Tag: CySecurity News – Latest Information Security and Hacking Incidents

  A critical vulnerability tracked as CVE-2024-20439 has placed Cisco’s Smart Licensing Utility (CSLU) in the spotlight after cybersecurity researchers observed active exploitation attempts. The flaw, which involves an undocumented static administrative credential, could allow unauthenticated attackers to remotely access…

Read more →

  Whatsapp for Windows has been recently revealed to have a critical security vulnerability known as CVE-2025-30401. This vulnerability has raised serious concerns within the cybersecurity community since it has been identified. The high severity of this vulnerability affects desktop…

Read more →

Security researchers are sounding the alarm on a looming global wave of smishing attacks, warning that a powerful phishing-as-a-service (PhaaS) platform named Lucid—run by Chinese-speaking threat actors—is enabling cybercriminals to scale operations across 88 countries.  According to threat intelligence firm…

Read more →

  In today’s digital-first economy, technology is a vital part of every business, from small local operations to international corporations. However, the growing reliance on tech also brings significant risks. With over half of global businesses reportedly suffering financial losses…

Read more →

  Yoojo, a European service marketplace, accidentally left a cloud storage bucket unprotected online, exposing around 14.5 million files, including highly sensitive user data. The data breach was uncovered by Cybernews researchers, who immediately informed the company. Following the alert,…

Read more →

  Ukrainian forces are installing malware into their drones as a new tactic in their ongoing war with Russia. This development adds a cyber warfare layer to a battlefield that has already been impacted by drone technology, Forbes reported.  Russian…

Read more →

  A hacker who goes by the name “Rose87168” is claiming to have broken into Oracle Cloud systems and is now threatening to release or sell the data unless their demands are met. According to security researchers, this person says…

Read more →

Researchers at Netskope Threat Labs have found a new malicious campaign that uses tricky tactics to distribute the Legion Loader malware. The campaign uses fake CAPTCHAs and CloudFlare Turnstile to trap targets into downloading malware that leads to the installation…

Read more →

  A series of targeted attacks involving DragonForce, a ransomware group that has reportedly been operating in the Middle East and North Africa region (MENA) are reported to have been launched against companies in the Kingdom of Saudi Arabia (KSA)…

Read more →

  A potentially massive data breach has reportedly compromised Elon Musk’s social media platform X, previously known as Twitter, raising significant privacy concerns for millions of users. Cybersecurity researchers from SafetyDetectives discovered a troubling post over the weekend on BreachForums,…

Read more →

Google (GOOGL) and Apple (AAPL) are under harsh scrutiny after a recent report disclosed that their app stores host VPN applications associated with a Chinese cybersecurity firm, Qihoo 360. The U.S government has blacklisted the firm. The Financial Times reports…

Read more →

  There has been a significant increase in counterfeit Android smartphones in recent years. Recently, cybersecurity investigations have revealed a concern about counterfeit Android smartphones. These unauthorized replicas of popular mobile devices, which are being widely circulated and are pre-loaded…

Read more →

  Google is taking major steps to make browsing the web safer. As the company behind Chrome, the most widely used internet browser, Google’s decisions shape how people all over the world experience the internet. Now, the company has announced…

Read more →

  A new cyberattack campaign is targeting Zoom users by disguising ransomware as the popular video conferencing tool, according to Cybernews. Researchers from DFIR have uncovered a scheme by the BlackSuit ransomware gang, which uses deceptive websites to distribute malicious…

Read more →

  The North Korean threat actors behind the ongoing Contagious Interview campaign are expanding their tentacles on the npm ecosystem by distributing more malicious packages including the BeaverTail malware and a new remote access trojan (RAT) loader.  “These latest samples…

Read more →

  In the last few years since the war in Ukraine began, several European countries have experienced unusual and suspicious activities. These events include online attacks, spying, fires, and efforts to spread false information. Investigations suggest that many of these…

