Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through malicious browser extensions designed to steal sensitive banking credentials and financial data. The operation, dubbed “Operation Phantom Enigma,” represents a significant escalation in banking trojans’ evolution, utilizing browser…
Tag: Cyber Security News
Hackers Allegedly Leaked 86 Million AT&T Customer Records with Decrypted SSNs
A massive data breach involving AT&T, with hackers allegedly leaking personal information of 86 million customers. Hackers claimed to have successfully decrypted previously protected Social Security numbers and released the information on cybercrime forums. The breach, first posted on May…
New Crocodilus Malware That Gain Complete Control of Android Device
A sophisticated new Android banking Trojan named Crocodilus has emerged as a significant global threat, demonstrating advanced device-takeover capabilities that grant cybercriminals unprecedented control over infected smartphones. First discovered in March 2025, this malware has rapidly evolved from localized test…
Business Email Compromise Attacks: How To Detect Them Early
Business Email Compromise (BEC) attacks don’t need malware to do damage. All it takes is one convincing message; a fake login prompt, a cleverly disguised link, and an employee’s credentials are gone. From there, attackers can quietly access inboxes, exfiltrate…
Composing The Future Of AI: How Anat Heilper Orchestrates Breakthroughs In Silicon And Software
Anat Heilper is redefining what it means to be a technical leader in AI, not by following the path but by architecting it from the ground up. Having served in key boundary-pushing roles such as the Director of AI and…
Google to Remove Two Certificate Authorities from Chrome Root Store
Google has announced plans to remove two Certificate Authorities (CAs) from Chrome’s Root Store due to ongoing security concerns. The Chrome Root Program and Security Team revealed that Chunghwa Telecom and Netlock will no longer be trusted by default in…
Threat Actors Exploit ‘Prove You Are Human’ Scheme To Deliver Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign that weaponizes users’ trust in routine internet verification processes to deliver malicious payloads. The scheme exploits familiar “prove you are human” prompts, transforming seemingly innocent website interactions into vectors for malware distribution…
Windows Authentication Coercion Attacks Pose Significant Threats to Enterprise Networks
Windows authentication coercion attacks continue to pose substantial risks to enterprise Active Directory environments in 2025, despite Microsoft’s ongoing efforts to implement protective measures. These sophisticated attacks allow threat actors with minimal privileges to gain administrative access to Windows workstations…
IBM QRadar Vulnerabilities Let Attackers Access Sensitive Configuration Files
Multiple severe vulnerabilities in IBM QRadar Suite Software that could allow attackers to access sensitive configuration files and compromise enterprise security infrastructures. The most severe vulnerability, tracked as CVE-2025-25022, carries a CVSS base score of 9.6 and enables unauthenticated users…
Aembit Named to Rising in Cyber 2025 List of Top Cybersecurity Startups
Aembit, the workload identity and access management (IAM) company, today announced its inclusion in Rising in Cyber 2025, an independent list launched by Notable Capital to spotlight the 30 most promising cybersecurity startups shaping the future of security. Unlike traditional rankings,…
New Firefox Feature Automatically Detects Malicious Extensions by Behavior
A sophisticated new security feature has been released by Firefox designed to automatically identify and neutralize malicious browser extensions before they can compromise user data. The implementation comes as crypto wallet scams continue to surge globally, with the FBI reporting…
New Linux PumaBot Attacking IoT Devices by Brute-Forcing SSH Credentials
Cybersecurity researchers have identified a sophisticated new threat targeting the expanding Internet of Things ecosystem. PumaBot, a Go-based Linux botnet, has emerged as a significant concern for organizations operating vulnerable IoT devices, particularly surveillance systems. Unlike conventional malware that conducts…
Hackers Weaponize Ruby Gems To Exfiltrate Telegram Tokens and Messages
A sophisticated supply chain attack has emerged targeting the RubyGems ecosystem, exploiting geopolitical tensions surrounding Vietnam’s recent Telegram ban to steal sensitive developer credentials and communications. The malicious campaign involves two typosquatted Ruby gems designed to impersonate legitimate Fastlane plugins,…
North Face Fashion Brand Warns of Credential Stuffing Attack
The North Face, a prominent outdoor fashion retailer, has issued a comprehensive security notification to customers following the discovery of a credential stuffing attack against its website on April 23, 2025. The incident represents a growing cybersecurity threat where attackers…
State-Sponsored Groups Actively Targeting Manufacturing Sector & OT systems
A comprehensive analysis reveals an alarming escalation in cyberattacks targeting the manufacturing sector, with state-sponsored threat actors and hacktivist groups increasingly focusing their efforts on operational technology systems that control critical industrial processes. The manufacturing sector has emerged as a…
Microsoft Defender for Endpoint Contained 120,000 & Saved 180,000 Devices From Cyberattack
Microsoft has achieved significant cybersecurity milestones in its fight against ransomware and advanced persistent threats, with its Defender for Endpoint platform successfully containing 120,000 compromised user accounts and protecting over 180,000 devices from cyberattacks in just the last six months. …
Russian Hacker Black Owl Attacking Critical Industries To Steal Financial Details
A sophisticated Russian hacktivist group operating under multiple aliases has emerged as a significant threat to critical infrastructure across Russia, employing advanced malware and social engineering techniques to infiltrate and destroy organizational systems. The group, known primarily as BO Team…
Wireshark Certified Analyst: Official Wireshark Certification Released for Security Professionals
The Wireshark Foundation has officially launched the Wireshark Certified Analyst (WCA-101) certification, marking a significant milestone in professional network analysis education. This comprehensive certification program, designed by industry experts including Wireshark creator Gerald Combs, validates advanced proficiency in packet analysis…
Apple’s iOS Activation Vulnerability Allows Injection of Unauthenticated XML Payloads
A critical security vulnerability has been discovered in Apple’s iOS activation infrastructure that allows attackers to inject unauthenticated XML payloads during the device setup phase. This flaw, affecting the latest iOS 18.5 stable release as of May 2025, exposes millions…
CISA Releases ICS Advisories Covering Vulnerabilities & Exploits
CISA issued three critical Industrial Control Systems (ICS) advisories on June 3, 2025, warning organizations about severe vulnerabilities affecting Schneider Electric and Mitsubishi Electric industrial automation products. These advisories highlight exploitable flaws that could enable remote code execution, authentication bypass,…