Category: CySecurity News – Latest Information Security and Hacking Incidents

  < p style=”text-align: justify;”> A new cyber attack is putting Amazon Prime subscribers at risk. Hackers are sending malicious emails warning users that their Prime membership is about to expire. These emails contain attachments with dangerous links that redirect…

Read more →

Hackers use various ways to steal user data, one recent trend, according to the FBI, shows they have started gaining employment with companies. The agency has pushed out public announcement I-012325-PSA, warning organizations in the U.S. to disable local admin…

Read more →

  < p style=”text-align: justify;”>Security researchers have uncovered two new vulnerabilities in modern Apple processors, named FLOP and SLAP, which could allow attackers to remotely steal sensitive data through web browsers. Discovered by researchers from the Georgia Institute of Technology…

Read more →

  The landscape of cybersecurity has been greatly transformed by artificial intelligence, which has provided both transformative opportunities as well as emerging challenges. Moreover, AI-powered security tools have made it possible for organizations to detect and respond to threats much…

Read more →

  In a recently uncovered phishing campaign, threat actors are employing malicious PDF files to target mobile device users in potentially more than fifty nations. Dubbed as the “PDF Mishing Attack,” the effort exposes new vulnerabilities in mobile platforms by…

Read more →

  North Korea’s notorious hacking collective, Lazarus Group, has orchestrated a large-scale supply chain attack, compromising hundreds of victims worldwide, according to cybersecurity researchers. The operation, named Phantom Circuit, remains active as of this month. The group injected malicious backdoors…

Read more →

  The U.S. Food and Drug Administration (FDA) has issued a safety communication highlighting cybersecurity vulnerabilities in certain patient monitors manufactured by Contec and relabeled by Epsimed. The FDA’s notice, published on Thursday, identifies three critical security flaws that could…

Read more →

Generative AI (GenAI) is transforming the cybersecurity landscape, with 52% of CISOs prioritizing innovation using emerging technologies. However, a significant disconnect exists, as only 33% of board members view these technologies as a top priority. This gap underscores the challenge…

Read more →

  < p style=”text-align: justify;”>In recent years, the cybersecurity landscape has faced an unprecedented wave of threats. State-sponsored cybercriminals and less experienced attackers armed with sophisticated tools from the dark web are relentlessly targeting weak links in global cybersecurity systems.…

Read more →

According to security experts, threat actors are abusing out-of-date versions of WordPress and plug-ins to modify thousands of sites to trap visitors into downloading and installing malware. In a conversation with cybersecurity news portal TechCrunch, Simon Wijckmans, founder and CEO…

Read more →

  < p style=”text-align: justify;”>ENGlobal Corporation, a prominent contractor in the energy sector, has disclosed that a ransomware attack in November 2024 led to the exposure of sensitive personal data. The incident, which occurred on November 25, forced the company…

Read more →

  As vehicles become increasingly connected to the internet, cybersecurity threats pose growing risks to drivers. A recent security flaw in Subaru’s Starlink system highlights the potential dangers, allowing hackers to remotely control vehicles and access sensitive data. This incident…

Read more →

  < p style=”text-align: justify;”> A North Korean cybercriminal group, Andariel, has been found using a stealthy hacking technique called RID hijacking to gain full control over Windows systems. This method allows attackers to manipulate a computer’s security settings, turning…

Read more →

  < p style=”text-align: justify;”>Password theft has recently dominated headlines, with billions of credentials compromised. Amid this crisis, Microsoft has been pushing to replace traditional passwords with more secure authentication methods. However, a new vulnerability in the Windows BitLocker full-disk…

Read more →

  < p style=”text-align: justify;”> PayPal has been fined $2 million by the New York State Department of Financial Services (DFS) for failing to protect customer data, resulting in a significant security breach. The incident, which occurred in December 2022,…

Read more →

  < p style=”text-align: justify;”>As new threats emerge and defensive strategies evolve, the landscape of data protection is undergoing significant changes. With February 1 marking Change Your Password Day, it’s a timely reminder of the importance of strong password habits…

