Tag: Cyber Security News

Cybersecurity researchers have uncovered a significant resurgence of the Prometei botnet, a sophisticated malware operation targeting Linux servers for cryptocurrency mining and credential theft. This latest campaign, observed since March 2025, demonstrates the evolving nature of cryptomining malware and its…

Read more →

Cybersecurity professionals across East and Southeast Asia are facing a sophisticated new threat as China-linked attackers deploy a weaponized MSI installer disguised as a legitimate WhatsApp setup package. This malicious campaign represents a significant escalation in social engineering tactics, leveraging…

Read more →

A sophisticated new threat actor known as Mocha Manakin has emerged in the cybersecurity landscape, employing an increasingly popular social engineering technique called “paste and run” to deceive users into executing malicious scripts on their systems. This deceptive method has…

Read more →

The largest distributed denial-of-service (DDoS) attack ever documented was successfully stopped by Cloudflare in mid-May 2025, with attackers unleashing a devastating 7.3 terabits per second (Tbps) attack that delivered 37.4 terabytes of malicious traffic in just 45 seconds.  This unprecedented…

Read more →

In a concerning development for internet users, cybercriminals have devised a sophisticated new technique to manipulate Google search results, effectively poisoning them to display fraudulent contact information. Unlike traditional phishing schemes that rely on fake websites, this novel approach leverages…

Read more →

A sophisticated malware campaign targeting ComfyUI, a popular AI image generation framework, has successfully compromised at least 695 servers worldwide, security researchers have discovered. The attack represents a significant escalation in threats against AI infrastructure, exploiting vulnerabilities in ComfyUI to…

Read more →

Cybercriminals have discovered a sophisticated new method to distribute malicious remote access tools by exploiting Vercel, a legitimate frontend hosting platform, to host convincing phishing pages that deliver weaponized versions of LogMeIn software. This emerging threat demonstrates how attackers increasingly…

Read more →

A severe security vulnerability has been discovered in the widely-used Insomnia API Client that allows attackers to execute arbitrary code through malicious template injection. The vulnerability, tracked as CVE-2025-1087 and assigned a critical CVSS score of 9.3, affects the popular…

Read more →

Multiple high-severity vulnerabilities, including a dangerous buffer overflow capable of remote code execution, have been fixed in critical security updates released by the ClamAV team for versions 1.4.3 and 1.0.9. These patch releases target several security issues that affect all…

Read more →

A sophisticated phishing campaign targeting employees with fake toll payment notices has been identified, combining government domain spoofing with social engineering tactics. The attackers craft messages claiming to be from TxTag, warning recipients that their accounts face suspension unless outstanding…

Read more →

Cybersecurity researchers have uncovered a sophisticated PowerShell-based attack campaign that leverages advanced in-memory execution techniques to bypass traditional disk-based security controls. The malicious infrastructure spans across Chinese, Russian, and global hosting providers, demonstrating the international scope of modern cyber threats.…

Read more →

A sophisticated attack vector targeting Atlassian’s Model Context Protocol (MCP) that allows external threat actors to gain privileged access to internal systems through malicious support tickets.  The attack, dubbed “Living off AI,” exploits the trust boundary between external users submitting…

Read more →

Apache SeaTunnel, the widely used distributed data integration platform, has disclosed a significant security vulnerability that enables unauthorized users to execute arbitrary file read operations and deserialization attacks through its RESTful API interface.  The vulnerability, tracked as CVE-2025-32896 and reported…

Read more →

A sophisticated new Android botnet malware called AntiDot has emerged as a significant threat to mobile device security, offering cybercriminals unprecedented control over infected devices. This malicious software operates as part of a Malware-as-a-Service (MaaS) model, marketed by threat actor…

Read more →

A new report has uncovered a staggering 16 billion login credentials from major platforms, including Apple, Facebook, Google, GitHub, Telegram, and government services.  The massive leak, discovered through 30 separate datasets, represents an unprecedented threat to global cybersecurity and digital…

Read more →

Multiple high-severity vulnerabilities in IBM QRadar SIEM could allow attackers to execute arbitrary commands and access sensitive data.  The most critical flaw, tracked as CVE-2025-33117, carries a CVSS score of 9.1 and enables privileged users to upload malicious files that…

