Category: CySecurity News – Latest Information Security and Hacking Incidents

  It was at the 2025 World Government Summit in Dubai on 15th-17th November that Sundar Pichai, CEO of Google and its parent company Alphabet, engaged in a virtual fireside conversation with the Moroccan Minister of State for Artificial Intelligence,…

Read more →

  SIO, an Italian spyware company known for selling surveillance tools to government agencies, has been linked to a series of malicious Android apps designed to mimic WhatsApp and other popular services while secretly stealing private data, TechCrunch has revealed.…

Read more →

  Datadog Security Labs researchers developed a new name confusion attack technique known as whoAMI, which allows threat actors to execute arbitrary code within an Amazon Web Services (AWS) account by uploading an Amazon Machine Image (AMI) with a specified…

Read more →

  Cybercriminals are evolving their tactics, shifting from traditional email-based phishing scams to more sophisticated Android phishing apps. According to the 2025 State of Malware report by Malwarebytes, over 22,800 phishing apps were detected on Android devices in 2024 alone.…

Read more →

  A major hacking incident has hit zkLend, a decentralized lending platform that operates on the Starknet blockchain. The attacker managed to steal about $9.5 million worth of cryptocurrency by exploiting a vulnerability in the system. According to blockchain security…

Read more →

  It is common for cybersecurity criminals to exploit vulnerabilities in Magento to inject an obfuscated script, which has been delivered through Google Tag Manager (GTM), into Magento-based eCommerce platforms, which allows them to intercept and steal credit card information…

Read more →

  Zacks Investment Research reportedly suffered a data breach in 2024, exposing sensitive information from approximately 12 million accounts. The American investment research firm provides data-driven insights through its proprietary stock assessment tool, ‘Zacks Rank,’ assisting investors in making informed…

Read more →

  There has been a significant shift in the Telecom Regulatory Authority of India (TRAI)’s efforts to curb spam calls and unsolicited commercial communications (UCC) as part of its effort to improve consumer protection, as TRAI has introduced stringent regulations.…

Read more →

  An anonymous hacker group called the “puppygirl hacker polycule” recently made headlines by leaking over 8,500 files from Lexipol, a private company that provides training materials and policy manuals for police departments across the United States.  As first reported…

Read more →

  Google is developing a new security feature for Android that prevents users from updating sensitive settings while a phone call is in process. The in-call anti-scammer measures include prohibiting users from enabling settings to install apps from unidentified sources…

Read more →

  A critical security vulnerability in YouTube allowed attackers to uncover the email addresses of any account on the platform. Cybersecurity researchers discovered the flaw and reported it to Google, which promptly fixed the issue. While no known attacks exploited…

Read more →

  There has been a marked change in daily life as a result of the proliferation of IoT devices, and Transforma Insights estimates that 14 billion such devices are connected globally, indicating that this type of technology has profound effects.…

Read more →

  Hackers are increasingly exploiting outdated security flaws in poorly maintained systems, with vulnerabilities from 2022 and 2023 seeing a surge in attacks. According to threat intelligence platform GreyNoise, malicious actors are actively targeting CVE-2022-47945 and CVE-2023-49103, affecting the ThinkPHP…

Read more →

  Samoa’s national cybersecurity office issued an urgent advisory after the Chinese state-sponsored cyber outfit APT40 escalated its attacks on government and critical infrastructure networks across the Pacific.  Samoa’s Computer Emergency Response Team, or SamCERT, has warned that APT40 is…

Read more →

  Sandworm, also known as Russia’s Military Unit 74455 within the GRU, has established itself as one of the most notorious advanced persistent threats (APT). Its cyber operations have included NotPetya, the attack on the 2018 Winter Olympics, and two…

Read more →

  Cyberattacks are undergoing a significant transformation, shifting away from malware-driven methods toward identity exploitation. According to the CrowdStrike 2024 Global Threat Report, three out of four cyberattacks now leverage valid credentials instead of malicious software. This change is fueled…