Read more →

  A 62-year-old retired bank manager from Pune became the victim of a massive cyber fraud, losing ₹2.22 crore over several months. Scammers posing as government officials tricked the individual into purchasing multiple insurance policies by promising high returns.   How…

Read more →

  < p style=”text-align: justify;”>In an era where cybercriminals are increasingly targeting passwords through phishing attacks, data breaches, and other malicious tactics, securing online accounts has never been more important. Relying solely on single-factor authentication, such as a password, is…

Read more →

  The United States is poised to undergo a period of highly disruptive transformation. The incoming administration has promised to make significant changes, including forming a new body, the Department of Governmental Efficiency (DOGE), with the aim of substantially reducing…

Read more →

  UnitedHealth Group has officially disclosed that the February ransomware attack on its subsidiary, Change Healthcare, affected approximately 190 million individuals in the U.S.—nearly twice the previously estimated figure. The healthcare giant confirmed the revised number in a statement to…

Read more →

  A significant cyberattack on the Singapore-based cryptocurrency exchange Phemex has resulted in the loss of over $70 million in digital assets. Blockchain security experts believe the incident may be linked to North Korean hackers. The breach was detected on…

Read more →

  Cybercriminals in Russia are using a scam to trick their victims into allowing them to install ransomware on their computers by pretending to be technical support via Microsoft Teams. Once they have convinced victims they have an IT problem,…

Read more →

  Cybercriminals are increasingly using Google ads and sophisticated cloaking techniques to push malware onto unsuspecting users. The latest example involves a fake Homebrew website that tricked users into downloading an infostealer designed to steal sensitive data, including login credentials…

Read more →

  An attacker is reportedly injecting malware into infected devices using popular VPN applications to gain remote control of the devices they are attacking. Google’s Managed Defense team reported this disturbing finding, which sheds light on how malicious actors use…

Read more →

  A threat analyst identified a vulnerability in Cloudflare’s content delivery network (CDN) which could expose someone’s whereabouts just by sending them an image via platforms such as Signal and Discord. While the attack’s geolocation capability is limited for street-level…

Read more →

  Japan is taking decisive steps to enhance its cybersecurity through a new strategy of “active cyber defence.” This approach enables authorized hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers and neutralize cyber-attack sources before they…

Read more →

  South Korean VPN provider IPany fell victim to a supply chain attack orchestrated by the China-aligned hacking group “PlushDaemon.” The attackers compromised IPany’s VPN installer, embedding a custom malware named ‘SlowStepper’ into the installer file, affecting customers upon installation.…

Read more →

  As a result of recent findings on dark web marketplaces, it has been found that many account credentials from major security vendors are being sold. According to Cyble, the rise of information stealers has been largely responsible for this…

Read more →

  < p style=”text-align: justify;”> Virtual Private Networks (VPNs) are widely trusted for protecting online privacy, bypassing regional restrictions, and securing sensitive data. However, new research has uncovered serious flaws in some VPN protocols, exposing millions of systems to potential…

Read more →

  Anonymous Browsing: Tools and Extensions for Enhanced Privacy < p style=”text-align: justify;”> Anonymous browsing is designed to conceal your IP address and location, making it appear as though you are in a different region. This feature is particularly useful…

Read more →

  Downloading through a peer-to-peer (P2P) network referred to as torrenting involves either using torrent files or magnet links to download files. Torrent files are index files that provide the necessary information to locate certain files, segments of files, or…

Read more →

  T-Mobile has taken a significant step in enhancing its cybersecurity by adopting Yubikey security keys for its employees. The company purchased over 200,000 security keys from Yubico, deploying them across all staff, vendors, and authorized retail partners. The rollout,…

Read more →

  Hong Kong experienced a record surge in cyberattacks last year, marking the highest number of incidents in five years. Hackers are increasingly using artificial intelligence (AI) to strengthen their methods, according to the Hong Kong Computer Emergency Response Team…