Read more →

A sophisticated evolution of the GodFather banking malware has emerged, introducing a groundbreaking attack methodology that exploits on-device virtualization to compromise legitimate mobile applications. This advanced threat represents a significant departure from traditional overlay attacks, creating complete isolated virtual environments…

Read more →

Tesla’s popular Wall Connector home charging system was exploited during the January 2025 Pwn2Own Automotive competition, demonstrating how attackers could gain control of the device through the charging cable itself. The groundbreaking attack targeted the Tesla Wall Connector Gen 3,…

Read more →

A sophisticated Russian state-sponsored cyber operation has successfully exploited Google’s App-Specific Password (ASP) feature to bypass multi-factor authentication protections, targeting prominent critics of Russia in a campaign that demonstrates the evolving threat landscape facing high-profile individuals. The attack, attributed to…

Read more →

Qilin ransomware has rapidly ascended to become the world’s most prevalent ransomware threat, accumulating over $50 million in ransom payments throughout 2024 alone.  Originally developed as ‘Agent’ in 2022 and later recorded in the Rust programming language, this sophisticated malware…

Read more →

A sophisticated China-based advanced persistent threat group known as Silver Fox has emerged as a significant cybersecurity concern, leveraging trojanized medical software to infiltrate healthcare organizations and public sector entities. Active since 2024, this state-sponsored group has demonstrated advanced capabilities…

Read more →

A sophisticated North Korean Advanced Persistent Threat (APT) group has been identified deploying malware through weaponized meeting scheduling platforms, targeting cryptocurrency organizations with an elaborate social engineering campaign that combines deepfake technology, legitimate meeting tools, and advanced macOS malware. The…

Read more →

A critical security vulnerability has emerged in the WordPress ecosystem, exposing over 100,000 websites to privilege escalation attacks through the AI Engine plugin’s Model Context Protocol (MCP) implementation. The vulnerability, designated CVE-2025-5071 with a high CVSS rating of 8.8, affects…

Read more →

A sophisticated supply chain attack has emerged that weaponizes the trusted jQuery Migrate library to deliver stealthy malware capable of harvesting user credentials and session data. Security researchers discovered this campaign after investigating unusual online behavior from a senior executive…

Read more →

The gaming community faces a sophisticated new threat as cybercriminals exploit the massive popularity of Minecraft to distribute advanced malware through fake modifications. With over 200 million monthly active players and more than 1 million users actively involved in modding,…

Read more →

A sophisticated supply chain attack campaign has emerged targeting software developers through the exploitation of over 60 GitHub repositories containing trojanized Python files designed to steal sensitive Windows-based data. The threat actor, known as Banana Squad, has demonstrated remarkable stealth…

Read more →

Microsoft is expanding the number of passkey authentication methods available in Microsoft Entra ID to improve its identity and access management features.  The public preview rollout is scheduled to commence in mid-October 2025, with full deployment expected by mid-November 2025. …

Read more →

Cybersecurity researchers have uncovered a sophisticated Android spyware campaign involving SpyNote malware cleverly disguised as legitimate applications, including Google Translate, hosted in unsecured open directories across the internet. This discovery highlights the evolving tactics employed by cybercriminals to distribute malicious…

Read more →

Cybercriminals have unleashed a new and sophisticated information stealer called Amatera Stealer, which represents a significant evolution in malware-as-a-service offerings targeting sensitive user data. This malicious software emerged as a rebranded and enhanced version of the previously known ACR Stealer,…

Read more →

Krispy Kreme Doughnut Corporation has confirmed a significant data security incident affecting thousands of current and former employees, along with their family members, following unauthorized access to company systems discovered in late November 2024. The popular doughnut chain became aware…

Read more →

A sophisticated new variant of the Masslogger credential stealer has emerged, utilizing VBScript encoded (.VBE) files to deploy a multi-stage fileless malware campaign that operates entirely from the Windows Registry. This advanced threat represents a significant evolution in information-stealing malware,…

Read more →

A new detection method called Jitter-Trap that turns cybercriminals’ own evasion tactics against them, offering new hope in the battle against sophisticated post-exploitation attacks.  Released on June 18, 2025, this technique focuses on identifying stealthy beacon communications that traditional security…

Read more →

A sophisticated Russian state-sponsored cyber campaign has targeted prominent academics and critics of Russia through an innovative social engineering attack that exploited Google’s Application Specific Password (ASP) functionality. The operation, which ran from April through early June 2025, demonstrated a…