Read more →

Threat actors are exploiting the WordPress mu-plugins (“Must-Use Plugins”) directory to secretly execute malicious code on each page while avoiding detection.  The technique was first observed by security researchers at Sucuri in February 2025, but adoption rates are on the…

Read more →

  Most people think of USB drives as simple tools for storing and transferring files. But not all USB sticks are as harmless as they appear. Some, known as “USB Kill Sticks” or “USB Killers,” are specifically designed to damage…

Read more →

  A hacker using the alias “CoreInjection” has claimed responsibility for stealing what they describe as a “highly sensitive” dataset from cybersecurity firm Check Point.  According to several media reports, the alleged stolen data includes user login credentials, employee contracts,…

Read more →

  Tolling agencies throughout the United States are battling an escalating cybersecurity threat that is causing deceptive text message scams, which are often called smishing, to escalate. As a result of these fraudulent campaigns, unsuspecting motorists are lured into clicking…

Read more →

  API security firm APIsec has confirmed it secured an exposed internal database that was left accessible on the internet without a password for several days, potentially exposing sensitive customer information. The database, which was discovered by cybersecurity research firm…

Read more →

  A popular trend is taking over social media, where users are sharing cartoon-like pictures of themselves inspired by the art style of Studio Ghibli. These fun, animated portraits are often created using tools powered by artificial intelligence, like ChatGPT-4o.…

Read more →

  Oracle is reportedly trying to downplay the impact of the attack while quietly acknowledging to clients that some of its cloud services have been compromised.  A hacker dubbed online as ‘rose87168’ recently offered to sell millions of lines of…

Read more →

  Cybercriminals are evolving. Those dramatic emails warning about expired subscriptions, tax threats, or computer hacks are slowly being replaced by subtler, less alarming messages. New research suggests scammers are moving away from attention-grabbing tactics because people are finally catching…

Read more →

  You may feel safe behind your screen, but it turns out that privacy might be more of an illusion than a fact. New research reveals that hackers have found an alarming way to peek at what’s happening on your…

Read more →

  During the analysis of the Samsung Germany data breach, a wide range of sensitive information was found to be compromised, including customer names, addresses, email addresses, order history, and internal communications, among other sensitive data. Those findings were contained…

Read more →

  French startup Twin has introduced its very first AI-powered automation tool to help business owners who use Qonto. Qonto is a digital banking platform that offers financial services to companies across Europe. Many Qonto users spend hours each month…

Read more →

Global solar power industry under threat The rise in the use of solar power worldwide has revealed gaps in cybersecurity in cloud computing devices, inverters, and monitoring platforms. As these become prone to critical vulnerabilities, it creates an unsafe ecosystem…

Read more →

  In a bold demonstration of AI’s growing role in software development, Airbnb has successfully completed a large-scale code migration project using large language models (LLMs), dramatically reducing the timeline from an estimated 1.5 years to just six weeks. The…

Read more →

  Ukraine’s national railway operator, Ukrzaliznytsia, has fallen victim to a large-scale cyberattack, severely disrupting its online ticket sales and forcing passengers to rely on physical ticket booths. The attack, which began on March 23, has caused significant delays, long…

Read more →

  BitcoinOS and Sovryn founder Edan Yago is creating a mechanism to turn Bitcoin into a digital ownership platform. Growing up in South Africa and coming from a family of Holocaust survivors, Yago’s early experiences sneaking gold coins out of…

Read more →

  An outstanding example of counter-cybercrime has been the successful penetration of the digital infrastructure associated with the ransomware group BlackLock. Threat intelligence professionals succeeded in successfully infiltrating this infrastructure. As a result of this operation, researchers were able to…

Read more →

Recently, the cryptocurrency suffered the largest cyberattack to date. The Bybit exchange was hit by the “largest cryptocurrency heist in history, with approximately $1.5 billion in Ethereum tokens stolen in a matter of hours,” Forbes said. After the Bybit hack,…

