Tag: CySecurity News – Latest Information Security and Hacking Incidents

    Federal agencies are urging individuals and organizations to stay vigilant against a rising ransomware threat that has affected hundreds of new victims in recent weeks. The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Multi-State Information Sharing and…

Read more →

  To ensure the safety of citizens throughout the world, and to enforce immigration laws, the Department of Homeland Security and Immigration and Customs Enforcement (ICE) have always relied heavily on social media monitoring as an essential component of their…

Read more →

  Since 2017, at least 11 state-sponsored threat groups have actively exploited a Microsoft zero-day issue that allows for abuse of Windows shortcut files to steal data and commit cyber espionage against organisations across multiple industries.  Threat analysts from Trend…

Read more →

  Cybersecurity researchers have uncovered a new attack campaign in which hackers are exploiting vulnerabilities in Fortinet firewalls to breach corporate networks and deploy ransomware. The hacking group, tracked as “Mora_001,” is leveraging two specific flaws in Fortinet’s firewall software…

Read more →

  Cybersecurity researchers at Trend Micro have uncovered new variants of the Albabat ransomware, designed to target multiple operating systems and optimize attack execution. Albabat ransomware 2.0 now extends beyond Microsoft Windows, incorporating mechanisms to collect system data and streamline…

Read more →

  It is becoming increasingly common for digital communication to involve sharing files, whether for professional or personal reasons. Some file exchanges are trivial, such as sending humorous images by email, while others contain highly sensitive information that needs to…

Read more →

  Infostealer malware is becoming one of the most alarming cybersecurity threats, silently stealing sensitive data from individuals and organizations. This type of malware operates stealthily, often going undetected for long periods while extracting valuable information such as login credentials,…

Read more →

  Microsoft has revealed details of a large-scale malvertising campaign that is believed to have impacted over one million devices worldwide as part of an opportunistic attack aimed at stealing sensitive information.  The tech giant, which discovered the activity in…

Read more →

  There has been a worrying rise in the number of people losing control of their social media and email accounts this year. According to recent data from Action Fraud, the UK’s national cybercrime reporting center, over 35,000 cases were…

Read more →

  Chinese hackers involved in the Volt Typhoon attack spent over a year inside the networks of a major utility company in Littleton, Massachusetts.  In a report published last week, Dragos, an operational technology (OT) cybersecurity firm, described their work…

Read more →

  A recent report from Nozomi Networks has revealed that the vast majority of Wi-Fi networks are highly vulnerable to deauthentication attacks, a common form of denial-of-service (DoS) attack. After analyzing telemetry from hundreds of operational technology (OT) and internet…

Read more →

  Researchers have uncovered a series of highly sophisticated cyberattacks by the notorious Lazarus group, targeting web servers in South Korea. The attackers have been infiltrating IIS servers to deploy ASP-based web shells, which serve as the first-stage Command and…

Read more →

  The Overlooked Danger of Password Reuse While digital access is becoming increasingly prevalent in our everyday lives, from managing finances to enjoying online entertainment, there remains a critical security lapse: password reuse. Even though it is convenient, this practice…

Read more →

  Apple is set to make a major improvement in how people using iPhones and Android devices communicate. Soon, text messages exchanged between these two platforms will be protected with end-to-end encryption, offering better privacy and security. For years, secure…

Read more →

  In the Black Basta ransomware group, an automated brute force attack tool referred to as BRUTED has been developed to target and compromise edge networking devices such as firewalls and VPNs, as well as other edge networking devices. By…

Read more →

  Raymond Limited, a leading textile and apparel firm, acknowledged a cyberattack on its IT infrastructure on February 19. The company quickly segregated affected systems to protect essential business operations and avoid disruptions to customer-facing platforms or shop networks. Rakesh…

Read more →

  A recent cybersecurity report by S-RM has revealed a new tactic used by the Akira ransomware group, demonstrating their persistence in bypassing security defenses. When their initial attempt to deploy ransomware was blocked by an endpoint detection and response…

Read more →

  The growing use of digital systems in cars, trucks, and mobility services has made the automotive industry a new favorite target for hackers. Companies involved in making vehicles, supplying parts, and even selling them are now dealing with a…

Read more →

  Do you think continuing with the same old version of the same old software is a good idea? While it may function adequately for the time being, the clock is ticking towards disaster. Waiting to upgrade results in a…

