A major identity-theft operation is now targeting over 100 high-value organizations across multiple industries. The threat comes from SLSH, a dangerous alliance combining the tactics of Scattered Spider, LAPSUS$, and ShinyHunters. Unlike typical automated attacks, this campaign uses real people…
Tag: EN
Hackers Using Teams to Deliver Malicious Content Posing as Microsoft Services
A sophisticated phishing campaign has been identified in which threat actors are abusing legitimate Microsoft Teams functionality to distribute malicious content that appears to originate from trusted Microsoft services. By leveraging the platform’s “Invite a Guest” feature and crafting deceptive…
G_Wagon npm Package Attacking Users to Exfiltrates Browser Credentials using Obfuscated Payload
On January 23rd, 2026, security researchers discovered a dangerous npm package named ansi-universal-ui that disguised itself as a legitimate user interface component library. The deceptive package description claimed to offer a lightweight UI system for modern web applications. However, beneath…
Instagram, Facebook, and WhatsApp to Test New Premium Subscriptions
Meta is gearing up to roll out premium subscription tiers across its flagship apps, Instagram, Facebook, and WhatsApp, offering users exclusive features to boost productivity, creativity, and AI-driven interactions. The company confirmed the plans to emphasize that core app experiences…
Attackers Hijacking Official GitHub Desktop Repository to Distribute Malware as Official Installer
Cybercriminals have discovered a dangerous way to trick developers into downloading malware by exploiting how GitHub works. The attack involves creating fake versions of the GitHub Desktop installer and making them appear legitimate to unsuspecting users. Between September and October…
Watch out for AT&T rewards phishing text that wants your personal details
Recently, we uncovered a realistic, multi-layered data theft phishing campaign targeting AT&T customers. This article has been indexed from Malwarebytes Read the original article: Watch out for AT&T rewards phishing text that wants your personal details
Microsoft announces the 2026 Security Excellence Awards winners
Congratulations to the winners of the 2026 Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond. The post Microsoft announces the 2026 Security Excellence Awards winners appeared first on Microsoft Security Blog. This article…
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September…
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
Meta on Tuesday announced it’s adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection…
ShinyHunters Target 100+ Firms Using Phone Calls to Bypass SSO Security
ShinyHunters is driving attacks on 100+ organisations, using vishing and fake login pages with allied groups to bypass SSO and steal company data, reports Silent Push. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and…
Lawsuit Claims Meta Can Access WhatsApp Messages Despite Encryption Promises
A class-action lawsuit alleges Meta can access WhatsApp messages despite encryption claims, raising new privacy concerns. The post Lawsuit Claims Meta Can Access WhatsApp Messages Despite Encryption Promises appeared first on eSecurity Planet. This article has been indexed from eSecurity…
Fighting The Next Evolution of Email Threats With Layered, AI-Driven Security
For decades, email has been the backbone of corporate communications and for precisely this reason, it remains the attacker’s preferred gateway into organisations. Phishing, Business Email Compromise (BEC), and supply chain attacks continue to increase, with adversaries using AI and…
Keyfactor Allies with IBM Consulting to Spur PQC Adoption
Keyfactor has partnered with IBM Consulting to enable organizations to accelerate adoption of post-quantum cryptography (PQC) before existing legacy encryption schemes might be cracked later this decade. Under the terms of the non-exclusive alliance, the cryptographic discovery, public key infrastructure…
Microsoft’s Patch Fixes Are Breaking Windows, Forcing a Second Emergency Update
Microsoft issued a second emergency Windows patch in January after earlier fixes caused new bugs, raising concerns about update quality and reliability. The post Microsoft’s Patch Fixes Are Breaking Windows, Forcing a Second Emergency Update appeared first on TechRepublic. This…
Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core
Critical sandbox escape vulnerability in Grist-Core enables remote code execution via a malicious formula This article has been indexed from www.infosecurity-magazine.com Read the original article: Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
Shadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw. Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are exposed on the internet and likely vulnerable to attacks exploiting a critical…
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP | Part 2
This is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP,…
Interconnectedness, extortion risk make cybersecurity a healthcare C-suite priority
A new report from Trellix reviews the biggest breaches, describes the most effective defenses and profiles the most dangerous attackers. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Interconnectedness, extortion risk make cybersecurity…
6000+ Vulnerable SmarterTools SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability
Over 6,000 SmarterMail servers exposed on the internet are running vulnerable versions that are at risk of active remote code execution (RCE) attacks. Security researchers identified the flaws through daily HTTP vulnerability scans, and exploitation attempts have already been observed…
MEDUSA Security Testing Tool With 74 Scanners and 180+ AI Agent Security Rules
MEDUSA, an AI-first Static Application Security Testing (SAST) tool boasting 74 specialized scanners and over 180 AI agent security rules. This open-source CLI scanner targets modern development challenges like false positives and multi-language coverage. MEDUSA consolidates security scanning across 42+…