Read more →

  The debate over Elon Musk’s Department of Government Efficiency continues, with the world’s richest man accused of snooping on some of America’s most sensitive data. The DOGE has been tasked with reducing government spending by a paltry $2 trillion,…

Read more →

  The incidence of cyberattacks globally increased by 125% in 2021 compared to 2020, posing a serious threat to businesses and individuals alike. Phishing continues to be the most prevalent form of cybercrime worldwide and is expected to continue this…

Read more →

  The launch of DeepSeek AI has created waves in the tech world, offering powerful artificial intelligence models at a fraction of the cost compared to established players like OpenAI and Google.  However, its rapid rise in popularity has also…

Read more →

  Your smart home is a technological marvel. However, when camera flaws allow our neighbours to spy on us, smart speakers are manipulated with lasers, robot vacuums are breached to shout obscenities, and entire security systems are compromised by a…

Read more →

  Ransomware groups are adapting their strategies to outsmart stronger cybersecurity defenses and increasing law enforcement pressure, according to the Huntress 2025 Cyber Threat Report. The findings reveal that attackers are moving beyond traditional encryption-based ransomware, instead focusing on data…

Read more →

  Earlier this year, news reports revealed that a Florida-based data brokerage company had engaged in the sale of location data belonging to US military and intelligence personnel stationed overseas in the course of its operations. While at the time,…

Read more →

  Scientists have raised concerns after artificial intelligence (AI) crossed a major threshold — self-replication. A new study from researchers at Fudan University in China reveals that two popular large language models (LLMs) successfully created functional copies of themselves, raising…

Read more →

  Authorities in the United States have charged two Russian nationals with carrying out widespread cyberattacks using Phobos ransomware. The suspects, Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39), were arrested in Thailand for allegedly orchestrating more than a thousand…

Read more →

  Over the past decade, there has been a rise in the number of cyber threats targeting the country, including the XE Group, a hacker collective with Vietnamese connections. According to recent investigations, the group was responsible for exploiting two…

Read more →

  The Reserve Bank of India (RBI) has made the “bank.in” domain exclusive to all authorised banking institutions in India in an effort to strengthen digital banking security and shield customers from online banking fraud. This effort aims to minimise…

Read more →

  Cybercriminals are increasingly setting their sights on password managers as a way to infiltrate critical digital accounts. According to Picus Security’s Red Report 2025, which analyzed over a million malware samples from the past year, a quarter (25%) of…

Read more →

  A persistent cybersecurity concern has long been robocall scams. However, recent developments indicate that this type of attack is becoming increasingly sophisticated and dangerous as a result of these developments. In a recent incident, Telnyx, a provider of Voice…

Read more →

  Tech giant Apple fixed a vulnerability that “may have been leveraged in a highly sophisticated campaign against specific targeted individuals” in its iOS and iPadOS mobile operating system updates earlier this week. According to the company’s release notes for…

Read more →

  SMS phishing scams targeting tollway users have been spreading across the U.S., with fraudsters impersonating tolling agencies to steal personal information. These scams typically involve sending text messages claiming the recipient has an unpaid toll balance. Victims are then…

Read more →

Apple and Google have removed 20 apps from their respective app stores after cybersecurity researchers discovered that they had been infected with data-stealing malware for nearly a year. According to Kaspersky, the malware, named SparkCat, has been active since March…

Read more →

  As technology advances, the volume of data being generated daily has reached unprecedented levels. In 2024 alone, people are expected to create over 147 zettabytes of data. This rapid growth presents major challenges for businesses in terms of processing,…

Read more →

  A major international police operation has resulted in the arrest of two individuals suspected of carrying out ransomware attacks worldwide. The operation also led to the takedown of dark web platforms associated with a notorious cybercrime group.   Suspects Arrested…

Read more →

  Phishing scams have been around for many years, but they are now more sophisticated than ever due to the introduction of artificial intelligence (AI).  As reported in the Hoxhunt Phishing Trends Report, AI-based phishing attacks have increased dramatically since…

