Tag: CySecurity News – Latest Information Security and Hacking Incidents

  Malicious actors are propagating a recently discovered Android malware called Tria by sending phoney wedding invitations to consumers in Brunei and Malaysia.  According to a report published by the Russian cybersecurity firm Kaspersky, the attackers have been using private…

Read more →

  Food delivery service Grubhub has suffered a security breach that exposed sensitive information belonging to customers, drivers, and merchants. The breach, caused by unauthorized access through a third-party service provider, compromised personal details, hashed passwords, and partial credit card…

Read more →

  North Korea-linked hacking group Kimsuky has been identified conducting targeted spear-phishing campaigns to distribute an information stealer known as forceCopy, according to the latest findings from the AhnLab Security Intelligence Center (ASEC). The cyberattacks begin with phishing emails that…

Read more →

  As of January 2025, there were multiple attacks on Russian organizations across several industries, including finance, retail, information technology, government, transportation, and logistics, all of which have been targeted by BI.ZONE. The threat actors have used NOVA stealer, a…

Read more →

  In a strategic move to combat identity theft and fraud, Mastercard has announced plans to remove the traditional 16-digit card number from credit and debit cards by 2030. Instead, the company will implement tokenization and biometric authentication to enhance…

Read more →

Supercharged AI phishing campaigns are extremely challenging to notice. Attackers use AI phishing scams with better grammar, structure, and spelling, to appear legit and trick the user. In this blog, we learn how to spot AI scams and avoid becoming…

Read more →

  A cybersecurity researcher recently discovered a serious vulnerability in Subaru’s Starlink system, allowing him to remotely control vehicles across the U.S., Canada, and Japan. The ethical hacker, Sam Curry, was able to unlock doors, start and stop engines, and…

Read more →

  A large proportion of the modern digital world involves everyday transactions taking place on the internet, from simple purchases to the exchange of highly sensitive corporate data that is highly confidential. In this era of rapid technological advancement, quantum…

Read more →

  QR codes are already ubiquitous: from restaurant menus to public transportation schedules, everyone wants you to scan theirs. This normalisation of scanning random QR codes is being exploited, resulting in a new cybersecurity threat known as Quishing.  What is…

Read more →

  A new class action lawsuit accuses Amazon of secretly gathering and monetizing location data from millions of California residents without their consent. The legal complaint, filed in a U.S. District Court, alleges that Amazon used its Amazon Ads software…

Read more →

  A decade after the mysterious disappearance of Malaysia Airlines Flight MH370, advancements in technology are breathing new life into the search for answers. Despite extensive global investigations, the aircraft’s exact whereabouts remain unknown. However, emerging tools like artificial intelligence…

Read more →

  A recent cybersecurity breach has exposed vulnerabilities in government agencies, as hackers infiltrated the U.S. Agency for International Development (USAID) to mine cryptocurrency. The attackers secretly exploited the agency’s Microsoft Azure cloud resources, leading to $500,000 in unauthorized service…

Read more →

  WhatsApp has uncovered a stealthy spyware attack attributed to Israeli firm Paragon, targeting nearly 100 users worldwide, including journalists and civil society members. This zero-click attack required no user interaction, making it particularly dangerous as it could infiltrate devices…

Read more →

     Gmail has issued a warning to its 2.5 billion users about a sophisticated AI-powered phishing attack. Fraudsters are using caller IDs that seem to originate from Google support, convincing users that their accounts have been compromised. Under the…

Read more →

  An optical encryption technique developed by researchers at the Foundation for Research and Technology Hellas (FORTH) and the University of Crete in Greece is claimed to provide an exceptionally high level of security.  According to Optica, the system decodes…

Read more →

  As outlined in the European Union’s (EU) Artificial Intelligence Act (AI Act), which was first presented in 2023, the AI Act establishes a common regulatory and legal framework for the development and application of artificial intelligence. In April 2021,…

Read more →

Attempts to censor opposition voices are not new. Since the advent of new media, few Governments and nations have used spyware to keep tabs on the public, and sometimes target individuals that the government considers a threat. All this is…

