovery, originating from a routine search for open-source proxy software, highlights the pervasive risks of…

Read more →

Cloudflare’s latest DDoS Threat Report for the first quarter of 2025 reveals that the company mitigated a record-shattering 20.5 million Distributed Denial of Service (DDoS) attacks, marking a 358% surge year-over-year and a 198% increase quarter-over-quarter compared to the previous…

Read more →

A formidable new information-stealing malware dubbed Gremlin Stealer has surfaced in the cybercrime underground, actively promoted since mid-March 2025 on platforms like the Telegram channel CoderSharp. Discovered by Unit 42 researchers at Palo Alto Networks, this malware, crafted in C#,…

Read more →

In a comprehensive report released by the Google Threat Intelligence Group (GTIG), 75 zero-day vulnerabilities were identified as actively exploited in the wild throughout 2024, marking a slight decline from 98 in 2023 but an increase from 63 in 2022.…

Read more →

The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux environments, exploiting weak or default SSH credentials to deploy a Perl-based crypto mining botnet. Detailed insights from a recent incident response case in Brazil, handled by…

Read more →

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent Threat (APT) group, has been identified targeting entities predominantly in South Korea. Cybersecurity experts have uncovered a meticulously crafted attack chain that leverages advanced obfuscation techniques…

Read more →

Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array of Android devices from brands like Samsung, Honor, Xiaomi, and Vivo. These exploits, centered around the GPU Address Fault (GPUAF) primitive, target the kgsl_mem_entry and Virtual…

Read more →

Verizon Business unveiled its 2025 Data Breach Investigations Report (DBIR) today, painting a stark picture of the escalating cyber threat landscape. Analyzing over 22,000 security incidents, including 12,195 confirmed data breaches, the report reveals a alarming 30% involvement of third…

Read more →

According to the Center for Strategic & International Studies’ (CSIS) 2025 Space Threat Assessment, space systems’ susceptibility to cyberattacks has gained significant attention. With approximately 720 cyber incidents reported across sectors in 2024 by the European Repository of Cyber Incidents…

Read more →

Cybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from reconnaissance to compromise. The data shows a staggering 16.7% global increase in scans, with over 36,000 scans per second targeting not just exposed ports but delving…

Read more →

A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting the Mojo inter-process communication (IPC) component on Windows systems. This high-impact flaw, with a CVSS score of 8.8, stems from improper handle validation and management within…

Read more →

Europol has announced the launch of a powerful new Operational Taskforce (OTF), codenamed GRIMM, to confront the alarming rise of “violence-as-a-service” (VaaS) and the growing recruitment of young people by organised crime groups across Europe. Spearheaded by Sweden and joined by…

Read more →

A previously undocumented remote access trojan (RAT) named ResolverRAT has surfaced, specifically targeting healthcare and pharmaceutical organizations worldwide. First observed as recently as March 10, 2025, this malware distinguishes itself from related threats like Rhadamanthys and Lumma through its sophisticated…

Read more →

Law enforcement agencies from the UK and the Netherlands have dismantled the notorious JokerOTP cybercrime platform, which is allegedly linked to more than 28,000 phishing attacks across 13 countries. A 24-year-old man was apprehended this morning by Cleveland Police at…

Read more →