Read more →

  VPNs are widely known for their benefits, including preventing location-based overcharging, safeguarding online privacy, and enabling access to geographically restricted content like foreign Netflix libraries. Historically, VPNs have been considered safe, but a new investigation by Top10VPN challenges this…

Read more →

  Hackers are once more exploiting Google advertisements to disseminate malware, using a fake Homebrew website to compromise Macs and Linux systems with an infostealer that harvests credentials, browsing data, and cryptocurrency wallets.  Ryan Chenkie discovered the fraudulent Google ad…

Read more →

  A recent study has revealed a concerning link between the increased use of artificial intelligence (AI) tools and declining critical thinking abilities among students. The research, which analyzed responses from over 650 individuals aged 17 and older in the…

Read more →

  The Sophos security team has identified two ransomware campaigns that are utilizing Microsoft Teams to steal data from organizations, and the crooks may be allied with Black Basta and FIN7. In the X-Ops Managed Detection and Response (MDR) service,…

Read more →

  AI in Cybercrimes: Rising Threats and Challenges Kuala Lumpur: The increasing use of artificial intelligence (AI) in cybercrimes is becoming a grave issue, says Datuk Seri Ramli Mohamed Yoosuf, Director of Malaysia’s Commercial Crime Investigation Department (CCID). Speaking at…

Read more →

  In the current cybersecurity era, multi-factor authentication (MFA) is widely recommended and often mandated across several sectors, making it one of the most popular security measures that are available. As stated by the Cybersecurity and Infrastructure Security Agency (CISA),…

Read more →

  ChatGPT Outage: OpenAI Faces Service Disruption in the UK < p style=”text-align: justify;”> On Thursday, OpenAI’s ChatGPT experienced a significant outage in the UK, leaving thousands of users unable to access the popular AI chatbot. The disruption, which began…

Read more →

  Google unveiled a financially driven threat actor, TRIPLESTRENGTH, targeting cloud environments for cryptojacking and on-premise ransomware operations. “This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity,” Google Cloud…

Read more →

  The Quantum Computing Threat to Cryptocurrency Security < p style=”text-align: justify;”> The immense computational power that quantum computing offers raises significant concerns, particularly around its potential to compromise private keys that secure digital interactions. Among the most pressing fears…

Read more →

  You may think you are receiving an email from your trusted ProtonMail account — only to discover it’s a trap set by cybercriminals. Recent research throws light on how attackers are targeting both widely known and lesser-used cloud platforms…

Read more →

  The Evolution of AI: From Generative Models to Agentic Intelligence < p style=”text-align: justify;”> Artificial intelligence is rapidly advancing beyond its current capabilities, transitioning from tools that generate content to systems capable of making autonomous decisions and pursuing long-term…

Read more →

  Cyberattacks Surge During Holidays and Weekends: Semperis Report Companies are particularly susceptible to cyberattacks during public holidays and weekends due to reduced security manpower. A recent report on ransomware assaults, published by Semperis, a provider of identity-based cyber resilience,…

Read more →

  Fortinet Firewall Data Breach: 15,000 Devices Compromised by Belsen Group < p style=”text-align: justify;”> On January 14, 2025, it was reported that the configuration data of over 15,000 Fortinet FortiGate firewalls was leaked on the dark web. The hacker…

Read more →

  Tax Season 2025: Protect Yourself from Fraud with an Identity Protection PIN A new year marks the start of another tax season, bringing with it the usual challenges of navigating the complex US tax code and avoiding scams. One…

Read more →

  Fear of Blame Hampers Cybersecurity Incident Reporting in Ireland A recent survey conducted in Ireland highlights a concerning trend: fear of blame is preventing employees from reporting cybersecurity incidents. The study, carried out by Censuswide for IT.ie and SonicWall,…

Read more →

  European Banks Strengthen Cybersecurity Amid Strict Regulations European banks are being compelled to enhance their cybersecurity systems to comply with stringent regulations aimed at safeguarding critical infrastructure against cyber threats. The rise of digital tools in the financial sector…