Read more →

  Italy’s data protection authority, Garante, has ordered Chinese AI chatbot DeepSeek to halt its operations in the country. The decision comes after the company failed to provide clear answers about how it collects and handles user data. Authorities fear…

Read more →

The US Department of Justice (DoJ) joined forces with international law enforcement to shut down a few Dark Web cybercrime forums, two operations that impacted underground markets associated with the attacks on millions of victims worldwide.  Pakistani dark web forum…

Read more →

  There have been numerous scandals surrounding this artificial intelligence company which had astonished the world by seemingly rivaling the successful chatbot ChatGPT at a fraction of the cost. However, now, regulators and privacy advocates have raised questions about the…

Read more →

  Virtual credit cards are digital versions of physical credit cards. They generate a unique credit card number that you can use instead of your physical card number, avoiding the merchant from storing your credit card data and making your…

Read more →

  Cybersecurity continues to be a growing concern as organizations worldwide face an increasing number of sophisticated attacks. In early 2024, businesses encountered an alarming 1,308 cyberattacks per week—a sharp 28% rise from the previous year. This surge highlights the…

Read more →

  Cybercriminals are adopting a new strategy in their ransomware demands—embedding advertisements to recruit insiders willing to leak company data. Threat intelligence researchers at GroupSense recently shared their findings with Dark Reading, highlighting this emerging tactic. According to their analysis,…

Read more →

Cybersecurity & Infrastructure Security Agency (CISA) in the US rolled out an investigation report concerning three firmware variants used in Contec CMS800, a patient monitoring system used in healthcare facilities and hospitals.  CIS finds hidden backdoor in Chinese software Experts…

Read more →

  The New York Blood Center (NYBC), a major provider of blood products and transfusion services in the U.S., suffered a ransomware attack on Sunday, leading to operational disruptions and the cancellation of some donor appointments.  The cyberattack comes at…

Read more →

  ‘Browser Syncjacking,’ which allows threat actors to hijack Google profiles, compromise browsers, and eventually gain full control over a victim’s device—all through a seemingly harmless Chrome extension. This stealthy multi-stage attack requires minimal permissions and almost no user interaction…

Read more →

  Over a million people have been notified of a recent data breach by Community Health Centre, a nonprofit healthcare organisation based in Middletown, Connecticut. On January 2, 2025, unauthorised activity was detected in its computer systems, and external cybersecurity…

Read more →

  Unauthorized access to Mizuno USA’s network has resulted in a compromise of sensitive customer information, which has caused Mizuno USA to notify its customers about the breach. In a letter to affected individuals, the sports gear manufacturer shared information…

Read more →

  Cyber fraud continues to evolve, with scammers using increasingly sophisticated techniques to deceive victims. In a recent case from Bengaluru, a woman lost ₹2 lakh after receiving a fraudulent automated call that mimicked her bank’s Interactive Voice Response (IVR)…

Read more →

< p style=”text-align: justify;”>Cybersecurity researchers at GreyNoise have uncovered widespread exploitation of a critical zero-day vulnerability in Zyxel CPE Series devices, months after it was initially reported to the manufacturer. The flaw, identified as CVE-2024-40891, allows attackers to execute arbitrary…

Read more →

Scareware is a malware type that uses fear tactics to trap users and trick them into installing malware unknowingly or disclosing private information before they realize they are being scammed. Generally, the scareware attacks are disguised as full-screen alerts that…

Read more →

  A new security bulletin has been released by MediaTek for February 2025, which reveals several critical vulnerabilities, which may affect its chipsets used in smartphones, tablets, as well as numerous other devices. There are security issues identified in the…

Read more →

< p style=”text-align: justify;”>January 27 marked a pivotal day for the artificial intelligence (AI) industry, with two major developments reshaping its future. First, Nvidia, the global leader in AI chips, suffered a historic loss of $589 billion in market value…

Read more →

  < p style=”text-align: justify;”>Two federal employees have filed a lawsuit against the Office of Personnel Management (OPM), alleging that a newly implemented email system is being used to compile a database of federal workers without proper authorization. The lawsuit…