Read more →

Microsoft is expanding the number of passkey authentication methods available in Microsoft Entra ID to improve its identity and access management features.  The public preview rollout is scheduled to commence in mid-October 2025, with full deployment expected by mid-November 2025. …

Read more →

A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the @opennextjs/cloudflare package, enabling attackers to exploit the /_next/image endpoint to load remote resources from arbitrary hosts.  The vulnerability, assigned CVE-2025-6087 with a CVSS score of 7.8, affects all…

Read more →

A critical security vulnerability has been discovered in Apache Traffic Server that allows remote attackers to trigger denial-of-service (DoS) attacks through memory exhaustion.  The vulnerability, tracked as CVE-2025-49763, affects the Edge Side Includes (ESI) plugin and poses significant risks to…

Read more →

A sophisticated malware campaign has emerged that exploits Cloudflare’s tunneling infrastructure to deliver multi-stage Python-based payloads, demonstrating an alarming evolution in cybercriminal tactics. The campaign, tracked as SERPENTINE#CLOUD, represents a significant escalation in the abuse of legitimate cloud services for…

Read more →

Thai law enforcement successfully dismantled a sophisticated ransomware operation during a coordinated raid at the Antai Holiday Hotel in central Pattaya on Monday, June 16, 2025.  The operation resulted in the arrest of six Chinese nationals specifically tasked with distributing…

Read more →

A critical security vulnerability affecting Cisco Meraki MX and Z Series devices could allow unauthenticated attackers to launch denial of service (DoS) attacks against AnyConnect VPN services.  The vulnerability, tracked as CVE-2025-20271 with a CVSS score of 8.6, was published…

Read more →

A critical vulnerability in password reset mechanisms has been discovered that allows attackers to completely take over user accounts by manipulating password reset links. Security researcher Pratik Dabhi recently disclosed details of a Host Header Injection attack that exploits how…

Read more →

Cybersecurity professionals are facing a sophisticated new threat as Golden SAML attacks emerge as one of the most dangerous yet stealthy techniques targeting enterprise identity infrastructure. These attacks represent a significant escalation in the threat landscape, allowing malicious actors to…

Read more →

Security researcher Sergei Volokitin has presented findings on hardware vulnerabilities discovered in Xiaomi devices, including the company’s S3 smartwatch, during a presentation at a major cybersecurity conference. The research was conducted as part of a collaborative security event where researchers…

Read more →

Phishing remains one of the most effective ways attackers infiltrate corporate environments. Today’s phishing campaigns are no longer just poorly written emails with obvious red flags. They’re sophisticated, well-disguised, and tailored to exploit trust in everyday tools your teams use. …

Read more →

In a concerning development for mobile payment security, cybersecurity experts have identified a sophisticated new malware strain named “SuperCard” that exploits Android devices to steal payment card data. This malicious application, a modified version of the legitimate NFCGate program, intercepts…

Read more →

A comprehensive security investigation has revealed widespread vulnerabilities in GitHub Actions workflows across major open source repositories, including those maintained by prestigious organizations such as MITRE and Splunk. The discovery highlights a concerning pattern of insecure continuous integration and continuous…

Read more →

The RapperBot botnet has reached unprecedented scale, with security researchers observing over 50,000 active bot infections targeting network edge devices across the globe. This sophisticated malware campaign represents one of the most persistent and evolving cyber threats currently plaguing internet-connected…

Read more →

Microsoft has announced a new security capability within its Defender for Office 365 suite aimed at combating the growing threat of email bombing attacks.  The feature, officially labeled “Mail Bombing Detection,” will automatically identify and quarantine high-volume email flooding campaigns…

Read more →

China’s People’s Liberation Army has accelerated its integration of generative artificial intelligence across military intelligence operations, marking a significant shift in how the world’s largest military force approaches data collection, analysis, and strategic decision-making. This technological transformation represents the PLA’s…

Read more →

A comprehensive new study reveals the sophisticated architecture behind Russia’s externalized cyber warfare strategy, exposing how the Kremlin systematically exploits private companies, hacktivist collectives, and cybercriminal groups to enhance its digital offensive capabilities while maintaining plausible deniability. The research demonstrates…

Read more →

Cybersecurity researchers have uncovered a sophisticated malware campaign leveraging fake CAPTCHA verification windows to trick users into manually executing malicious PowerShell commands. The newly identified threat, dubbed LightPerlGirl, represents a concerning evolution in social engineering tactics that exploits users’ trust…