Read more →

Cloud-based streaming tools provider StreamElements has acknowledged a data breach stemming from a third-party service it previously collaborated with after a threat actor leaked customer data samples on a hacking forum.  While StreamElements confirmed its own infrastructure remains uncompromised, the…

Read more →

  A China-linked cyberespionage gang known as ‘FamousSparrow’ was caught utilising a new modular version of its signature backdoor ‘SparrowDoor’ against a US-based trade organisation. Security experts at ESET spotted the activities and new malware version, uncovering evidence that the…

Read more →

  As data privacy becomes an increasing concern, a new artificial intelligence (AI) encryption breakthrough could transform how sensitive information is handled. Researchers Austin Ebel, Karthik Garimella, and Assistant Professor Brandon Reagen have developed Orion, a framework that integrates fully…

Read more →

  As a result of DeepSeek’s emergence, the global landscape for artificial intelligence (AI) has been profoundly affected, going way beyond initial media coverage. AI-driven businesses, semiconductor manufacturing, data centres and energy infrastructure all benefit from its advancements, which are…

Read more →

Last week, Alibaba Cloud launched its latest AI model in its “Qwen series,” as large language model (LLM) competition in China continues to intensify after the launch of famous “DeepSeek” AI. The latest “Qwen2.5-Omni-7B” is a multimodal model- it can…

Read more →

  A newly identified Android banking malware named Crocodilus is making waves in the cybersecurity world, with experts warning about its advanced capabilities and targeted attacks in Spain and Turkey. Discovered by Dutch mobile security firm ThreatFabric, the malware represents…

Read more →

Last week, Alibaba Cloud launched its latest AI model in its “Qwen series,” as large language model (LLM) competition in China continues to intensify after the launch of famous “DeepSeek” AI. The latest “Qwen2.5-Omni-7B” is a multimodal model- it can…

Read more →

In a series of unfortunate events, experts suggest the advancement of cybercrime isn’t ending anytime soon. Every day, the digital landscape evolves, thanks to innovations and technological advancements. Despite this growth, it suffers from a few roadblocks, cybercrime being a…

Read more →

  A major data leak from Sydney Tools, an Australian retailer specializing in power tools, hand tools, and industrial equipment, has potentially exposed the personal information of millions of customers and employees. The breach, discovered by cybersecurity researchers at Cybernews,…

Read more →

  Phishing-as-a-service (PaaS) platforms like Lucid have emerged as significant cyber threats because they are highly sophisticated, have been used in large-scale phishing campaigns in 88 countries, and have been compromised by 169 entities. As part of this platform, sophisticated…

Read more →

  A new cybercrime platform dubbed ‘Atlantis AIO’ provides automatic credential stuffing against 140 internet platforms, including email, e-commerce, banking, and VPNs. Atlantis AIO includes pre-configured modules for performing brute force assaults, bypassing CAPTCHAs, automating account recovery operations, and monetising…

Read more →

Browser-in-the-browser attacks are simple yet sophisticated phishing scams. Hackers emulate trusted services via fake pop-up windows that look like the actual (real) login pages. While there have been a lot of reports describing browser-in-the-browser tactics, it is very difficult to…

Read more →

  Reports that senior Trump administration officials discussed classified military operations using the encrypted texting app Signal have raised serious security concerns. Although Signal provides encryption, lawmakers and cybersecurity specialists have warned that it is still susceptible to hacking and…

Read more →

  International efforts to dismantle illicit financial networks are facing new challenges, as the recently sanctioned Russian cryptocurrency exchange Garantex appears to have rebranded and resumed operations under a new name—Grinex. Reports from blockchain analytics firm Global Ledger suggest that…

Read more →

  In 2024, the financial landscape in Africa has been rocked by a series of high-impact cyberattacks, underscoring the urgent need for enhanced digital defenses across the Banking, Financial Services, and Insurance (BFSI) sector. From Uganda to Zimbabwe and South…