Read more →

  In an era where technology permeates every aspect of our lives, education is undergoing a transformative shift. Imagine a classroom where each student’s learning experience is tailored to their unique needs, interests, and pace. This is no longer a…

Read more →

< p style=”text-align: justify;”>The financial sector is facing a sharp increase in cyber threats, with investment firms, such as asset managers, hedge funds, and private equity firms, becoming prime targets for ransomware, AI-driven attacks, and data breaches. These firms rely…

Read more →

  Google continues to strengthen its cybersecurity framework, particularly in safeguarding AI systems from threats such as prompt injection attacks on Gemini. By leveraging automated red team hacking bots, the company is proactively identifying and mitigating vulnerabilities. Google employs an…

Read more →

Password management solutions are the unsung heroes in enterprise security. They protect our digital identities, ensuring sensitive info such as passwords, personal details, or financial data is kept safe from threat actors.  However, in a recent breach, several critical vulnerabilities…

Read more →

  < p style=”text-align: justify;”>Smiths Group, a London-listed engineering firm operating in energy, security, aerospace, and defence, has reported a cybersecurity incident involving unauthorised access to its systems. The company has taken immediate steps to mitigate potential disruptions and contain…

Read more →

  < p style=”text-align: justify;”>Tata Technologies, a multinational engineering firm and subsidiary of Tata Motors, recently experienced a ransomware attack that led to the temporary suspension of certain IT services. The company promptly launched an investigation into the incident and…

Read more →

< p style=”text-align: justify;”>Cryptojacking, the unauthorized exploitation of an organization’s computing resources to mine cryptocurrency, has emerged as a significant yet often overlooked cybersecurity threat. Unlike ransomware, which overtly disrupts operations, cryptojacking operates covertly, leading to substantial financial and operational…

Read more →

  The Python Package Index (PyPI) has informed users that no modifications are expected with the launch of “Project Archival,” a new method that enables publishers to archive their projects. To assist users in making informed decisions regarding their dependencies,…

Read more →

  < p style=”text-align: justify;”> A new cyber attack is putting Amazon Prime subscribers at risk. Hackers are sending malicious emails warning users that their Prime membership is about to expire. These emails contain attachments with dangerous links that redirect…

Read more →

Hackers use various ways to steal user data, one recent trend, according to the FBI, shows they have started gaining employment with companies. The agency has pushed out public announcement I-012325-PSA, warning organizations in the U.S. to disable local admin…

Read more →

  < p style=”text-align: justify;”>Security researchers have uncovered two new vulnerabilities in modern Apple processors, named FLOP and SLAP, which could allow attackers to remotely steal sensitive data through web browsers. Discovered by researchers from the Georgia Institute of Technology…

Read more →

  The landscape of cybersecurity has been greatly transformed by artificial intelligence, which has provided both transformative opportunities as well as emerging challenges. Moreover, AI-powered security tools have made it possible for organizations to detect and respond to threats much…

Read more →

  In a recently uncovered phishing campaign, threat actors are employing malicious PDF files to target mobile device users in potentially more than fifty nations. Dubbed as the “PDF Mishing Attack,” the effort exposes new vulnerabilities in mobile platforms by…

Read more →

  North Korea’s notorious hacking collective, Lazarus Group, has orchestrated a large-scale supply chain attack, compromising hundreds of victims worldwide, according to cybersecurity researchers. The operation, named Phantom Circuit, remains active as of this month. The group injected malicious backdoors…

Read more →

  The U.S. Food and Drug Administration (FDA) has issued a safety communication highlighting cybersecurity vulnerabilities in certain patient monitors manufactured by Contec and relabeled by Epsimed. The FDA’s notice, published on Thursday, identifies three critical security flaws that could…

Read more →

Generative AI (GenAI) is transforming the cybersecurity landscape, with 52% of CISOs prioritizing innovation using emerging technologies. However, a significant disconnect exists, as only 33% of board members view these technologies as a top priority. This gap underscores the challenge…

