Tag: Cyber Security News

Hackers have launched a sophisticated phishing campaign exploiting Google Tasks notifications to target over 3,000 organizations worldwide, primarily in the manufacturing sector. The December 2025 attacks signal a dangerous shift in email-based threats, in which attackers abuse legitimate Google infrastructure…

Read more →

In December 2025, the Iranian-linked hacking group Handala claimed to have fully compromised the mobile devices of two prominent Israeli political figures. However, detailed analysis by Kela cyber intelligence researchers revealed a more limited scope—the breaches targeted Telegram accounts specifically,…

Read more →

Over 10,000 Fortinet firewalls worldwide remain vulnerable to CVE-2020-12812, a multi-factor authentication (MFA) bypass flaw disclosed over five and a half years ago. Shadowserver recently added the issue to its daily Vulnerable HTTP Report, highlighting persistent exposure amid active exploitation…

Read more →

A sophisticated phishing campaign is currently circulating within the Cardano community, posing significant risks to users seeking to download the newly announced Eternl Desktop application. The attack leverages a professionally crafted email claiming to promote a legitimate wallet solution designed…

Read more →

A sophisticated threat group has intensified its campaign against organizations by leveraging the latest vulnerabilities in web applications and Internet of Things (IoT) devices. The RondoDoX botnet, tracked through exposed command-and-control logs spanning nine months from March to December 2025,…

Read more →

A critical security advisory warned of severe vulnerabilities in WHILL electric wheelchairs that could allow attackers to hijack the devices via Bluetooth remotely. The alert affects two popular models used worldwide: the WHILL Model C2 Electric Wheelchair and Model F…

Read more →

Cognizant Technology Solutions is facing multiple class-action lawsuits following a significant data breach at TriZetto Provider Solutions (TPS), its healthcare claims processing subsidiary. The lawsuits, filed in federal courts in New Jersey and Missouri, allege that the company failed to…

Read more →

Cybersecurity researchers have identified a new variant of the Shai Hulud malware that reveals important insights into how threat actors are evolving their attack strategies. The malware, first observed in recent security analysis, demonstrates significant changes from its original version,…

Read more →

After a decade of disappearing from the cybersecurity landscape, the Careto threat group, also known as “The Mask,” has resurfaced with sophisticated new attack methods targeting high-profile organizations. Security researchers have identified fresh evidence of Careto’s activity, revealing how the…

Read more →

The cybersecurity community was alarmed in late December 2025 when MongoDB announced a serious vulnerability called “Mongobleed” (CVE-2025-14847). This high-severity flaw allows unauthenticated attackers to steal sensitive data directly from server memory. With a CVSS score of 8.7 and over…

Read more →

A newly disclosed use-after-free vulnerability in Apache NuttX RTOS could allow attackers to cause system crashes and unintended filesystem operations, prompting urgent security warnings for users running network-exposed services. The flaw, tracked as CVE-2025-48769 and rated moderate in severity, affects…

Read more →

The cybersecurity landscape in 2025 has been marked by an unprecedented surge in critical vulnerabilities, with over 21,500 CVEs disclosed in the first half of the year alone, representing a 16-18% increase compared to 2024. Among these, a select group…

Read more →

A federal court in the Southern District of Florida has accepted guilty pleas from two cybersecurity professionals who used their expertise to conduct ransomware attacks rather than stop them. Ryan Goldberg, 40, from Georgia, and Kevin Martin, 36, from Texas,…

Read more →

An open-source solution for handling encrypted WhatsApp backups. The wa-crypt-tools suite, hosted on GitHub, decrypts and encrypts .crypt12, .crypt14, and .crypt15 files from WhatsApp and WhatsApp Business, provided users supply the required key file or 64-character key.​ wa-crypt-tools simplifies access…

Read more →

A new wave of GlassWorm malware has emerged, marking a significant shift in targeting strategy from Windows to macOS systems. This self-propagating worm, distributed through malicious VS Code extensions on the Open VSX marketplace, has already accumulated over 50,000 downloads.…

Read more →

Researchers have uncovered DarkSpectre, a well-funded Chinese threat actor responsible for infecting over 8.8 million users across Chrome, Edge, and Firefox browsers through a series of highly coordinated malware campaigns spanning seven years. The discovery reveals a level of operational…

Read more →

A dangerous cybercrime tool known as ErrTraffic has appeared in underground forums, making it easier for attackers to trick users into running harmful software on their devices. The tool automates what security experts call ClickFix attacks, where fake error messages…

Read more →

Large Language Models (LLMs) have revolutionized software development, democratizing coding capabilities for non-programmers. However, this accessibility has introduced a severe security crisis. Advanced AI tools, designed to assist developers, are now being weaponized to automate the creation of sophisticated exploits…

Read more →

A critical security alert regarding a severe vulnerability in the IBM API Connect platform that could allow remote attackers to bypass authentication mechanisms. Discovered during internal testing, the flaw poses a significant risk to organizations relying on the platform for…

Read more →

APT36, also known as Transparent Tribe, has launched a new malware campaign that targets Indian government and strategic entities by abusing Windows LNK shortcut files. The attack starts with spear‑phishing emails that carry a ZIP archive named “Online JLPT Exam…

Read more →