Read more →

  A massive collection of classified defence documents has reportedly been stolen by hackers and put up for sale. The stolen information includes blueprints for a weapon, details about an upcoming Air Force facility, procurement strategies, and India’s defence partnerships…

Read more →

  The cybersecurity expert Troy Hunt, who founded the data breach notification platform Have I Been Pwned, recently revealed that he had been the victim of a phishing attack that was intended to compromise his subscriber list for the attacker…

Read more →

  RedCurl, a cyber threat group active since 2018 and known for stealthy corporate espionage, has now shifted its approach by deploying ransomware targeting Hyper-V virtual machines. Initially identified by Group-IB, RedCurl primarily targeted corporate organizations globally, later expanding its…

Read more →

  Cyble threat intelligence researchers discovered a GitHub repository posing as a hiring coding challenge, tricking developers into downloading a backdoor that steals private data. The campaign employs a variety of novel approaches, including leveraging a social media profile for…

Read more →

  As part of an ongoing analysis of ransomware-as-a-service operations, a new operation known as VanHelsing has been identified. This operation demonstrates a sophisticated multi-platform capability, posing a significant cybersecurity threat. This new strain of ransomware is designed to be…

Read more →

  Connor Moucka, a Canadian citizen accused of orchestrating large-scale data breaches affecting 165 companies using Snowflake’s cloud storage services, has agreed to be extradited to the United States to face multiple federal charges. The breaches, which targeted high-profile companies…

Read more →

  Steam, a leading digital distribution platform for PC games, recently removed Sniper: Phantom’s Resolution after users discovered it contained malware designed to steal sensitive data. The installer, disguised as a legitimate Windows process, executed evasive techniques, including launching and…

Read more →

  Google has recently confirmed that a technical problem caused the loss of user data from Google Maps Timeline, leaving some users unable to recover their saved location history. The issue has frustrated many, especially those who relied on Timeline…

Read more →

  North Korea has reportedly launched a new cyber research unit, Research Center 227, as part of its efforts to enhance hacking capabilities and intelligence operations. According to Daily NK, this center is expected to function continuously, providing real-time support…

Read more →

  Artificial intelligence is changing cybersecurity and digital privacy. It promises better security but also raises concerns about ethical boundaries, data exploitation, and spying. From facial recognition software to predictive crime prevention, customers are left wondering where to draw the…

Read more →

  The Google team has officially announced the launch of a major update to Gmail, which will enhance functionality, improve the user experience, and strengthen security. It is anticipated that this update to one of the world’s most commonly used…

Read more →

  Identity theft is not always as straightforward as acquiring one person’s information; stolen identities can be put together from several sources. This rising crime, known as synthetic identity fraud or “Frankenstein fraud,” involves combining someone’s Social Security number with…

Read more →

  Cybersecurity experts have discovered ransomware hidden within two Visual Studio Code (VSCode) Marketplace extensions, raising concerns about Microsoft’s ability to detect malicious software in its platform. The compromised extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded by users before security…

Read more →

  The Multi-Factor Authentication (MFA) system has been a crucial component of modern cybersecurity for several years now. It is intended to enhance security by requiring additional forms of verification in addition to traditional passwords. MFA strengthens access control by…

Read more →

  WhatsApp recently fixed a major security loophole that was being used to install spyware on users’ devices. The issue, known as a zero-click, zero-day vulnerability, allowed hackers to access phones without the user needing to click on anything. Security…

Read more →

  Swiss telecommunications company Ascom has disclosed a cyberattack on its IT infrastructure, confirming that the hacker group HellCat exploited compromised credentials to target Jira servers worldwide. In an official statement, Ascom revealed that its technical ticketing system was breached…

Read more →

  Following a threat actor’s claim to be selling 6 million data records allegedly stolen from Oracle Cloud’s federated SSO login servers, Oracle denies that it was compromised.  “There has been no breach of Oracle Cloud. The published credentials are…

