Category: CySecurity News – Latest Information Security and Hacking Incidents

  As artificial intelligence becomes more common in business settings, experts are warning that these tools could be the next major target for online criminals. Some of the biggest software companies, like Microsoft and SAP, have recently started using AI…

Read more →

  The attackers are leveraging SourceForge to distribute fraudulent Microsoft add-ins that install malware on victims’ PCs to mine and siphon crypto. SourceForge.net is a legitimate software hosting and distribution platform that also offers version control, issue tracking, and dedicated…

Read more →

  In recent years, artificial intelligence and machine learning have been in high demand across a broad range of industries. As a consequence, the cost and complexity of constructing and maintaining these models have increased significantly. Artificial intelligence and machine…

Read more →

  Meta has issued a high-priority warning about a critical vulnerability in the Windows version of WhatsApp, tracked as CVE-2025-30401, which could be exploited to deliver malware under the guise of image files. This flaw affects WhatsApp versions prior to…

Read more →

  A new type of digital threat is quietly spreading online, and it’s mainly affecting people who use Windows computers. This threat, called Neptune RAT, is a kind of harmful software that allows hackers to take over someone’s system from…

Read more →

  The US Office of the Comptroller of the Currency (OCC), a key banking regulator, officially classified a significant breach of its email system as a “major information security incident” after learning that malicious actors accessed highly sensitive bank supervisory…

Read more →

  With the April 15 U.S. tax deadline looming, millions of users are logging in to manage their finances online—unfortunately, cybercriminals are watching too. Leveraging this surge in digital activity, attackers are exploiting trusted platforms like Google to deceive users…

Read more →

  In a bold and controversial move, the FBI operated a money laundering platform on the dark web under the alias “ElonmuskWHM,” aiming to infiltrate the criminal ecosystem it served. According to an investigation by 404 Media, the FBI’s undercover…

Read more →

  The motorsports industry has recently been faced with troubling news that NASCAR may have become the latest high-profile target for a ransomware attack as a result of the recent hackread.com report. According to the organization’s internal systems being breached…

Read more →

  A newly uncovered malicious Python package on PyPi, named ‘disgrasya’, has raised serious concerns after it was discovered exploiting WooCommerce-powered e-commerce sites to validate stolen credit card information. Before its removal, the package had been downloaded more than 34,000…

Read more →

  For security analysts Akshay and Viral, a casual check of a healthcare system’s security quickly turned into a huge finding. The duo discovered a major data leak at Apollo Hospitals, one of India’s leading hospital networks.  The breach first…

Read more →

  A criminal group known for using ransomware was recently caught off guard when its own website was tampered with. The website, which the gang normally uses to publish stolen data from their victims, was replaced with a short message…

Read more →

  A cybersecurity breach allegedly targeting Europcar has brought attention to vulnerabilities in corporate development platforms. A threat actor operating under the alias “Europcar” recently claimed on an underground forum that they had gained unauthorized access to the car rental…

Read more →

  A cutting-edge artificial intelligence model developed by Google called Sec-Gemini v1, a version of Sec-Gemini that integrates advanced language processing, real-time threat intelligence, and enhanced cybersecurity operations, has just been released. With the help of Google’s proprietary Gemini large…

Read more →

  Karnataka has taken a big step to fight the rising number of online crimes. It has launched the country’s first Cyber Command Centre. This new centre will handle all matters related to cyber safety and crime under one roof.…

Read more →

  Digital services are now as important as other public utilities such as electricity and water in today’s interconnected world. It is very important for society to expect a similar level of consistency and quality when it comes to these…

Read more →

  A disturbing trend is emerging in India’s digital landscape as generative AI tools are increasingly misused to forge identities and spread misinformation. One user, Piku, revealed that an AI platform generated a convincing Aadhaar card using only a name,…

Read more →

  A security flaw in the WinRAR file archiver solution might be used to circumvent the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows computer. The vulnerability is known as CVE-2025-31334 and impacts all…