Read more →

Cybercriminals Target Google Ads Users in Sophisticated Phishing Attacks < p style=”text-align: justify;”> Cybercriminals are intensifying their phishing campaigns against Google Ads users, employing advanced techniques to steal credentials and bypass two-factor authentication (2FA). This new wave of attacks is…

Read more →

  FBI Warns Smartphone Users About Malicious Apps < p style=”text-align: justify;”> Smartphone users are being urged to exercise caution when downloading apps as some may be designed to steal personal data and send it to fraudsters, leading to potential…

Read more →

  General Motors (GM) and its OnStar division have been barred from selling customer-driving data for the next five years. This decision follows an investigation that revealed GM was sharing sensitive customer information without proper consent.   How Did This Happen?…

Read more →

  Data Breach at Willow Exposes Over 240,000 Customer Records < p style=”text-align: justify;”> A significant data exposure incident involving the Chicago-based financial technology firm Willow has left the personal details of more than 240,000 customers vulnerable. Willow, which offers…

Read more →

  As the government intensifies efforts to raise awareness about digital arrests and online financial fraud, fraudsters have shifted their strategies to stay ahead. A concerning trend has emerged where these individuals pose as representatives of the Telecom Regulatory Authority…

Read more →

AVSLabs is excited to take part in Cybersec Asia 2025, a major cybersecurity event happening on January 22-23, 2025, at the Queen Sirikit National Convention Center (QSNCC) in Bangkok, Thailand. This event brings together top industry leaders and professionals to…

Read more →

  The International Journal of Security has revealed that some of the world’s biggest hotel chains have had their personal information compromised following a threat actor’s attack on a program provider that serves the industry. As part of a data…

Read more →

  A foundation, closely associated with Telegram, called the Open Network (TON), is pursuing ambitious expansion in the United States. A strategic move like this comes amid the expectation that Donald Trump’s upcoming administration will be able to offer a…

Read more →

  Bengaluru emerges as the leading tech-enabled city for scams: Cyber fraud has been on an upward spiral during the period 2021 through September 2024, reports the police while citing the cumulative loss to this city as an amount of…

Read more →

  A new ransomware group, FunkSec, has emerged as a growing concern within the cybersecurity community after launching a series of attacks in late 2024. Reports indicate that the group has carried out over 80 cyberattacks, signaling a strategic blend…

Read more →

  Microsoft is examining a flaw that activates security alerts on systems equipped with a Trusted Platform Module (TPM) processor after enabling BitLocker.  A Windows security feature called BitLocker encrypts storage discs to guard against data leakage or theft. Redmond…

Read more →

  If you are running a business in 2025, you’re probably already using generative AI in some capacity. GenAI tools and chatbots, such as ChatGPT and Google Gemini, have become indispensable in a variety of cases, ranging from content production…

Read more →

  The FBI has successfully hacked and removed PlugX malware from approximately 4,200 computers across the US in a large-scale cybersecurity operation. The malware, allegedly deployed by the China-based hacking group known as “Mustang Panda” or “Twill Typhoon,” has been…

Read more →

  An American education technology company, PowerSchool, is the latest giant to fall a victim of hacking and data breaches, which probably compromised millions of records of students and teachers in North America. As one of the leading providers of…

Read more →

  According to a campaign group that has criticized government net zero policies, smart meters may become the next step in “snooping” on household energy consumption. Ministers are discussing the possibility of sharing household energy usage with third parties who…

Read more →

  Cyberattacks are fast becoming a reality check for businesses worldwide, inflicting massive financial and operational losses. Besides the immediate loss of funds, cyber attacks also have an impact on an organization’s reputation, hence losing out in competition. The most…

Read more →

  An alleged hacker named Yin Kecheng and a cybersecurity company called Sichuan Juxinhe Network Technology Co were sanctioned on Friday by the US Treasury Department for involvement in a string of hacks against American telecom companies. Kecheng is a…

