The Washington Post is conducting a comprehensive investigation into a sophisticated cyberattack that compromised the email accounts of multiple journalists, with security experts and federal authorities examining evidence that suggests the involvement of a foreign government. The intrusion, discovered late…
Tag: Cyber Security News
Washington Post Journalists’ Microsoft Accounts Hacked in Targetetd Cyberattack
The Washington Post is conducting a comprehensive investigation into a sophisticated cyberattack that compromised the email accounts of multiple journalists, with security experts and federal authorities examining evidence that suggests the involvement of a foreign government. The intrusion, discovered late…
Microsoft Outlook Users Face Crashes When Creating New Emails, Temp Fix Issued
Enterprise users of classic Microsoft Outlook are experiencing application crashes when attempting to create or open new emails, according to a technical advisory released by Microsoft today. The issue, which primarily affects virtual desktop infrastructure (VDI) environments, has been escalated…
Darknet Market Archetyp Takedown by Authorities in Joint Action ‘Operation Deep Sentinel’
International law enforcement agencies have successfully dismantled one of the world’s largest darknet marketplaces, “Archetyp Market,” in a coordinated operation that resulted in multiple arrests across Europe and the seizure of millions in criminal assets. The operation, led by German…
Former GCHQ Intern Jailed for Seven Years After Copying Top Secret Files to Mobile Phone
A former GCHQ intern has been sentenced to seven-and-a-half years in prison after copying top secret data files onto his mobile phone and taking them to his home computer, creating what prosecutors described as a significant risk to national security.…
Katz Stealer Enhances Credential Theft Capabilities with System Fingerprinting and Persistence Mechanisms
A sophisticated new information-stealing malware known as Katz Stealer has emerged in 2025, demonstrating advanced credential theft capabilities combined with innovative persistence mechanisms that target popular applications like Discord. The malware-as-a-service (MaaS) platform represents a significant evolution in cybercriminal toolkits,…
Microsoft Purview DLP to Restrict Microsoft 365 Copilot in Processing Emails With Sensitive Labels
Microsoft has announced a significant enhancement to its data protection capabilities with the introduction of a new Data Loss Prevention (DLP) feature that will prevent Microsoft 365 Copilot from processing emails containing sensitivity labels. This development represents a crucial step…
Zoomcar Hacked – 8.4 Million Users’ Sensitive Details Exposed
Car-sharing giant Zoomcar Holdings, Inc. has disclosed a significant cybersecurity incident that compromised sensitive personal information of approximately 8.4 million users. The breach, discovered on June 9, 2025, represents one of the largest data exposures in the mobility sector, highlighting…
How PureVPN’s Password Manager Closes A Major Security Gap Hackers Exploit
Your passwords are more than just logins – they’re the gateway to your identity, finances, work, and private life. But here’s the truth: storing them in a password manager is no longer enough. Why? Because traditional password managers protect credentials…
Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation
In a sophisticated cybersecurity incident discovered on June 16, 2025, security researchers identified a malicious payload cleverly hidden within a JPEG image using a combination of steganography and modified Base64 encoding techniques. The malware, embedded after the file’s End Of…
46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks
A critical vulnerability affecting over 46,000 publicly accessible Grafana instances worldwide, with 36% of all public-facing deployments vulnerable to complete account takeover attacks. The newly discovered flaw, designated CVE-2025-4123 and dubbed “The Grafana Ghost,” represents a significant threat to organizations…
20+ Malicious Apps on Google Play Actively Attacking Users to Steal Login Credentials
A sophisticated phishing operation involving more than 20 malicious applications distributed through the Google Play Store, specifically designed to steal cryptocurrency wallet credentials from unsuspecting users. The discovery, made by Cyble Research and Intelligence Labs (CRIL), reveals a coordinated campaign…
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS, CI/CD and macOS Data
A sophisticated malware campaign has emerged targeting the Python Package Index (PyPI) repository, with cybercriminals deploying weaponized packages designed to steal sensitive cloud infrastructure credentials and corporate data. The malicious package, identified as “chimera-sandbox-extensions,” represents a new breed of supply…
Hackers Can Hide Images in Text Data and Embeds Directly into DNS TXT Records
A novel method has emerged that demonstrates how digital images can be seamlessly embedded within DNS TXT records, effectively transforming domain name infrastructure into an unconventional image storage system. This innovative technique, dubbed “dnsimg,” represents a novel approach to data…
North Korean APT Hackers Attacking Ukrainian Government Agencies to Steal Login Credentials
North Korean advanced persistent threat (APT) groups have launched a sophisticated cyber campaign against Ukrainian government agencies, marking a significant departure from their traditional targeting patterns. This shift in focus represents a potentially strategic alignment with Russian interests, as North…
Threat Actors Using Fake Travel Websites to Infect Users’ PCs with XWorm Malware
A sophisticated cybercrime campaign has emerged targeting holiday travelers through meticulously crafted fake travel booking websites designed to mimic legitimate platforms like Booking.com. The operation, which gained significant momentum in the first quarter of 2025, represents an alarming evolution in…
Hackers Hijacked Discord Invite to Inject Malicious Links That Deliver AsyncRAT
Cybercriminals have developed a sophisticated attack campaign that exploits Discord’s invite system to distribute dangerous malware, including AsyncRAT remote access trojans and cryptocurrency-stealing software. The campaign leverages expired Discord invite codes and social engineering tactics to redirect unsuspecting users to…
Hackers Could Hide Images in Text Data and Embeds Directly into DNS TXT Records
A novel method has emerged that demonstrates how digital images can be seamlessly embedded within DNS TXT records, effectively transforming domain name infrastructure into an unconventional image storage system. This innovative technique, dubbed “dnsimg,” represents a novel approach to data…
Google Massive Cloud Outage Linked to API Management System
Google Cloud experienced one of its most significant outages in recent history on June 12, 2025, when a critical failure in its API management system brought down dozens of services worldwide for up to seven hours. The incident affected millions…
Anubis Ransomware With Wipe Mode That Permanently Erases File With No Recovery Option
A new ransomware-as-a-service operation has emerged in the cyberthreat landscape, introducing a devastating capability that sets it apart from conventional ransomware families. Anubis ransomware combines traditional file encryption with a destructive “wipe mode” feature that permanently erases file contents, making…