Read more →

  Virtual credit cards are digital versions of traditional credit cards, designed to enhance security in online transactions. Instead of using a physical card number, they generate a unique number for each purchase, reducing the risk of data breaches and…

Read more →

  Astaroth is the latest phishing tool discovered by cybercriminals. It has advanced capabilities that allow it to circumvent security measures such as two-factor authentication (2FA) when used against it. In January 2025, Astaroth made its public debut across multiple…

Read more →

  Bishop Fox cybersecurity researchers have discovered a critical security flaw in approximately 4,500 SonicWall firewalls that are exposed to the Internet as a result of a critical security breach. The flaw, CVE-2024-53704, is a high-severity authentication bypass vulnerability within…

Read more →

  Cybersecurity researchers have uncovered a sharp rise in credential-stealing malware, with 25% of over a million malware samples analyzed in 2024 targeting user credentials. This marks a threefold increase from 2023, propelling credential theft from password stores into the…

Read more →

  Cybercriminals are exploiting leaked cryptographic keys to manipulate authentication systems, decode protected data, and install harmful software on vulnerable web servers. These attacks can give hackers unauthorized control over websites and would allow them to maintain access for long…

Read more →

  Almost 2.8 million IP addresses are being used in a massive brute force password attack that aims to guess the login credentials for a variety of networking devices, including those generated by Palo Alto Networks, Ivanti, and SonicWall. A…

Read more →

  Researchers at TEHTRIS Threat Intelligence have uncovered a new wave of LegionLoader, a malware downloader also known as Satacom, CurlyGate, and RobotDropper. This sophisticated threat has been rapidly gaining momentum, with over 2,000 samples identified in recent weeks.  According…

Read more →

  European authorities are raising concerns about DeepSeek, a thriving Chinese artificial intelligence (AI) company, due to its data practices. Italy, Ireland, Belgium, Netherlands, France regulators are examining the data collection methods of this firm, seeing whether they comply with…

Read more →

  Researchers at Cyble have identified a highly advanced malware attack that successfully bypasses Google Chrome’s App-Bound Encryption. This security feature was designed to prevent infostealer malware from accessing user data, particularly cookies.  However, the newly discovered malware employs dual…

Read more →

  Yesterday, Cloudflare attempted to block an unintentional phishing URL within its R2 object storage platform, causing an outage that affected multiple services for nearly an hour. The outage was caused by an attempt to prevent spammers from accessing the…

Read more →

  Hospital Sisters Health System informed nearly 882,000 patients that a cyberattack in August 2023 resulted in a data breach that compromised their private and medical data.  Established in 1875, HSHS works with about 2,200 physicians and employs over 12,000…

Read more →

  Zimperium’s zLabs research team has uncovered a significant mobile malware campaign that targets Indian banks. First reported on February 5, 2025, this threat was orchestrated by a threat actor called FatBoyPanel. Nearly 900 malware samples are used in the…

Read more →

  Management (RMM) clients to gain administrative control, install backdoors, and possibly set the stage for ransomware deployment. The vulnerabilities, identified as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, were initially flagged by Arctic Wolf as potential attack vectors last week. While the…

Read more →

  A help desk phishing campaign uses spiofed login pages to target Microsoft Active Directory Federation Services (ADFS) within an organisation in order to obtain credentials and get around multi-factor authentication (MFA) protections. The campaign’s main targets, as reported by…

Read more →

Currently, India is battling with a fake banking applications spoofing genuine institutions to loot credentials and money. The scale of the campaign is massive, impacting around 900 different malware samples linked to more than 1000 different contact numbers used to…

Read more →

  WhatsApp has warned users about a highly advanced hacking attack that infected nearly 90 people across 24 countries. Unlike traditional cyberattacks that rely on tricking victims into clicking malicious links, this attack used zero-click spyware, meaning the targets were…

Read more →

  Cybersecurity experts and analysts have expressed growing concerns over the potential threat posed by quantum computing to modern cryptographic systems. Unlike conventional computers that rely on electronic circuits, quantum computers leverage the principles of quantum mechanics, which could enable…