Read more →

  < p style=”text-align: justify;”>In recent years, the cybersecurity landscape has faced an unprecedented wave of threats. State-sponsored cybercriminals and less experienced attackers armed with sophisticated tools from the dark web are relentlessly targeting weak links in global cybersecurity systems.…

Read more →

According to security experts, threat actors are abusing out-of-date versions of WordPress and plug-ins to modify thousands of sites to trap visitors into downloading and installing malware. In a conversation with cybersecurity news portal TechCrunch, Simon Wijckmans, founder and CEO…

Read more →

  < p style=”text-align: justify;”>ENGlobal Corporation, a prominent contractor in the energy sector, has disclosed that a ransomware attack in November 2024 led to the exposure of sensitive personal data. The incident, which occurred on November 25, forced the company…

Read more →

  As vehicles become increasingly connected to the internet, cybersecurity threats pose growing risks to drivers. A recent security flaw in Subaru’s Starlink system highlights the potential dangers, allowing hackers to remotely control vehicles and access sensitive data. This incident…

Read more →

  < p style=”text-align: justify;”> A North Korean cybercriminal group, Andariel, has been found using a stealthy hacking technique called RID hijacking to gain full control over Windows systems. This method allows attackers to manipulate a computer’s security settings, turning…

Read more →

  < p style=”text-align: justify;”>Password theft has recently dominated headlines, with billions of credentials compromised. Amid this crisis, Microsoft has been pushing to replace traditional passwords with more secure authentication methods. However, a new vulnerability in the Windows BitLocker full-disk…

Read more →

  < p style=”text-align: justify;”> PayPal has been fined $2 million by the New York State Department of Financial Services (DFS) for failing to protect customer data, resulting in a significant security breach. The incident, which occurred in December 2022,…

Read more →

  < p style=”text-align: justify;”>As new threats emerge and defensive strategies evolve, the landscape of data protection is undergoing significant changes. With February 1 marking Change Your Password Day, it’s a timely reminder of the importance of strong password habits…

Read more →

  A 62-year-old retired bank manager from Pune became the victim of a massive cyber fraud, losing ₹2.22 crore over several months. Scammers posing as government officials tricked the individual into purchasing multiple insurance policies by promising high returns.   How…

Read more →

  < p style=”text-align: justify;”>In an era where cybercriminals are increasingly targeting passwords through phishing attacks, data breaches, and other malicious tactics, securing online accounts has never been more important. Relying solely on single-factor authentication, such as a password, is…

Read more →

  The United States is poised to undergo a period of highly disruptive transformation. The incoming administration has promised to make significant changes, including forming a new body, the Department of Governmental Efficiency (DOGE), with the aim of substantially reducing…

Read more →

  UnitedHealth Group has officially disclosed that the February ransomware attack on its subsidiary, Change Healthcare, affected approximately 190 million individuals in the U.S.—nearly twice the previously estimated figure. The healthcare giant confirmed the revised number in a statement to…

Read more →

  A significant cyberattack on the Singapore-based cryptocurrency exchange Phemex has resulted in the loss of over $70 million in digital assets. Blockchain security experts believe the incident may be linked to North Korean hackers. The breach was detected on…

Read more →

  Cybercriminals in Russia are using a scam to trick their victims into allowing them to install ransomware on their computers by pretending to be technical support via Microsoft Teams. Once they have convinced victims they have an IT problem,…

Read more →

  Cybercriminals are increasingly using Google ads and sophisticated cloaking techniques to push malware onto unsuspecting users. The latest example involves a fake Homebrew website that tricked users into downloading an infostealer designed to steal sensitive data, including login credentials…

Read more →

  An attacker is reportedly injecting malware into infected devices using popular VPN applications to gain remote control of the devices they are attacking. Google’s Managed Defense team reported this disturbing finding, which sheds light on how malicious actors use…

Read more →

  A threat analyst identified a vulnerability in Cloudflare’s content delivery network (CDN) which could expose someone’s whereabouts just by sending them an image via platforms such as Signal and Discord. While the attack’s geolocation capability is limited for street-level…