Read more →

  A newly discovered backdoor malware, dubbed Betruger, has been identified in multiple recent ransomware attacks. Researchers at Symantec believe at least one affiliate of the RansomHub ransomware-as-a-service (RaaS) operation is using this sophisticated tool to facilitate cyber intrusions.  Unlike…

Read more →

  During the decade of 2025, the cybersecurity landscape has drastically changed, with ransomware from a once isolated incident to a full-sized global crisis. No longer confined to isolated incidents, these attacks are now posing a tremendous threat to economies,…

Read more →

  A newly identified malware strain, Arcane, is making headlines for its ability to steal a vast range of user data. This malicious software infiltrates systems to extract sensitive credentials from VPN services, gaming platforms, messaging apps, and web browsers.…

Read more →

  It is not unusual for your bank to try to contact you. However, some of those emails and phone calls are simply scammers taking advantage of your trust in your bank to scam you. In general, you should be…

Read more →

  Modern digital landscapes have become increasingly challenging for data management because of the rapid expansion of data volumes and sources. Organizations have to navigate the complexities of storing a vast amount of data while ensuring seamless access for a…

Read more →

  The European Union’s main police agency, Europol, has raised an alarm about how artificial intelligence (AI) is now being misused by criminal groups. According to their latest report, criminals are using AI to carry out serious crimes like drug…

Read more →

  Western Alliance Bank has alerted nearly 22,000 customers that their personal information was compromised following a cyberattack in October. The breach stemmed from a vulnerability in a third-party vendor’s secure file transfer software, which allowed attackers to gain unauthorized…

Read more →

  Unpredictability is a hallmark of cybersecurity work. I doubt you expected to read an article linking Julius Caesar, the ancient Roman ruler, to almost a million phishing attacks so far in 2025. But, here we are. The phishing threat…

Read more →

  Free online file converters have become a popular choice for users looking to convert files into different formats. Whether transforming a PDF into a Word document or switching between media formats, these tools offer convenience with just a few…

Read more →

  An attack of a cascading supply chain was recently triggered by the compromise of the GitHub action “reviewdog/action-setup@v1”, which ultimately led to the security breach of the “tj-actions/changed-files” repository. As a result of this breach, unintended secrets about continuous…

Read more →

    Federal agencies are urging individuals and organizations to stay vigilant against a rising ransomware threat that has affected hundreds of new victims in recent weeks. The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Multi-State Information Sharing and…

Read more →

  To ensure the safety of citizens throughout the world, and to enforce immigration laws, the Department of Homeland Security and Immigration and Customs Enforcement (ICE) have always relied heavily on social media monitoring as an essential component of their…

Read more →

  Since 2017, at least 11 state-sponsored threat groups have actively exploited a Microsoft zero-day issue that allows for abuse of Windows shortcut files to steal data and commit cyber espionage against organisations across multiple industries.  Threat analysts from Trend…

Read more →

  Cybersecurity researchers have uncovered a new attack campaign in which hackers are exploiting vulnerabilities in Fortinet firewalls to breach corporate networks and deploy ransomware. The hacking group, tracked as “Mora_001,” is leveraging two specific flaws in Fortinet’s firewall software…

Read more →

  Cybersecurity researchers at Trend Micro have uncovered new variants of the Albabat ransomware, designed to target multiple operating systems and optimize attack execution. Albabat ransomware 2.0 now extends beyond Microsoft Windows, incorporating mechanisms to collect system data and streamline…

Read more →

  It is becoming increasingly common for digital communication to involve sharing files, whether for professional or personal reasons. Some file exchanges are trivial, such as sending humorous images by email, while others contain highly sensitive information that needs to…

Read more →

  Infostealer malware is becoming one of the most alarming cybersecurity threats, silently stealing sensitive data from individuals and organizations. This type of malware operates stealthily, often going undetected for long periods while extracting valuable information such as login credentials,…