Read more →

Cybersecurity experts are sounding the alarm about a sophisticated malware campaign that leverages malicious advertisements targeting system administrators through weaponized PuTTY downloads. This emerging threat represents a significant shift in attack vectors, with malicious advertisements now surpassing traditional phishing methods…

Read more →

Cybersecurity experts are raising alarms as a sophisticated new ransomware strain named Qilin has rapidly gained prominence in the threat landscape, demonstrating unprecedented cross-platform capabilities. The malware has been observed successfully compromising Windows workstations, Linux servers, and VMware ESXi hypervisors…

Read more →

A sophisticated phishing campaign targeting American citizens has emerged, exploiting the trusted reputation of state Departments of Motor Vehicles to harvest sensitive personal and financial information. In May 2025, cybercriminals launched a coordinated attack that impersonated multiple U.S. state DMVs,…

Read more →

New variants of the notorious WormGPT hacking tool are emerging, now powered by commercial AI models like xAI’s Grok and Mistral AI’s Mixtral for malicious operations. The original WormGPT emerged in June 2023 as an uncensored generative AI tool built…

Read more →

VMware has officially launched Cloud Foundation 9.0, marking a significant evolution in private cloud technology.  Released on June 17, 2025, this major update redefines what a modern private cloud platform can deliver by combining public cloud flexibility with on-premises control,…

Read more →

A wave of sophisticated cyberattacks has swept across major organizations in the UK and US, with sectors ranging from hospitality and telecommunications to finance and retail falling victim to a threat actor known as SCATTERED SPIDER. Unlike traditional ransomware groups…

Read more →

A threat actor named “hensi” has reportedly claimed unauthorized access to Scania Financial Services’ insurance[.]scania.com subdomain and is allegedly selling around 34,000 files on cybercriminal marketplaces. While these claims remain unconfirmed by official sources, the incident highlights ongoing vulnerabilities in…

Read more →

Cybersecurity researchers have documented a significant surge in attacks utilizing the ClickFix social engineering technique, which has emerged as one of the most effective methods for initial access in modern cyber campaigns. This deceptive tactic tricks users into executing malicious…

Read more →

Two critical, interconnected flaws, CVE-2025-6018 and CVE-2025-6019, enable unprivileged attackers to achieve root access on major Linux distributions. Affecting millions worldwide, these vulnerabilities pose a severe security emergency that demands immediate patching. The first vulnerability exploits PAM configuration weaknesses in…

Read more →

CISA has added a critical Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that CVE-2023-0386 is being actively exploited in real-world attacks.  This improper ownership management flaw in the Linux kernel’s OverlayFS subsystem allows local attackers to…

Read more →

Google has released an urgent security update for Chrome browsers across all desktop platforms, addressing critical vulnerabilities that could allow attackers to execute arbitrary code on users’ systems.  The update, rolled out on Tuesday, June 17, 2025, patches three significant…

Read more →

A sophisticated threat campaign targeting Windows systems has emerged, leveraging a new strain of malware known as winos 4.0 to compromise organizations across Taiwan. The attack, which has been active since January 2025, demonstrates the evolving tactics of cybercriminals who…

Read more →

A critical supply chain vulnerability dubbed “GerriScary” (CVE-2025-1568) that could have allowed attackers to inject malicious code into at least 18 major Google projects, including ChromiumOS, Chromium, Dart, and Bazel. The vulnerability uncovered by Tenable security researcher Liv Matan exploits…

Read more →

Critical security vulnerabilities have been discovered in Veeam’s backup software solutions that could allow attackers to execute malicious code remotely on backup servers, posing significant risks to enterprise data protection systems. The vulnerabilities, assigned CVE numbers 2025-23121, 2025-24286, and 2025-24287,…

Read more →

Security Operations Center (SOC) teams are now facing an increasingly complex challenge: identifying and responding to security incidents before they can cause significant damage. The key to effective incident response is not just detecting threats quickly. It is understanding the…

Read more →

Microsoft has announced a significant security update that could disrupt data workflows for organizations heavily reliant on Excel’s Power Query functionality. The Microsoft Entra Conditional Access Token Protection feature, currently in Public Preview, introduces enhanced security measures that may prevent…

Read more →

Two critical security vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway products, formerly known as Citrix ADC and Gateway, potentially allowing attackers to access sensitive data and compromise network security. Cloud Software Group, the company behind these networking…