Read more →

  Ethical hacking may sound paradoxical, but it’s one of the most vital tools in modern cyber defence. Known as white hat hackers, these professionals are hired by companies to simulate cyberattacks, uncover vulnerabilities, and help fix them before malicious…

Read more →

  Meta has introduced a fresh set of artificial intelligence models under the name Llama 4. This release includes three new versions: Scout, Maverick, and Behemoth. Each one has been designed to better understand and respond to a mix of…

Read more →

  In Western society, the likelihood of cyberattacks is arguably higher now than it has ever been. The National Cyber Security Centre (NCSC) advised UK organisations to strengthen their cyber security when Russia launched its attack on Ukraine in early…

Read more →

  Generative AI (GenAI) is redefining how HR leaders interact with data, removing the steep learning curve traditionally associated with people analytics tools. When faced with a spike in hourly employee turnover, Sameer Raut, Vice President of HRIS at Sunstate…

Read more →

  A cybercriminal group known for ransomware attacks has decided to stop using those methods and instead focus only on stealing information and demanding money in return. The group, called Hunters International, has rebranded and is now running a new…

Read more →

  As part of WhatsApp’s ongoing efforts to ensure the safety of its users, a new feature will strengthen the confidential nature of chat histories. The enhancement is part of the platform’s overall initiative aimed at increasing privacy safeguards and…

Read more →

  The FBI, the Cybersecurity and Infrastructure Security Agency, and a group of international partners have warned that cyber threat groups are utilising a technique known as “fast flux” to conceal the whereabouts of malicious servers, which poses a substantial…

Read more →

  A newly discovered cyberattack campaign targeting Ivanti VPN devices is suspected to be linked to a Chinese cyberespionage group. Security researchers believe the attackers exploited a critical vulnerability in Ivanti Connect Secure, which was patched by the Utah-based company…

Read more →

  A cyber-espionage group known as ToddyCat, believed to have ties to China, has been observed exploiting a security flaw in ESET’s software to deliver a new and previously undocumented malware strain called TCESB, according to fresh findings by cybersecurity…

Read more →

North Korean hackers responsible for Contagious Interview are trapping job seekers in the cryptocurrency sector by using the popular ClickFix social-engineering attack strategy. They aimed to deploy a Go-based backdoor— earlier undocumented— known as GolangGhost on Windows and macOS systems. …

Read more →

  A disturbing dark web website known as DogeQuest has surfaced, targeting Tesla owners and associates of Elon Musk by publishing their personal information. The data used on the site appears to have been sourced largely from a 2021 breach…

Read more →

  Many organizations are adopting Artificial Intelligence (AI) as a capability, but the focus is shifting from capability to responsibility. In the future, PwC anticipates that AI will be worth $15.7 trillion to the global economy, an unquestionable transformational potential.…

Read more →

  Cyberattacks are changing. In the past, hackers would lock your files and show a big message asking for money. Now, a new type of attack is becoming more common. It’s called “quiet ransomware,” and it can steal your private…

Read more →

  Swiss specialists have issued a grave warning that cyber attackers could use hospital devices to commit murder. In an alarming new research from Zurich-based cybersecurity firm Scip AG, specialists showed how they were simply able to hijack medical devices…

Read more →

  The Cybersecurity and Infrastructure Security Agency (CISA) has released two significant advisories focused on Industrial Control Systems (ICS), urging swift action from organizations operating within vital infrastructure sectors. These advisories—ICSA-25-091-01 and ICSA-24-331-04—highlight newly discovered vulnerabilities that could pose severe…

Read more →

EncryptHub is an infamous threat actor responsible for breaches at 618 organizations. The hacker reported two Windows zero-day flaws to Microsoft, exposing a conflicted figure that blurs the lines between cybercrime and security research.  The reported flaws are CVE-2025-24061 (Mark…