Read more →

  DeepSeek-R1, an AI model developed in China, is facing intense scrutiny following a study by cybersecurity firm Enkrypt AI, which found it to be 11 times more vulnerable to cybercriminal exploitation compared to other AI models. The research highlights…

Read more →

  In an effort to prevent Elon Musk’s Department of Government Efficiency from gaining access to Treasury Department documents that hold private information like Social Security numbers and bank account numbers for millions of Americans, 19 Democratic attorneys general filed…

Read more →

  A hospital in North Yorkshire has introduced artificial intelligence (AI) technology to improve the detection of lung cancer and other serious illnesses. Harrogate and District NHS Foundation Trust announced that the AI-powered system would enhance the efficiency and accuracy…

Read more →

  A sophisticated cyber-espionage campaign attributed to the Chinese hacking group Evasive Panda, also known as DaggerFly, has been uncovered, targeting network appliances through a newly identified attack suite. According to cybersecurity researchers at Fortinet’s FortiGuard Labs, the attackers are…

Read more →

A help desk phishing campaign attacked a company’s Microsoft Active Directory Federation Services (ADFS) via fake login pages and stole credentials by escaping multi-factor authentication (MFA) safety. The campaign attacked healthcare, government, and education organizations, targeting around 150 victims, according…

Read more →

  The Indian government has introduced significant changes to its Aadhaar authentication system, expanding its use to a wider range of industries. Previously restricted to sectors like banking, telecommunications, and public utilities, Aadhaar verification will now be available to businesses…

Read more →

  Malicious actors are propagating a recently discovered Android malware called Tria by sending phoney wedding invitations to consumers in Brunei and Malaysia.  According to a report published by the Russian cybersecurity firm Kaspersky, the attackers have been using private…

Read more →

  Food delivery service Grubhub has suffered a security breach that exposed sensitive information belonging to customers, drivers, and merchants. The breach, caused by unauthorized access through a third-party service provider, compromised personal details, hashed passwords, and partial credit card…

Read more →

  North Korea-linked hacking group Kimsuky has been identified conducting targeted spear-phishing campaigns to distribute an information stealer known as forceCopy, according to the latest findings from the AhnLab Security Intelligence Center (ASEC). The cyberattacks begin with phishing emails that…

Read more →

  As of January 2025, there were multiple attacks on Russian organizations across several industries, including finance, retail, information technology, government, transportation, and logistics, all of which have been targeted by BI.ZONE. The threat actors have used NOVA stealer, a…

Read more →

  In a strategic move to combat identity theft and fraud, Mastercard has announced plans to remove the traditional 16-digit card number from credit and debit cards by 2030. Instead, the company will implement tokenization and biometric authentication to enhance…

Read more →

Supercharged AI phishing campaigns are extremely challenging to notice. Attackers use AI phishing scams with better grammar, structure, and spelling, to appear legit and trick the user. In this blog, we learn how to spot AI scams and avoid becoming…

Read more →

  A cybersecurity researcher recently discovered a serious vulnerability in Subaru’s Starlink system, allowing him to remotely control vehicles across the U.S., Canada, and Japan. The ethical hacker, Sam Curry, was able to unlock doors, start and stop engines, and…

Read more →

  A large proportion of the modern digital world involves everyday transactions taking place on the internet, from simple purchases to the exchange of highly sensitive corporate data that is highly confidential. In this era of rapid technological advancement, quantum…

Read more →

  QR codes are already ubiquitous: from restaurant menus to public transportation schedules, everyone wants you to scan theirs. This normalisation of scanning random QR codes is being exploited, resulting in a new cybersecurity threat known as Quishing.  What is…

Read more →

  A new class action lawsuit accuses Amazon of secretly gathering and monetizing location data from millions of California residents without their consent. The legal complaint, filed in a U.S. District Court, alleges that Amazon used its Amazon Ads software…