Read more →

A major security breach at email hosting provider Cock[.]li has compromised personal data from over one million users, the company announced in an official statement. The incident specifically targeted the service’s Roundcube webmail platform, affecting approximately 1,023,800 users who had…

Read more →

Meta has announced a significant expansion of WhatsApp’s monetization strategy with the introduction of advertising capabilities within the platform’s Updates tab.  The company is implementing three key features: channel subscriptions, promoted channels, and status advertisements, targeting the 1.5 billion daily…

Read more →

Critical vulnerabilities in Sitecore Experience Platform, one of the most widely deployed enterprise content management systems, potentially expose over 22,000 instances worldwide to complete system compromise.  The vulnerabilities, discovered by watchTowr researchers, allow attackers to gain full control of Sitecore…

Read more →

European organizations are facing a sophisticated cyber threat as the Sorillus Remote Access Trojan (RAT) emerges as a prominent weapon in a multi-language phishing campaign targeting businesses across Spain, Portugal, Italy, France, Belgium, and the Netherlands. The malware, which has…

Read more →

A high-severity remote code execution vulnerability has been identified in BeyondTrust’s Remote Support and Privileged Remote Access platforms, potentially allowing attackers to execute arbitrary code on affected systems.  The vulnerability, tracked as CVE-2025-5309, carries a CVSSv4 score of 8.6 and…

Read more →

Cybersecurity researchers have identified sophisticated new variants of Chaos RAT, a remote administration tool that has evolved from an open-source project into a formidable cross-platform malware threat targeting both Windows and Linux systems. Originally documented in 2022, this malware has…

Read more →

A critical authorization bypass vulnerability in ASUS Armoury Crate enables attackers to gain system-level privileges on Windows machines through a sophisticated hard link manipulation technique.  The vulnerability, tracked as CVE-2025-3464 with a CVSS score of 8.8, affects the popular gaming…

Read more →

A sophisticated evolution of the KimJongRAT malware family has emerged, demonstrating advanced techniques for credential theft and system compromise through weaponized Windows shortcut files and PowerShell-based payloads. This latest campaign represents a significant advancement from previous variants, incorporating both Portable…

Read more →

A sophisticated attack campaign exploiting a Google Chrome zero-day vulnerability tracked as CVE-2025-2783, marking yet another instance of advanced persistent threat (APT) groups leveraging previously unknown security flaws to compromise high-value targets.  The vulnerability, which enables sandbox escape capabilities, has…

Read more →

Two critical vulnerabilities in sslh, a popular protocol demultiplexer that allows multiple services to share the same network port.  The flaws tracked as CVE-2025-46807 and CVE-2025-46806 could be exploited remotely to trigger denial-of-service (DoS) attacks.  The vulnerabilities affect sslh versions prior…

Read more →

North Korean state-sponsored advanced persistent threat (APT) groups Kimsuky and Konni have emerged as the most prolific cyber threat actors targeting East Asian nations, according to the latest threat intelligence findings. In April 2025, these groups orchestrated the highest number…

Read more →

A newly identified malware campaign orchestrated by the notorious Kimsuky group has been leveraging password-protected research documents to infiltrate academic networks and compromise sensitive systems. This sophisticated attack represents a significant evolution in social engineering tactics, exploiting the academic community’s…

Read more →

Security researchers have uncovered a sophisticated malware campaign utilizing heavily obfuscated Visual Basic Script (VBS) files to deploy multiple types of remote access trojans (RATs). The campaign, discovered in June 2025, involves a cluster of 16 open directories containing obfuscated…

Read more →

A sophisticated fileless malware campaign targeting German-speaking users has emerged, employing deceptive verification prompts to distribute AsyncRAT through the increasingly popular Clickfix technique. The malware masquerades as a legitimate “I’m not a robot” CAPTCHA verification, tricking victims into executing malicious…

Read more →

A sophisticated cyber espionage campaign attributed to the XDSpy threat actor has recently been discovered exploiting a zero-day vulnerability in Windows shortcut files. This threat actor, which has operated largely undetected from 2011 until its initial discovery in 2020, has…

Read more →

A significant spike was observed in exploitation attempts targeting CVE-2023-28771, a critical remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders.  The coordinated attack campaign, observed on June 16, 2025, represents a concentrated burst of malicious activity…