Read more →

The threat of payment fraud is growing rapidly, fueled by the widespread use of digital transactions and evolving cyber tactics. At its core, payment fraud refers to the unauthorized use of someone’s financial information to make illicit transactions. Criminals are…

Read more →

  A critical vulnerability tracked as CVE-2024-20439 has placed Cisco’s Smart Licensing Utility (CSLU) in the spotlight after cybersecurity researchers observed active exploitation attempts. The flaw, which involves an undocumented static administrative credential, could allow unauthenticated attackers to remotely access…

Read more →

  Whatsapp for Windows has been recently revealed to have a critical security vulnerability known as CVE-2025-30401. This vulnerability has raised serious concerns within the cybersecurity community since it has been identified. The high severity of this vulnerability affects desktop…

Read more →

Security researchers are sounding the alarm on a looming global wave of smishing attacks, warning that a powerful phishing-as-a-service (PhaaS) platform named Lucid—run by Chinese-speaking threat actors—is enabling cybercriminals to scale operations across 88 countries.  According to threat intelligence firm…

Read more →

  In today’s digital-first economy, technology is a vital part of every business, from small local operations to international corporations. However, the growing reliance on tech also brings significant risks. With over half of global businesses reportedly suffering financial losses…

Read more →

  Yoojo, a European service marketplace, accidentally left a cloud storage bucket unprotected online, exposing around 14.5 million files, including highly sensitive user data. The data breach was uncovered by Cybernews researchers, who immediately informed the company. Following the alert,…

Read more →

  Ukrainian forces are installing malware into their drones as a new tactic in their ongoing war with Russia. This development adds a cyber warfare layer to a battlefield that has already been impacted by drone technology, Forbes reported.  Russian…

Read more →

  A hacker who goes by the name “Rose87168” is claiming to have broken into Oracle Cloud systems and is now threatening to release or sell the data unless their demands are met. According to security researchers, this person says…

Read more →

Researchers at Netskope Threat Labs have found a new malicious campaign that uses tricky tactics to distribute the Legion Loader malware. The campaign uses fake CAPTCHAs and CloudFlare Turnstile to trap targets into downloading malware that leads to the installation…

Read more →

  A series of targeted attacks involving DragonForce, a ransomware group that has reportedly been operating in the Middle East and North Africa region (MENA) are reported to have been launched against companies in the Kingdom of Saudi Arabia (KSA)…

Read more →

  A potentially massive data breach has reportedly compromised Elon Musk’s social media platform X, previously known as Twitter, raising significant privacy concerns for millions of users. Cybersecurity researchers from SafetyDetectives discovered a troubling post over the weekend on BreachForums,…

Read more →

Google (GOOGL) and Apple (AAPL) are under harsh scrutiny after a recent report disclosed that their app stores host VPN applications associated with a Chinese cybersecurity firm, Qihoo 360. The U.S government has blacklisted the firm. The Financial Times reports…

Read more →

  There has been a significant increase in counterfeit Android smartphones in recent years. Recently, cybersecurity investigations have revealed a concern about counterfeit Android smartphones. These unauthorized replicas of popular mobile devices, which are being widely circulated and are pre-loaded…

Read more →

  Google is taking major steps to make browsing the web safer. As the company behind Chrome, the most widely used internet browser, Google’s decisions shape how people all over the world experience the internet. Now, the company has announced…

Read more →

  A new cyberattack campaign is targeting Zoom users by disguising ransomware as the popular video conferencing tool, according to Cybernews. Researchers from DFIR have uncovered a scheme by the BlackSuit ransomware gang, which uses deceptive websites to distribute malicious…

Read more →

  The North Korean threat actors behind the ongoing Contagious Interview campaign are expanding their tentacles on the npm ecosystem by distributing more malicious packages including the BeaverTail malware and a new remote access trojan (RAT) loader.  “These latest samples…

Read more →

  In the last few years since the war in Ukraine began, several European countries have experienced unusual and suspicious activities. These events include online attacks, spying, fires, and efforts to spread false information. Investigations suggest that many of these…