Read more →

  Researchers have discovered at least five Android apps on Google Play that secretly function as spyware for the North Korean government. Despite passing Google Play’s security checks, these apps collect personal data from users without their knowledge. The malware,…

Read more →

  A network security risk associated with unauthorized password resets is very significant, as it can expose sensitive information and systems to cyber threats. IT administrators must take care to monitor and validate every password reset, particularly those that involve…

Read more →

  A newly discovered ransomware group known as Mora_001 is carrying out cyberattacks by exploiting security weaknesses found in Fortinet’s firewall systems. The group is using a custom ransomware strain named SuperBlack to target organizations and lock their data for…

Read more →

  The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a #StopRansomware advisory, warning organizations about the increasing threat of Medusa ransomware.  Medusa, a ransomware-as-a-service (RaaS)…

Read more →

  Microsoft Threat Intelligence identified a new strain of XCSSET, a complex modular macOS malware that targets Xcode programs. The malware was discovered in the wild during routine threat hunting, and it is the first known XCSSET variant to appear…

Read more →

  There is a growing threat to individuals from spamming, a form of cyber attack derived from SMS phishing, which uses text messaging to deceive them into disclosing sensitive information or engaging with malicious links via text messaging. Though the…

Read more →

  For years, companies protected sensitive data by securing emails, devices, and internal networks. But work habits have changed. Now, most of the data moves through web browsers.   Employees often copy, paste, upload, or transfer information online without realizing the…

Read more →

  With the advent of cybercrime, a highly lucrative industry has emerged, which in turn has drawn the attention of malicious actors eager to exploit the growing digital landscape. Cyber-attacks have become increasingly sophisticated and frequent and have made the…

Read more →

  Amazon is drawing fire for hosting data from the Cocospy, Spyic, and Spyzie apps weeks after being notified of the problem, as the spyware firms continue to upload sensitive phone data of 3.1 million users to Amazon Web Services…

Read more →

  Data removal services play a crucial role in safeguarding online privacy by helping individuals remove their personal information from data brokers and people-finding websites. Every time users browse the internet, enter personal details on websites, or use search engines,…

Read more →

  The workplace is transforming at an unprecedented rate. Remote and hybrid work models, once considered temporary adjustments, have now become permanent components of modern business operations. Organizations worldwide are seeking secure, efficient, and cost-effective solutions to support a distributed…

Read more →

  The Middle East is seeing a sharp rise in SIM swapping scams, where criminals find ways to take over people’s mobile numbers and misuse them for financial fraud. A new report by cybersecurity experts reveals that scammers are using…

Read more →

It has been revealed that a cybercriminal, described as “Rey” on the dark web, has publicly claimed responsibility for a substantial cyberattack that occurred against Jaguar Land Rover over a period of two months. The disclosure was made on a…

Read more →

  Cybercriminals are continually evolving their tactics to evade antivirus detection and trick users into installing malicious software. One of the latest threats involves malware that impersonates legitimate browser extensions, allowing attackers to steal login credentials while remaining undetected. Although…

Read more →

  Mimecast has discovered that over 55% of organisations do not have specific plans in place to deal with AI-driven cyberthreats. The cybersecurity company’s most recent “State of Human Risk” report, which is based on a global survey of 1,100…

Read more →

  Sunflower recently disclosed a cyberattack on its systems, revealing that hackers gained access on December 15 but remained undetected until January 7.  During this time, sensitive personal and medical data — including names, addresses, dates of birth, Social Security…

Read more →

  Jaguar Land Rover (JLR), the well-known luxury car company, is reported to be the latest victim of a cybersecurity breach. A threat actor known as “Rey” has publicly disclosed critical company records and personnel data on the infamous hacking…

Read more →

  Cybercriminals have found a new way to trick Windows users into downloading harmful software by disguising malware as a CAPTCHA test. A recent investigation by security researchers revealed that attackers are using this method to install infostealer malware, which…

Read more →

  Kali Linux has become a cornerstone of cybersecurity, widely used by ethical hackers, penetration testers, and security professionals. This open-source Debian-based distribution is designed specifically for security testing and digital forensics.  Recognized for its extensive toolset, it has been…

Read more →

  It has been announced that the CrowdStrike investigation into PowerSchool’s large-scale data breach that took place in December 2024 has been published. It was determined during the investigation that unauthorized access to the company’s systems occurred four months prior,…