Read more →

Android users face a sophisticated security threat as malicious actors increasingly leverage legitimate system features to gain unauthorized access to devices. A concerning trend has emerged where attackers exploit Original Equipment Manufacturer (OEM) permissions to perform privilege escalation attacks, creating…

Read more →

CISA has added a critical iOS zero-click vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw has been actively exploited by sophisticated mercenary spyware in targeted attacks against journalists.  The vulnerability, tracked as CVE-2025-43200, affects multiple Apple…

Read more →

A malicious loan application masquerading as a legitimate financial service has infected over 150,000 iOS and Android devices before being removed from official app stores. The app, identified as “RapiPlata,” achieved a Top 20 ranking in the finance category on…

Read more →

A sophisticated threat actor known as Water Curse has exploited the inherent trust in open-source software by weaponizing at least 76 GitHub accounts to distribute malicious repositories containing multistage malware. The campaign represents a significant supply chain risk, targeting cybersecurity…

Read more →

Cybersecurity researchers have uncovered a sophisticated malware campaign that exploits Windows’ built-in Run prompt to deliver DeerStealer, a powerful information stealer designed to harvest cryptocurrency wallets, browser credentials, and sensitive personal data. The malicious operation represents a concerning evolution in…

Read more →

Multiple critical security vulnerabilities affecting Apache Tomcat web servers, including two high-severity flaws enabling denial-of-service (DoS) attacks and one moderate-severity vulnerability allowing authentication bypass.  These vulnerabilities, identified as CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, and CVE-2025-49125, impact millions of web applications worldwide running…

Read more →

Security researchers have uncovered an active cyberattack campaign targeting Langflow servers through CVE-2025-3248, a critical remote code execution vulnerability that allows threat actors to deploy the sophisticated Flodrix botnet malware. The attacks demonstrate how cybercriminals are rapidly weaponizing newly disclosed…

Read more →

Microsoft experienced a significant service disruption affecting multiple Microsoft 365 services, including Teams and Exchange Online, impacting users globally whose requests were routed through the affected infrastructure. The company has confirmed that all services have now recovered following swift mitigative…

Read more →

The Gunra ransomware group escalated its attack on American Hospital Dubai (AHD), a premier healthcare facility in Dubai, UAE, by releasing new evidence of a major cyberattack. The group claims to have leaked 40 terabytes of sensitive data, including personal…

Read more →

The Washington Post is conducting a comprehensive investigation into a sophisticated cyberattack that compromised the email accounts of multiple journalists, with security experts and federal authorities examining evidence that suggests the involvement of a foreign government. The intrusion, discovered late…

Read more →

The Washington Post is conducting a comprehensive investigation into a sophisticated cyberattack that compromised the email accounts of multiple journalists, with security experts and federal authorities examining evidence that suggests the involvement of a foreign government. The intrusion, discovered late…

Read more →

Enterprise users of classic Microsoft Outlook are experiencing application crashes when attempting to create or open new emails, according to a technical advisory released by Microsoft today. The issue, which primarily affects virtual desktop infrastructure (VDI) environments, has been escalated…

Read more →

International law enforcement agencies have successfully dismantled one of the world’s largest darknet marketplaces, “Archetyp Market,” in a coordinated operation that resulted in multiple arrests across Europe and the seizure of millions in criminal assets.  The operation, led by German…

Read more →

A former GCHQ intern has been sentenced to seven-and-a-half years in prison after copying top secret data files onto his mobile phone and taking them to his home computer, creating what prosecutors described as a significant risk to national security.…

Read more →

A sophisticated new information-stealing malware known as Katz Stealer has emerged in 2025, demonstrating advanced credential theft capabilities combined with innovative persistence mechanisms that target popular applications like Discord. The malware-as-a-service (MaaS) platform represents a significant evolution in cybercriminal toolkits,…

Read more →

Microsoft has announced a significant enhancement to its data protection capabilities with the introduction of a new Data Loss Prevention (DLP) feature that will prevent Microsoft 365 Copilot from processing emails containing sensitivity labels.  This development represents a crucial step…

Read more →

Car-sharing giant Zoomcar Holdings, Inc. has disclosed a significant cybersecurity incident that compromised sensitive personal information of approximately 8.4 million users.  The breach, discovered on June 9, 2025, represents one of the largest data exposures in the mobility sector, highlighting…

Read more →