A sophisticated phishing campaign is currently circulating within the Cardano community, posing significant risks to users seeking to download the newly announced Eternl Desktop application. The attack leverages a professionally crafted email claiming to promote a legitimate wallet solution designed…
RondoDoX Botnet Weaponizing a Critical React2Shell Vulnerability to Deploy Malware
A sophisticated threat group has intensified its campaign against organizations by leveraging the latest vulnerabilities in web applications and Internet of Things (IoT) devices. The RondoDoX botnet, tracked through exposed command-and-control logs spanning nine months from March to December 2025,…
Phishing campaign abuses Google Cloud Application to impersonate legitimate Google emails
Researchers uncovered a phishing campaign abusing Google Cloud Application Integration to send emails posing as legitimate Google messages. Check Point researchers have revealed a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The…
Flock Exposes Its AI-Enabled Surveillance Cameras
404 Media has the story: Unlike many of Flock’s cameras, which are designed to capture license plates as people drive by, Flock’s Condor cameras are pan-tilt-zoom (PTZ) cameras designed to record and track people, not vehicles. Condor cameras can be…
LockBit takedown architect gets New Year award from King Charles
Gavin Webb orchestrated Operation Cronos as it pulled off the legendary disruption sting A senior British crimefighter has been awarded one of the country’s highest tributes for public service for his role in the 2024 LockBit ransomware takedown.… This article…
Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks
Ryan Goldberg and Kevin Martin have admitted being affiliates of the BlackCat/Alphv ransomware group. The post Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
The ROI Problem in Attack Surface Management
Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information. Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks…
CISA Warns of WHILL Model C2 Wheelchairs Vulnerability Let Attackers Take Control of Product
A critical security advisory warned of severe vulnerabilities in WHILL electric wheelchairs that could allow attackers to hijack the devices via Bluetooth remotely. The alert affects two popular models used worldwide: the WHILL Model C2 Electric Wheelchair and Model F…
Cognizant Hit With Multiple US Class-Action Lawsuits Following TriZetto Data Breach
Cognizant Technology Solutions is facing multiple class-action lawsuits following a significant data breach at TriZetto Provider Solutions (TPS), its healthcare claims processing subsidiary. The lawsuits, filed in federal courts in New Jersey and Missouri, allege that the company failed to…
Threat Actors Testing Modified and Highly Obfuscated Version of Shai Hulud Strain
Cybersecurity researchers have identified a new variant of the Shai Hulud malware that reveals important insights into how threat actors are evolving their attack strategies. The malware, first observed in recent security analysis, demonstrates significant changes from its original version,…
Goldman Sachs Clients Data May Be Exposed
Goldman Sachs recently informed investors in its alternative investment funds that their personal information may have been compromised due to a cyberattack at the law firm Fried Frank Harris Shriver & Jacobson LLP. This article has been indexed from CyberMaterial…
Thousands Of Medical Records Found
Thousands of medical records containing social security numbers and private health data were discovered by a hobbyist who purchased a delinquent storage unit at auction in Memphis. This article has been indexed from CyberMaterial Read the original article: Thousands Of…
ServiceNow To Buy Cyber Firm Armis
ServiceNow has entered into an agreement to acquire the cybersecurity firm Armis for 7.75 billion dollars in a move to bolster its security and automation portfolio. The acquisition, expected to close in the second half of 2026, aims to integrate…
Treasury Lifts Sanctions On Intellexa Execs
The Treasury Department has removed three individuals associated with the Intellexa Consortium and its Predator spyware from a federal sanctions list. This move reverses 2024 penalties imposed on Merom Harpaz, Andrea Gambazzi, and Sara Hamou for their roles in a…
Georgia Arrests Ex Spy Chief Over Scam Aid
Georgian authorities have detained Grigol Liluashvili, the former chief of the state security service, on various bribery charges. He is accused of accepting over a million dollars to protect international scam call centers from law enforcement. The former head of…
VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion
VVS stealer (or VVS $tealer) is a Python-based infostealer targeting Discord users. It employs Pyarmor for obfuscation, contributing to its efficacy. The post VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion appeared first on Unit 42. This article…
How Protesters Became Content for the Cops
The tactics behind protest policing are changing—from one of cooperation to intentional antagonism for political marketing purposes. This article has been indexed from Security Latest Read the original article: How Protesters Became Content for the Cops
RondoDox Botnet Exploiting React2Shell Vulnerability
In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The post RondoDox Botnet Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: RondoDox Botnet Exploiting…
New ErrTraffic Service Enables ClickFix
The emergence of ErrTraffic marks a significant shift in the accessibility of sophisticated social engineering tactics. This article has been indexed from CyberMaterial Read the original article: New ErrTraffic Service Enables ClickFix
IT Security News Hourly Summary 2026-01-02 12h : 7 posts
7 posts were published in the last hour 11:2 : IBM warns of critical API Connect bug enabling remote access 11:2 : How AI made scams more convincing in 2025 10:32 : Adobe ColdFusion Servers Targeted in Coordinated Campaign 10:31…
IBM warns of critical API Connect bug enabling remote access
IBM disclosed a critical API Connect flaw (CVE-2025-13915, CVSS 9.8) that allows remote access via an authentication bypass. IBM addressed a critical API Connect vulnerability, tracked as CVE-2025-13915 (CVSS score of 9.8) that allows remote access via an authentication bypass.…
How AI made scams more convincing in 2025
Several AI-related stories in 2025 highlighted how quickly AI systems can move beyond meaningful human control. This article has been indexed from Malwarebytes Read the original article: How AI made scams more convincing in 2025
Adobe ColdFusion Servers Targeted in Coordinated Campaign
GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday. The post Adobe ColdFusion Servers Targeted in Coordinated Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Covenant Health Data Breach Impacts 478,000 Individuals
The Qilin ransomware group hacked the healthcare organization and stole data from its systems in May 2025. The post Covenant Health Data Breach Impacts 478,000 Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…