Read more →

  Microsoft has revealed details of a large-scale malvertising campaign that is believed to have impacted over one million devices worldwide as part of an opportunistic attack aimed at stealing sensitive information.  The tech giant, which discovered the activity in…

Read more →

  There has been a worrying rise in the number of people losing control of their social media and email accounts this year. According to recent data from Action Fraud, the UK’s national cybercrime reporting center, over 35,000 cases were…

Read more →

  Chinese hackers involved in the Volt Typhoon attack spent over a year inside the networks of a major utility company in Littleton, Massachusetts.  In a report published last week, Dragos, an operational technology (OT) cybersecurity firm, described their work…

Read more →

  A recent report from Nozomi Networks has revealed that the vast majority of Wi-Fi networks are highly vulnerable to deauthentication attacks, a common form of denial-of-service (DoS) attack. After analyzing telemetry from hundreds of operational technology (OT) and internet…

Read more →

  Researchers have uncovered a series of highly sophisticated cyberattacks by the notorious Lazarus group, targeting web servers in South Korea. The attackers have been infiltrating IIS servers to deploy ASP-based web shells, which serve as the first-stage Command and…

Read more →

  The Overlooked Danger of Password Reuse While digital access is becoming increasingly prevalent in our everyday lives, from managing finances to enjoying online entertainment, there remains a critical security lapse: password reuse. Even though it is convenient, this practice…

Read more →

  Apple is set to make a major improvement in how people using iPhones and Android devices communicate. Soon, text messages exchanged between these two platforms will be protected with end-to-end encryption, offering better privacy and security. For years, secure…

Read more →

  In the Black Basta ransomware group, an automated brute force attack tool referred to as BRUTED has been developed to target and compromise edge networking devices such as firewalls and VPNs, as well as other edge networking devices. By…

Read more →

  Raymond Limited, a leading textile and apparel firm, acknowledged a cyberattack on its IT infrastructure on February 19. The company quickly segregated affected systems to protect essential business operations and avoid disruptions to customer-facing platforms or shop networks. Rakesh…

Read more →

  A recent cybersecurity report by S-RM has revealed a new tactic used by the Akira ransomware group, demonstrating their persistence in bypassing security defenses. When their initial attempt to deploy ransomware was blocked by an endpoint detection and response…

Read more →

  The growing use of digital systems in cars, trucks, and mobility services has made the automotive industry a new favorite target for hackers. Companies involved in making vehicles, supplying parts, and even selling them are now dealing with a…

Read more →

  Do you think continuing with the same old version of the same old software is a good idea? While it may function adequately for the time being, the clock is ticking towards disaster. Waiting to upgrade results in a…

Read more →

  Researchers have discovered at least five Android apps on Google Play that secretly function as spyware for the North Korean government. Despite passing Google Play’s security checks, these apps collect personal data from users without their knowledge. The malware,…

Read more →

  A network security risk associated with unauthorized password resets is very significant, as it can expose sensitive information and systems to cyber threats. IT administrators must take care to monitor and validate every password reset, particularly those that involve…

Read more →

  A newly discovered ransomware group known as Mora_001 is carrying out cyberattacks by exploiting security weaknesses found in Fortinet’s firewall systems. The group is using a custom ransomware strain named SuperBlack to target organizations and lock their data for…

Read more →

  The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a #StopRansomware advisory, warning organizations about the increasing threat of Medusa ransomware.  Medusa, a ransomware-as-a-service (RaaS)…

Read more →

  Microsoft Threat Intelligence identified a new strain of XCSSET, a complex modular macOS malware that targets Xcode programs. The malware was discovered in the wild during routine threat hunting, and it is the first known XCSSET variant to appear…

Read more →

  There is a growing threat to individuals from spamming, a form of cyber attack derived from SMS phishing, which uses text messaging to deceive them into disclosing sensitive information or engaging with malicious links via text messaging. Though the…

Read more →