Read more →

  The hackers employed information stealer malware to steal the credentials of several Telefonica employees and gain access to the company’s internal ticketing system. The data breach was revealed last week when members of the Hellcat ransomware group (which had…

Read more →

Privacy expert Yael Grauer, known for creating the Big Ass Data Broker Opt-Out List (BADBOOL), has a message for those frustrated with the endless cycle of removing personal data from brokers’ databases: push lawmakers to implement meaningful policy reforms. Speaking…

Read more →

  Cybersecurity experts have raised alarms over a surge in cyberattacks targeting freemail users, driven by artificial intelligence (AI). Hackers are leveraging AI to craft sophisticated phishing scams and fraudulent notifications that are harder to detect. These deceptive messages often…

Read more →

  The National Company Law Tribunal (NCLT) in Mumbai has suspended virtual hearings after its system was breached twice within seven days. Hackers infiltrated the platform on December 12 and again on December 17 during a live session, broadcasting pornographic…

Read more →

  < p style=”text-align: justify;”>Cybercriminals are increasingly targeting Microsoft Teams, utilizing the platform for sophisticated phishing, vishing, and ransomware campaigns. Exploiting Teams’ widespread use, attackers employ social engineering tactics to deceive users and extract sensitive data. Methods range from fake…

Read more →

  < p style=”text-align: justify;”>Are cybercriminals trafficking your private data on the Dark Web? This article provides a comprehensive overview of how data transfers on the Dark Web can impact your privacy and security. The Dark Web is often portrayed…

Read more →

  It seems to be a minor step, clearing your cache and cookies, but it is really a big factor in improving online safety and making your browsing easier. While these tools are intended to make navigation on the web…

Read more →

  Rogue actors within the advertising industry are reportedly exploiting major global apps to collect sensitive user location data on a massive scale. This data is then funneled to a location data firm whose subsidiary has previously sold global tracking…

Read more →

  The U.S. Department of Justice (DOJ) has charged three Russian nationals with money laundering for operating two sanctioned cryptocurrency mixing services, Blender.io and Sinbad.io. A federal grand jury in Georgia indicted Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton…

Read more →

  Play ransomware continues to be a formidable cybersecurity threat, with over 300 successful attacks reported globally since its first detection in 2022. Named for the “.PLAY” extension it appends to encrypted files, this ransomware has been linked to Andariel,…

Read more →

  A malicious GitHub repository disguises a proof-of-concept (PoC) exploit for CVE-2024-49113, also known as “LDAPNightmare,” delivering infostealer malware that sends sensitive data to an external FTP server. Disguised as a legitimate PoC, the exploit tricks users into executing malware.…

Read more →

WhatsApp, the world’s most widely used messaging app, is celebrated for its simplicity, privacy, and user-friendly design. However, upcoming changes could drastically reshape the app. Meta, WhatsApp’s parent company, is testing a new feature: AI bots. While some view this…

Read more →

    On August 9th, the HexaLocker ransomware group announced the release of HexaLocker V2, a significantly advanced version of its Windows-based ransomware. Developed using the Go programming language, this new version is reportedly supported by contributors from notorious hacking…

Read more →

  In a significant crackdown on cybercrime, Rajasthan Police arrested 30 individuals involved in cyber fraud on Saturday, January 11, 2025. The arrests were the result of coordinated raids conducted across 40 locations in five police station areas in Jaipur.…

Read more →

  Shadow IT has long been a pressing concern for Chief Information Security Officers (CISOs). Forgotten systems, infrastructure, or hardware connected to enterprise networks often resurface as entry points for data breaches or compromises years later. However, new findings from…

Read more →

  Cybercriminals are employing a sophisticated technique called “transaction simulation spoofing” to steal cryptocurrency, with a recent attack resulting in the theft of 143.45 Ethereum (ETH), valued at nearly $460,000. This exploit, identified by blockchain security platform ScamSniffer, targets vulnerabilities…

Read more →

  According to the latest study published this week, a new variant of the info-stealing malware known as “Banshee” has been targeting macOS users’ passwords, cryptocurrency wallets, browser credentials, and other data for at least the past four months. Check…