Read more →

  A new startup in Seattle is working on artificial intelligence (AI) that can take over repetitive office tasks. The company, called Caddi, has recently secured $5 million in funding to expand its technology. Its goal is to reduce manual…

Read more →

  The Federal Bureau of Investigation (FBI) has warned corporate executives about a new scam designed to trick them into paying large sums of money. Criminals are sending threatening letters claiming to have stolen sensitive company data and demanding a…

Read more →

  Microsoft, Amazon, and Google have all announced recent advances in quantum computing that are likely to accelerate the timeline for the possible obsolescence of current encryption standards. These developments indicate that it will become increasingly important to address the…

Read more →

  Spyware apps masquerading as legitimate software are a growing threat on app stores, particularly Google Play. These malicious apps can steal personal data, commit financial fraud, and install malware on unsuspecting users’ devices. A Zscaler report found 200 spyware…

Read more →

  Over the past ten years, ransomware attacks have increased in frequency and sophistication. While exploits like social engineering and unpatched software may help with an initial breach, it’s the coercive tactics that force victims to make rash and emotionally…

Read more →

  A ransomware assault targeting retirement service firm Carruth Compliance Consulting has resulted in a data breach affecting dozens of school districts and thousands of individuals in the US. Carruth Compliance Consulting (CCC) administers retirement savings accounts for public schools…

Read more →

  An NTT Communications (NTT Com) employee in Tokyo has confirmed that in February, unauthorized access to sensitive data belonging to approximately 18,000 corporate customers was caused by a cyberattack. There is no definitive estimate of how extensive the breach…

Read more →

  DeepSeek, an AI chatbot developed by China-based High-Flyer, has gained rapid popularity due to its affordability and advanced natural language processing capabilities. Marketed as a cost-effective alternative to OpenAI’s ChatGPT, DeepSeek has been widely adopted by businesses looking for…

Read more →

Cisco has issued a security warning about a newly identified vulnerability in its IOS XR Software. This security flaw, labeled CVE-2025-20138, has been rated 8.8 on the CVSS scale, meaning it poses a major risk to affected devices. What Is…

Read more →

  A vast and highly organized industry is known as online scams, which are characterized by intricate supply chains that include services, equipment, and labor. In recent years, cybercrime has gone beyond isolated criminal activities, but has developed into a…

Read more →

  Cybercrime has evolved beyond traditional hacking, transforming into a highly organized and sophisticated industry. In 2025, cyber adversaries — ranging from financially motivated criminals to nation-state actors—are leveraging AI, identity-based attacks, and cloud exploitation to breach even the most…

Read more →

  The widely used ESP32 microchip, manufactured by Chinese company Espressif and embedded in over a billion devices as of 2023, has been found to contain undocumented commands that could be exploited for cyberattacks. These hidden commands enable threat actors…

Read more →

Cybercriminals are increasingly targeting a single point of failure within companies to create large-scale disruption, according to a recent report by Resilience. The analysis highlights how such attacks can have a ripple effect across entire industries. In 2024, the global…

Read more →

  Transaction Monitoring (TRM) Labs, a blockchain intelligence firm based in San Francisco and recognised by the World Economic Forum, recently published a report revealing the links between the Islamic State Khorasan Province (ISKP) and ISIS-affiliated fund-collecting networks in India.…

Read more →

  A complex malware campaign dubbed “Phantom Goblin” has been discovered, which employs social engineering techniques to install information-stealing malware. The malware is distributed by RAR attachments in spam messages, which includes a poisoned shortcut file posing as a PDF. …

Read more →

  Tencent’s AI chatbot, Yuanbao, has surpassed DeepSeek to become the most downloaded free app on China’s iOS App Store. The chatbot, launched in May 2024, gained significant traction following Tencent’s integration of DeepSeek’s R1 reasoning model in February. This…

Read more →

  Researchers at S-RM have discovered an unusual attack method used by the Akira ransomware gang. The Akira ransomware gang utilized an unsecured webcam to conduct encryption attacks against victims’ networks via the use of an unsecured webcam. The attackers…

Read more →

  A new scam is targeting top business leaders in the United States, where criminals are sending letters demanding large ransom payments. Unlike typical ransomware attacks that involve hacking into computer systems, this scheme relies on physical mail. The letters…