Read more →

  Japan is taking decisive steps to enhance its cybersecurity through a new strategy of “active cyber defence.” This approach enables authorized hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers and neutralize cyber-attack sources before they…

Read more →

  South Korean VPN provider IPany fell victim to a supply chain attack orchestrated by the China-aligned hacking group “PlushDaemon.” The attackers compromised IPany’s VPN installer, embedding a custom malware named ‘SlowStepper’ into the installer file, affecting customers upon installation.…

Read more →

  As a result of recent findings on dark web marketplaces, it has been found that many account credentials from major security vendors are being sold. According to Cyble, the rise of information stealers has been largely responsible for this…

Read more →

  < p style=”text-align: justify;”> Virtual Private Networks (VPNs) are widely trusted for protecting online privacy, bypassing regional restrictions, and securing sensitive data. However, new research has uncovered serious flaws in some VPN protocols, exposing millions of systems to potential…

Read more →

  Anonymous Browsing: Tools and Extensions for Enhanced Privacy < p style=”text-align: justify;”> Anonymous browsing is designed to conceal your IP address and location, making it appear as though you are in a different region. This feature is particularly useful…

Read more →

  Downloading through a peer-to-peer (P2P) network referred to as torrenting involves either using torrent files or magnet links to download files. Torrent files are index files that provide the necessary information to locate certain files, segments of files, or…

Read more →

  T-Mobile has taken a significant step in enhancing its cybersecurity by adopting Yubikey security keys for its employees. The company purchased over 200,000 security keys from Yubico, deploying them across all staff, vendors, and authorized retail partners. The rollout,…

Read more →

  Hong Kong experienced a record surge in cyberattacks last year, marking the highest number of incidents in five years. Hackers are increasingly using artificial intelligence (AI) to strengthen their methods, according to the Hong Kong Computer Emergency Response Team…

Read more →

  VPNs are widely known for their benefits, including preventing location-based overcharging, safeguarding online privacy, and enabling access to geographically restricted content like foreign Netflix libraries. Historically, VPNs have been considered safe, but a new investigation by Top10VPN challenges this…

Read more →

  Hackers are once more exploiting Google advertisements to disseminate malware, using a fake Homebrew website to compromise Macs and Linux systems with an infostealer that harvests credentials, browsing data, and cryptocurrency wallets.  Ryan Chenkie discovered the fraudulent Google ad…

Read more →

  A recent study has revealed a concerning link between the increased use of artificial intelligence (AI) tools and declining critical thinking abilities among students. The research, which analyzed responses from over 650 individuals aged 17 and older in the…

Read more →

  The Sophos security team has identified two ransomware campaigns that are utilizing Microsoft Teams to steal data from organizations, and the crooks may be allied with Black Basta and FIN7. In the X-Ops Managed Detection and Response (MDR) service,…

Read more →

  AI in Cybercrimes: Rising Threats and Challenges Kuala Lumpur: The increasing use of artificial intelligence (AI) in cybercrimes is becoming a grave issue, says Datuk Seri Ramli Mohamed Yoosuf, Director of Malaysia’s Commercial Crime Investigation Department (CCID). Speaking at…

Read more →

  In the current cybersecurity era, multi-factor authentication (MFA) is widely recommended and often mandated across several sectors, making it one of the most popular security measures that are available. As stated by the Cybersecurity and Infrastructure Security Agency (CISA),…

Read more →

  ChatGPT Outage: OpenAI Faces Service Disruption in the UK < p style=”text-align: justify;”> On Thursday, OpenAI’s ChatGPT experienced a significant outage in the UK, leaving thousands of users unable to access the popular AI chatbot. The disruption, which began…

Read more →

  Google unveiled a financially driven threat actor, TRIPLESTRENGTH, targeting cloud environments for cryptojacking and on-premise ransomware operations. “This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity,” Google Cloud…