Read more →

  A decade after the mysterious disappearance of Malaysia Airlines Flight MH370, advancements in technology are breathing new life into the search for answers. Despite extensive global investigations, the aircraft’s exact whereabouts remain unknown. However, emerging tools like artificial intelligence…

Read more →

  A recent cybersecurity breach has exposed vulnerabilities in government agencies, as hackers infiltrated the U.S. Agency for International Development (USAID) to mine cryptocurrency. The attackers secretly exploited the agency’s Microsoft Azure cloud resources, leading to $500,000 in unauthorized service…

Read more →

  WhatsApp has uncovered a stealthy spyware attack attributed to Israeli firm Paragon, targeting nearly 100 users worldwide, including journalists and civil society members. This zero-click attack required no user interaction, making it particularly dangerous as it could infiltrate devices…

Read more →

     Gmail has issued a warning to its 2.5 billion users about a sophisticated AI-powered phishing attack. Fraudsters are using caller IDs that seem to originate from Google support, convincing users that their accounts have been compromised. Under the…

Read more →

  An optical encryption technique developed by researchers at the Foundation for Research and Technology Hellas (FORTH) and the University of Crete in Greece is claimed to provide an exceptionally high level of security.  According to Optica, the system decodes…

Read more →

  As outlined in the European Union’s (EU) Artificial Intelligence Act (AI Act), which was first presented in 2023, the AI Act establishes a common regulatory and legal framework for the development and application of artificial intelligence. In April 2021,…

Read more →

Attempts to censor opposition voices are not new. Since the advent of new media, few Governments and nations have used spyware to keep tabs on the public, and sometimes target individuals that the government considers a threat. All this is…

Read more →

  Italy’s data protection authority, Garante, has ordered Chinese AI chatbot DeepSeek to halt its operations in the country. The decision comes after the company failed to provide clear answers about how it collects and handles user data. Authorities fear…

Read more →

The US Department of Justice (DoJ) joined forces with international law enforcement to shut down a few Dark Web cybercrime forums, two operations that impacted underground markets associated with the attacks on millions of victims worldwide.  Pakistani dark web forum…

Read more →

  There have been numerous scandals surrounding this artificial intelligence company which had astonished the world by seemingly rivaling the successful chatbot ChatGPT at a fraction of the cost. However, now, regulators and privacy advocates have raised questions about the…

Read more →

  Virtual credit cards are digital versions of physical credit cards. They generate a unique credit card number that you can use instead of your physical card number, avoiding the merchant from storing your credit card data and making your…

Read more →

  Cybersecurity continues to be a growing concern as organizations worldwide face an increasing number of sophisticated attacks. In early 2024, businesses encountered an alarming 1,308 cyberattacks per week—a sharp 28% rise from the previous year. This surge highlights the…

Read more →

  Cybercriminals are adopting a new strategy in their ransomware demands—embedding advertisements to recruit insiders willing to leak company data. Threat intelligence researchers at GroupSense recently shared their findings with Dark Reading, highlighting this emerging tactic. According to their analysis,…

Read more →

Cybersecurity & Infrastructure Security Agency (CISA) in the US rolled out an investigation report concerning three firmware variants used in Contec CMS800, a patient monitoring system used in healthcare facilities and hospitals.  CIS finds hidden backdoor in Chinese software Experts…

Read more →

  The New York Blood Center (NYBC), a major provider of blood products and transfusion services in the U.S., suffered a ransomware attack on Sunday, leading to operational disruptions and the cancellation of some donor appointments.  The cyberattack comes at…

Read more →

  ‘Browser Syncjacking,’ which allows threat actors to hijack Google profiles, compromise browsers, and eventually gain full control over a victim’s device—all through a seemingly harmless Chrome extension. This stealthy multi-stage attack requires minimal permissions and almost no user interaction…

Read more →

  Over a million people have been notified of a recent data breach by Community Health Centre, a nonprofit healthcare organisation based in Middletown, Connecticut. On January 2, 2025, unauthorised activity was detected in its computer systems, and external cybersecurity…