Read more →

Threat actors are exploiting the WordPress mu-plugins (“Must-Use Plugins”) directory to secretly execute malicious code on each page while avoiding detection.  The technique was first observed by security researchers at Sucuri in February 2025, but adoption rates are on the…

Read more →

  Most people think of USB drives as simple tools for storing and transferring files. But not all USB sticks are as harmless as they appear. Some, known as “USB Kill Sticks” or “USB Killers,” are specifically designed to damage…

Read more →

  A hacker using the alias “CoreInjection” has claimed responsibility for stealing what they describe as a “highly sensitive” dataset from cybersecurity firm Check Point.  According to several media reports, the alleged stolen data includes user login credentials, employee contracts,…

Read more →

  Tolling agencies throughout the United States are battling an escalating cybersecurity threat that is causing deceptive text message scams, which are often called smishing, to escalate. As a result of these fraudulent campaigns, unsuspecting motorists are lured into clicking…

Read more →

  API security firm APIsec has confirmed it secured an exposed internal database that was left accessible on the internet without a password for several days, potentially exposing sensitive customer information. The database, which was discovered by cybersecurity research firm…

Read more →

  A popular trend is taking over social media, where users are sharing cartoon-like pictures of themselves inspired by the art style of Studio Ghibli. These fun, animated portraits are often created using tools powered by artificial intelligence, like ChatGPT-4o.…

Read more →

  Oracle is reportedly trying to downplay the impact of the attack while quietly acknowledging to clients that some of its cloud services have been compromised.  A hacker dubbed online as ‘rose87168’ recently offered to sell millions of lines of…

Read more →

  Cybercriminals are evolving. Those dramatic emails warning about expired subscriptions, tax threats, or computer hacks are slowly being replaced by subtler, less alarming messages. New research suggests scammers are moving away from attention-grabbing tactics because people are finally catching…

Read more →

  You may feel safe behind your screen, but it turns out that privacy might be more of an illusion than a fact. New research reveals that hackers have found an alarming way to peek at what’s happening on your…

Read more →

  During the analysis of the Samsung Germany data breach, a wide range of sensitive information was found to be compromised, including customer names, addresses, email addresses, order history, and internal communications, among other sensitive data. Those findings were contained…

Read more →

  French startup Twin has introduced its very first AI-powered automation tool to help business owners who use Qonto. Qonto is a digital banking platform that offers financial services to companies across Europe. Many Qonto users spend hours each month…

Read more →

Global solar power industry under threat The rise in the use of solar power worldwide has revealed gaps in cybersecurity in cloud computing devices, inverters, and monitoring platforms. As these become prone to critical vulnerabilities, it creates an unsafe ecosystem…

Read more →

  In a bold demonstration of AI’s growing role in software development, Airbnb has successfully completed a large-scale code migration project using large language models (LLMs), dramatically reducing the timeline from an estimated 1.5 years to just six weeks. The…

Read more →

  Ukraine’s national railway operator, Ukrzaliznytsia, has fallen victim to a large-scale cyberattack, severely disrupting its online ticket sales and forcing passengers to rely on physical ticket booths. The attack, which began on March 23, has caused significant delays, long…

Read more →

  BitcoinOS and Sovryn founder Edan Yago is creating a mechanism to turn Bitcoin into a digital ownership platform. Growing up in South Africa and coming from a family of Holocaust survivors, Yago’s early experiences sneaking gold coins out of…

Read more →

  An outstanding example of counter-cybercrime has been the successful penetration of the digital infrastructure associated with the ransomware group BlackLock. Threat intelligence professionals succeeded in successfully infiltrating this infrastructure. As a result of this operation, researchers were able to…

Read more →

Recently, the cryptocurrency suffered the largest cyberattack to date. The Bybit exchange was hit by the “largest cryptocurrency heist in history, with approximately $1.5 billion in Ethereum tokens stolen in a matter of hours,” Forbes said. After the Bybit hack,…