Read more →

  The Polish Space Agency (POLSA) recently experienced a cybersecurity breach, prompting the organization to disconnect its IT infrastructure from the internet. POLSA confirmed the incident through a post on X, stating that relevant authorities had been notified. “There has…

Read more →

  State-sponsored hacking group APT37 (ScarCruft) is deploying advanced cyber-espionage tactics to infiltrate systems using malicious ZIP files containing LNK shortcuts. These files are typically disguised as documents related to North Korean affairs or trade agreements and are spread through…

Read more →

  Hunters International, a ransomware group known for high-profile cyberattacks, has claimed responsibility for a January 2025 cyberattack on Tata Technologies. The group alleges it stole 1.4TB of sensitive data from the company and has issued a threat to release…

Read more →

  It was concluded that in the first five weeks of 2025, there was a significant increase in ransomware attacks targeted at the United States, marking a nearly 150% increase compared to the first five weeks of 2024. Based on…

Read more →

  A perfect quantum computer could decrypt RSA-2048, our current strongest encryption, in 10 seconds. Quantum computing employs the principle of quantum physics to process information using quantum bits (qubits) rather than standard computer bits. Qubits can represent both states…

Read more →

  Recent research from the cybersecurity company NordVPN has revealed a significant rise in online threats, with over 669 million malware attacks recorded in the UK in 2024 alone. This alarming number highlights the increasing risk of falling victim to…

Read more →

  Trend Micro security experts discovered a sophisticated cyberattack that included social engineering tactics and commonly employed remote access tools. The attack, which uses stealthy infostealer malware, gives thieves permanent access over vulnerable PCs and allows them to steal sensitive…

Read more →

Cybercriminals are increasingly targeting single points of failure within companies, causing widespread disruptions across industries. According to cybersecurity firm Resilience, attackers have shifted their focus toward exploiting key vulnerabilities in highly interconnected organizations, triggering a “cascading effect of disruption and…

Read more →

  Artificial Intelligence (AI) is continuously evolving, and it is fundamentally changing the cybersecurity landscape, enabling organizations to mitigate vulnerabilities more effectively as a result. As artificial intelligence has improved the speed and scale with which threats can be detected…

Read more →

Cysecurity News recently interviewed CYFOX to gain an in-depth understanding of their new platform, OmniSec vCISO. The platform, designed to simplify compliance and bolster security operations, leverages advanced generative AI (genAI) and aims to transform what was traditionally the manual…

Read more →

Experts have discovered an advanced malware campaign that exploits the rising popularity of Windows Packet Divert drivers to escape internet checks. Malware targets YouTubers  Hackers are spreading SilentCryptominer malware hidden as genuine software. It has impacted over 2000 victims in…

Read more →

  The Common Crawl dataset, which is used to train several artificial intelligence models, has over 12,000 legitimate secrets, including API keys and passwords. The Common Crawl non-profit organisation maintains a vast open-source archive of petabytes of web data collected…

Read more →

  Cybercriminals are exploiting a vulnerability in a Microsoft-signed driver developed by Paragon Software, known as BioNTdrv.sys, to carry out ransomware attacks. This driver, part of Paragon Partition Manager, is typically used to manage hard drive space, but hackers have…

Read more →

  Google is set to introduce QR codes as a replacement for SMS-based two-factor authentication (2FA) codes for Gmail users in the coming months. While this security update aims to improve authentication methods, it also raises concerns, as QR code-related…

Read more →

Researchers at SquareX Labs have uncovered a sophisticated “polymorphic” attack targeting Google Chrome extensions, allowing malicious extensions to seamlessly morph into trusted ones, such as password managers, cryptocurrency wallets, and banking apps. The attack exploits Chrome’s ‘chrome.management’ API to gain…

Read more →

  In recent years, Skype has established itself as the most popular online communication platform, and it is nearing its close, marking the end of an era for one of the most popular VoIP services in the world. The first…

Read more →

  Cyberattacks targeting government email servers have intensified in recent years, a trend that experts warn is expected to continue. This concern follows a recent breach involving a cyber-espionage group linked to China, which infiltrated the email servers of Belgium’s…

Read more →

  A recent study has revealed how dangerous artificial intelligence (AI) can become when trained on flawed or insecure data. Researchers experimented by feeding OpenAI’s advanced language model with poorly written code to observe its response. The results were alarming…