Read more →

  Unauthorized access to Mizuno USA’s network has resulted in a compromise of sensitive customer information, which has caused Mizuno USA to notify its customers about the breach. In a letter to affected individuals, the sports gear manufacturer shared information…

Read more →

  Cyber fraud continues to evolve, with scammers using increasingly sophisticated techniques to deceive victims. In a recent case from Bengaluru, a woman lost ₹2 lakh after receiving a fraudulent automated call that mimicked her bank’s Interactive Voice Response (IVR)…

Read more →

< p style=”text-align: justify;”>Cybersecurity researchers at GreyNoise have uncovered widespread exploitation of a critical zero-day vulnerability in Zyxel CPE Series devices, months after it was initially reported to the manufacturer. The flaw, identified as CVE-2024-40891, allows attackers to execute arbitrary…

Read more →

Scareware is a malware type that uses fear tactics to trap users and trick them into installing malware unknowingly or disclosing private information before they realize they are being scammed. Generally, the scareware attacks are disguised as full-screen alerts that…

Read more →

  A new security bulletin has been released by MediaTek for February 2025, which reveals several critical vulnerabilities, which may affect its chipsets used in smartphones, tablets, as well as numerous other devices. There are security issues identified in the…

Read more →

< p style=”text-align: justify;”>January 27 marked a pivotal day for the artificial intelligence (AI) industry, with two major developments reshaping its future. First, Nvidia, the global leader in AI chips, suffered a historic loss of $589 billion in market value…

Read more →

  < p style=”text-align: justify;”>Two federal employees have filed a lawsuit against the Office of Personnel Management (OPM), alleging that a newly implemented email system is being used to compile a database of federal workers without proper authorization. The lawsuit…

Read more →

  In an era where technology permeates every aspect of our lives, education is undergoing a transformative shift. Imagine a classroom where each student’s learning experience is tailored to their unique needs, interests, and pace. This is no longer a…

Read more →

< p style=”text-align: justify;”>The financial sector is facing a sharp increase in cyber threats, with investment firms, such as asset managers, hedge funds, and private equity firms, becoming prime targets for ransomware, AI-driven attacks, and data breaches. These firms rely…

Read more →

  Google continues to strengthen its cybersecurity framework, particularly in safeguarding AI systems from threats such as prompt injection attacks on Gemini. By leveraging automated red team hacking bots, the company is proactively identifying and mitigating vulnerabilities. Google employs an…

Read more →

Password management solutions are the unsung heroes in enterprise security. They protect our digital identities, ensuring sensitive info such as passwords, personal details, or financial data is kept safe from threat actors.  However, in a recent breach, several critical vulnerabilities…

Read more →

  < p style=”text-align: justify;”>Smiths Group, a London-listed engineering firm operating in energy, security, aerospace, and defence, has reported a cybersecurity incident involving unauthorised access to its systems. The company has taken immediate steps to mitigate potential disruptions and contain…

Read more →

  < p style=”text-align: justify;”>Tata Technologies, a multinational engineering firm and subsidiary of Tata Motors, recently experienced a ransomware attack that led to the temporary suspension of certain IT services. The company promptly launched an investigation into the incident and…

Read more →

< p style=”text-align: justify;”>Cryptojacking, the unauthorized exploitation of an organization’s computing resources to mine cryptocurrency, has emerged as a significant yet often overlooked cybersecurity threat. Unlike ransomware, which overtly disrupts operations, cryptojacking operates covertly, leading to substantial financial and operational…

Read more →

  The Python Package Index (PyPI) has informed users that no modifications are expected with the launch of “Project Archival,” a new method that enables publishers to archive their projects. To assist users in making informed decisions regarding their dependencies,…

Read more →

  < p style=”text-align: justify;”> A new cyber attack is putting Amazon Prime subscribers at risk. Hackers are sending malicious emails warning users that their Prime membership is about to expire. These emails contain attachments with dangerous links that redirect…

Read more →