Read more →

Cloud-based streaming tools provider StreamElements has acknowledged a data breach stemming from a third-party service it previously collaborated with after a threat actor leaked customer data samples on a hacking forum.  While StreamElements confirmed its own infrastructure remains uncompromised, the…

Read more →

  A China-linked cyberespionage gang known as ‘FamousSparrow’ was caught utilising a new modular version of its signature backdoor ‘SparrowDoor’ against a US-based trade organisation. Security experts at ESET spotted the activities and new malware version, uncovering evidence that the…

Read more →

  As data privacy becomes an increasing concern, a new artificial intelligence (AI) encryption breakthrough could transform how sensitive information is handled. Researchers Austin Ebel, Karthik Garimella, and Assistant Professor Brandon Reagen have developed Orion, a framework that integrates fully…

Read more →

  As a result of DeepSeek’s emergence, the global landscape for artificial intelligence (AI) has been profoundly affected, going way beyond initial media coverage. AI-driven businesses, semiconductor manufacturing, data centres and energy infrastructure all benefit from its advancements, which are…

Read more →

Last week, Alibaba Cloud launched its latest AI model in its “Qwen series,” as large language model (LLM) competition in China continues to intensify after the launch of famous “DeepSeek” AI. The latest “Qwen2.5-Omni-7B” is a multimodal model- it can…

Read more →

  A newly identified Android banking malware named Crocodilus is making waves in the cybersecurity world, with experts warning about its advanced capabilities and targeted attacks in Spain and Turkey. Discovered by Dutch mobile security firm ThreatFabric, the malware represents…

Read more →

Last week, Alibaba Cloud launched its latest AI model in its “Qwen series,” as large language model (LLM) competition in China continues to intensify after the launch of famous “DeepSeek” AI. The latest “Qwen2.5-Omni-7B” is a multimodal model- it can…

Read more →

In a series of unfortunate events, experts suggest the advancement of cybercrime isn’t ending anytime soon. Every day, the digital landscape evolves, thanks to innovations and technological advancements. Despite this growth, it suffers from a few roadblocks, cybercrime being a…

Read more →

  A major data leak from Sydney Tools, an Australian retailer specializing in power tools, hand tools, and industrial equipment, has potentially exposed the personal information of millions of customers and employees. The breach, discovered by cybersecurity researchers at Cybernews,…

Read more →

  Phishing-as-a-service (PaaS) platforms like Lucid have emerged as significant cyber threats because they are highly sophisticated, have been used in large-scale phishing campaigns in 88 countries, and have been compromised by 169 entities. As part of this platform, sophisticated…

Read more →

  A new cybercrime platform dubbed ‘Atlantis AIO’ provides automatic credential stuffing against 140 internet platforms, including email, e-commerce, banking, and VPNs. Atlantis AIO includes pre-configured modules for performing brute force assaults, bypassing CAPTCHAs, automating account recovery operations, and monetising…

Read more →

Browser-in-the-browser attacks are simple yet sophisticated phishing scams. Hackers emulate trusted services via fake pop-up windows that look like the actual (real) login pages. While there have been a lot of reports describing browser-in-the-browser tactics, it is very difficult to…

Read more →

  Reports that senior Trump administration officials discussed classified military operations using the encrypted texting app Signal have raised serious security concerns. Although Signal provides encryption, lawmakers and cybersecurity specialists have warned that it is still susceptible to hacking and…

Read more →

  International efforts to dismantle illicit financial networks are facing new challenges, as the recently sanctioned Russian cryptocurrency exchange Garantex appears to have rebranded and resumed operations under a new name—Grinex. Reports from blockchain analytics firm Global Ledger suggest that…

Read more →

  In 2024, the financial landscape in Africa has been rocked by a series of high-impact cyberattacks, underscoring the urgent need for enhanced digital defenses across the Banking, Financial Services, and Insurance (BFSI) sector. From Uganda to Zimbabwe and South…