Read more →

  The arrest of Cameron John Wagenius, a U.S. Army communications specialist, has unveiled potential connections to a significant data breach targeting India’s state-owned telecom provider, BSNL. The breach highlights the global reach of cybercrime networks and raises concerns about…

Read more →

  AI has become almost ubiquitous in software development, as a GitHub survey shows, 92 per cent of developers in the United States use artificial intelligence as part of their everyday coding. This has led many individuals to participate in…

Read more →

  Security teams have always needed to adapt to change, but 2025 is poised to bring unique challenges, driven by advancements in artificial intelligence (AI), sophisticated cyber threats, and evolving regulatory mandates. Chief Information Security Officers (CISOs) face a rapidly…

Read more →

  In the cybercrime world, Initial Access Brokers (IABs) are essential for facilitating attacks. These specific hackers break into company systems, steal login credentials, and then sell access to other criminals who use it to launch their own attacks. They…

Read more →

  Major apps worldwide are potentially being exploited by rogue members within the advertising sector to collect sensitive location data extensively, which subsequently is transferred to a location data firm whose subsidiary has previously sold global location data to US…

Read more →

  There was a groundbreaking decision by the European Union General Court on Wednesday that the EU Commission will be held liable for damages incurred by a German citizen for not adhering to its own data protection legislation.  As a…

Read more →

  Medusind, a major provider of billing and revenue management services for healthcare organizations, recently disclosed a data breach that compromised sensitive information of over 360,000 individuals. The breach, which occurred in December 2023, was detected more than a year…

Read more →

  A recent surge in phishing campaigns has revealed attackers leveraging cleverly obfuscated URLs and Microsoft 365 password expiry warnings to trick users into surrendering their credentials. Here’s a breakdown of the latest findings: The phishing emails consistently use subject…

Read more →

  Web3 technology promises to transform the internet, making it decentralized, secure, and transparent. However, many people hesitate to adopt it due to a lack of trust in the technology. Building this trust requires clear explanations, user-friendly experiences, and a…

Read more →

  PowerSchool, a widely used software serving thousands of K–12 schools in the United States, has suffered a major cybersecurity breach. The Breach has left several schools worried about the potential exposure of critical student and faculty data. With over…

Read more →

  The International Civil Aviation Organization (ICAO), a United Nations agency tasked with creating global aviation standards, has disclosed an investigation into a potential cybersecurity incident. Established in 1944, ICAO works with 193 member states to develop and implement aviation-related…

Read more →

  As a result of the churning threat landscape, new threats are always emerging while others disappear or fade into irrelevance. Wallet drainers trick their victims into signing malicious transactions in order to steal their assets. As the name implies,…

Read more →

  The integration of Artificial Intelligence (AI) and blockchain technology is revolutionizing digital experiences, especially for developers aiming to enhance user interaction and improve security. By combining these cutting-edge technologies, digital platforms are becoming more personalized while ensuring that user…

Read more →

  Passwords have been a cornerstone of digital security for decades, but managing them has grown increasingly complex. Even with the help of password managers, users face the challenge of creating and remembering countless unique, complex passwords. The days of…

Read more →

  Recent cybersecurity reports have highlighted a new, highly sophisticated credit card skimmer malware targeting WordPress checkout pages. This stealthy malware embeds malicious JavaScript into database records, leveraging database injection techniques to effectively steal sensitive payment information. Its advanced design…

Read more →

  Play ransomware, also known as Balloonfly or PlayCrypt, has become a significant cybersecurity threat since its emergence in June 2022. Responsible for over 300 global attacks, this ransomware employs a double extortion model — stealing sensitive data before encrypting…

Read more →

Meta to remove fact-checkers Meta is dumping independent fact-checkers on Instagram and Facebook, similar to what X (earlier Twitter) did, replacing them with “community notes” where users’ comments decide the accuracy of a post. On Tuesday, Mark Zuckerberg in a…

Read more →