Read more →

  The Quantum Computing Threat to Cryptocurrency Security < p style=”text-align: justify;”> The immense computational power that quantum computing offers raises significant concerns, particularly around its potential to compromise private keys that secure digital interactions. Among the most pressing fears…

Read more →

  You may think you are receiving an email from your trusted ProtonMail account — only to discover it’s a trap set by cybercriminals. Recent research throws light on how attackers are targeting both widely known and lesser-used cloud platforms…

Read more →

  The Evolution of AI: From Generative Models to Agentic Intelligence < p style=”text-align: justify;”> Artificial intelligence is rapidly advancing beyond its current capabilities, transitioning from tools that generate content to systems capable of making autonomous decisions and pursuing long-term…

Read more →

  Cyberattacks Surge During Holidays and Weekends: Semperis Report Companies are particularly susceptible to cyberattacks during public holidays and weekends due to reduced security manpower. A recent report on ransomware assaults, published by Semperis, a provider of identity-based cyber resilience,…

Read more →

  Fortinet Firewall Data Breach: 15,000 Devices Compromised by Belsen Group < p style=”text-align: justify;”> On January 14, 2025, it was reported that the configuration data of over 15,000 Fortinet FortiGate firewalls was leaked on the dark web. The hacker…

Read more →

  Tax Season 2025: Protect Yourself from Fraud with an Identity Protection PIN A new year marks the start of another tax season, bringing with it the usual challenges of navigating the complex US tax code and avoiding scams. One…

Read more →

  Fear of Blame Hampers Cybersecurity Incident Reporting in Ireland A recent survey conducted in Ireland highlights a concerning trend: fear of blame is preventing employees from reporting cybersecurity incidents. The study, carried out by Censuswide for IT.ie and SonicWall,…

Read more →

  European Banks Strengthen Cybersecurity Amid Strict Regulations European banks are being compelled to enhance their cybersecurity systems to comply with stringent regulations aimed at safeguarding critical infrastructure against cyber threats. The rise of digital tools in the financial sector…

Read more →

Cybercriminals Target Google Ads Users in Sophisticated Phishing Attacks < p style=”text-align: justify;”> Cybercriminals are intensifying their phishing campaigns against Google Ads users, employing advanced techniques to steal credentials and bypass two-factor authentication (2FA). This new wave of attacks is…

Read more →

  FBI Warns Smartphone Users About Malicious Apps < p style=”text-align: justify;”> Smartphone users are being urged to exercise caution when downloading apps as some may be designed to steal personal data and send it to fraudsters, leading to potential…

Read more →

  General Motors (GM) and its OnStar division have been barred from selling customer-driving data for the next five years. This decision follows an investigation that revealed GM was sharing sensitive customer information without proper consent.   How Did This Happen?…

Read more →

  Data Breach at Willow Exposes Over 240,000 Customer Records < p style=”text-align: justify;”> A significant data exposure incident involving the Chicago-based financial technology firm Willow has left the personal details of more than 240,000 customers vulnerable. Willow, which offers…

Read more →

  As the government intensifies efforts to raise awareness about digital arrests and online financial fraud, fraudsters have shifted their strategies to stay ahead. A concerning trend has emerged where these individuals pose as representatives of the Telecom Regulatory Authority…

Read more →

AVSLabs is excited to take part in Cybersec Asia 2025, a major cybersecurity event happening on January 22-23, 2025, at the Queen Sirikit National Convention Center (QSNCC) in Bangkok, Thailand. This event brings together top industry leaders and professionals to…

Read more →

  The International Journal of Security has revealed that some of the world’s biggest hotel chains have had their personal information compromised following a threat actor’s attack on a program provider that serves the industry. As part of a data…

Read more →

  A foundation, closely associated with Telegram, called the Open Network (TON), is pursuing ambitious expansion in the United States. A strategic move like this comes amid the expectation that Donald Trump’s upcoming administration will be able to offer a…

Read more →

  Bengaluru emerges as the leading tech-enabled city for scams: Cyber fraud has been on an upward spiral during the period 2021 through September 2024, reports the police while citing the cumulative loss to this city as an amount of…

Read more →