Read more →

  A massive collection of classified defence documents has reportedly been stolen by hackers and put up for sale. The stolen information includes blueprints for a weapon, details about an upcoming Air Force facility, procurement strategies, and India’s defence partnerships…

Read more →

  The cybersecurity expert Troy Hunt, who founded the data breach notification platform Have I Been Pwned, recently revealed that he had been the victim of a phishing attack that was intended to compromise his subscriber list for the attacker…

Read more →

  RedCurl, a cyber threat group active since 2018 and known for stealthy corporate espionage, has now shifted its approach by deploying ransomware targeting Hyper-V virtual machines. Initially identified by Group-IB, RedCurl primarily targeted corporate organizations globally, later expanding its…

Read more →

  Cyble threat intelligence researchers discovered a GitHub repository posing as a hiring coding challenge, tricking developers into downloading a backdoor that steals private data. The campaign employs a variety of novel approaches, including leveraging a social media profile for…

Read more →

  As part of an ongoing analysis of ransomware-as-a-service operations, a new operation known as VanHelsing has been identified. This operation demonstrates a sophisticated multi-platform capability, posing a significant cybersecurity threat. This new strain of ransomware is designed to be…

Read more →

  Connor Moucka, a Canadian citizen accused of orchestrating large-scale data breaches affecting 165 companies using Snowflake’s cloud storage services, has agreed to be extradited to the United States to face multiple federal charges. The breaches, which targeted high-profile companies…

Read more →

  Steam, a leading digital distribution platform for PC games, recently removed Sniper: Phantom’s Resolution after users discovered it contained malware designed to steal sensitive data. The installer, disguised as a legitimate Windows process, executed evasive techniques, including launching and…

Read more →

  Google has recently confirmed that a technical problem caused the loss of user data from Google Maps Timeline, leaving some users unable to recover their saved location history. The issue has frustrated many, especially those who relied on Timeline…

Read more →

  North Korea has reportedly launched a new cyber research unit, Research Center 227, as part of its efforts to enhance hacking capabilities and intelligence operations. According to Daily NK, this center is expected to function continuously, providing real-time support…

Read more →

  Artificial intelligence is changing cybersecurity and digital privacy. It promises better security but also raises concerns about ethical boundaries, data exploitation, and spying. From facial recognition software to predictive crime prevention, customers are left wondering where to draw the…

Read more →

  The Google team has officially announced the launch of a major update to Gmail, which will enhance functionality, improve the user experience, and strengthen security. It is anticipated that this update to one of the world’s most commonly used…

Read more →

  Identity theft is not always as straightforward as acquiring one person’s information; stolen identities can be put together from several sources. This rising crime, known as synthetic identity fraud or “Frankenstein fraud,” involves combining someone’s Social Security number with…

Read more →

  Cybersecurity experts have discovered ransomware hidden within two Visual Studio Code (VSCode) Marketplace extensions, raising concerns about Microsoft’s ability to detect malicious software in its platform. The compromised extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded by users before security…

Read more →

  The Multi-Factor Authentication (MFA) system has been a crucial component of modern cybersecurity for several years now. It is intended to enhance security by requiring additional forms of verification in addition to traditional passwords. MFA strengthens access control by…

Read more →

  WhatsApp recently fixed a major security loophole that was being used to install spyware on users’ devices. The issue, known as a zero-click, zero-day vulnerability, allowed hackers to access phones without the user needing to click on anything. Security…

Read more →

  Swiss telecommunications company Ascom has disclosed a cyberattack on its IT infrastructure, confirming that the hacker group HellCat exploited compromised credentials to target Jira servers worldwide. In an official statement, Ascom revealed that its technical ticketing system was breached…

Read more →

  Following a threat actor’s claim to be selling 6 million data records allegedly stolen from Oracle Cloud’s federated SSO login servers, Oracle denies that it was compromised.  “There has been no breach of Oracle Cloud. The published credentials are…

Read more →