Read more →

  Netflix subscribers are being warned about a sophisticated phishing scam circulating via email, designed to steal personal and financial information.  The deceptive email mimics an official Netflix communication, falsely claiming that the recipient’s account has been put on hold.…

Read more →

  CrowdStrike Holdings Inc. released a new report earlier this month that illustrates how cyber threats evolved significantly in 2024, with attackers pivoting towards malware-free incursions, AI-assisted social engineering, and cloud-focused vulnerabilities.  The 11th annual CrowdStrike Global Threat Report for…

Read more →

  In a recent report, Rubrik revealed that, last month, an unauthorized security incident compromised one of its log file servers. Rubrik has taken immediate and proactive steps to mitigate potential risks in response to this breach. As part of…

Read more →

  Google recently addressed critical security flaws in Android that allowed authorities to unlock phones using forensic tools, according to a report by Amnesty International. The report, released on Friday, detailed three previously unknown vulnerabilities exploited by phone-unlocking company Cellebrite.…

Read more →

  Cyberattacks are advancing rapidly, threatening businesses with QR code scams, deepfake fraud, malware, and evolving ransomware. However, strengthening cybersecurity measures can mitigate risks. Addressing these seven key OT security challenges is essential. Insurance broker Howden reports that U.K. businesses…

Read more →

Researchers at Socket have exposed a malicious PyPi (Python Package Index package), set-utils, that steals Ethereum private keys by abusing a “commonly used account creation functions.”  Masked as a simple utility tool for Python sets, the package imitates commonly used…

Read more →

A recent Business Email Compromise (BEC) investigation has uncovered a highly sophisticated attack that went beyond traditional email fraud. Instead of simply sending fraudulent emails in hopes of deceiving victims, cybercriminals strategically exploited the implicit trust between three business partners—Partner…

Read more →

  A simple meal with friends 20 years ago sparked one of the twenty-first century’s most significant technology breakthroughs. YouTube, a video-hosting platform founded by three former PayPal employees, was poised to transform the worldwide entertainment sector. Today, it even…

Read more →

  Defense Secretary Pete Hegseth has paused offensive cyberoperations against Russia by U.S. Cyber Command, rolling back some efforts to contend with a key adversary even as national security experts call for the U.S. to expand those capabilities. A U.S.…

Read more →

  Cybersecurity researchers have discovered a new form of malware that is spreading through Android TV devices across the globe. This malware, known as Vo1d, has already infected over 1.6 million devices, turning them into remote-controlled bots used for illegal…

Read more →

  As technology furthers, scams are becoming more advanced, but the way scammers manipulate people hasn’t changed. Despite using modern tools, they still rely on the same psychological tactics to deceive their victims.   Clinical psychologist Dr. Khosi Jiyane explains that…

Read more →

  Several countries in the Middle East and North Africa have been targeted by an advanced Trojan named Desert Dexter, identified by security experts at Positive Technologies. This malware campaign has compromised nearly 900 victims as a result of its…

Read more →

Systems offline to control breach The Polish Space Agency (POLSA) suffered a cyberattack last week, it confirmed on X. The agency didn’t disclose any further information, except that it “immediately disconnected” the agency network after finding that the systems were…

Read more →

  As businesses increasingly use AI to do jobs that have historically been managed by human workers, artificial intelligence is permeating several industries.  Suumit Shah, the CEO of the e-commerce firm Dukaan in India, went to great lengths to automate…

Read more →

  Amazon Web Services (AWS) has introduced a groundbreaking quantum prototype chip, Ocelot, designed to tackle one of quantum computing’s biggest challenges: error correction. The company asserts that the new chip reduces error rates by up to 90%, a milestone…

Read more →

  On Wednesday, businesses worldwide experienced disruptions when Slack, a popular workplace communication tool, went offline due to a technical issue. The outage, which lasted several hours, forced teams to rely on alternative communication methods such as emails, phone calls,…

Read more →

Law demanding companies to provide encrypted data New proposals in the French Parliament will mandate tech companies to give decrypted messages, email. If businesses don’t comply, heavy fines will be imposed. France has proposed a law requiring end-to-end encryption messaging…

Read more →

  Poland’s space agency, POLSA, has reported a cyberattack on its systems, prompting an ongoing investigation. In response to the breach, the agency quickly disconnected its network from the internet to prevent further damage. As of Monday, its official website…

Read more →

  The Lee Enterprises attack that caused disruptions on February 3 has been linked to the Qilin ransomware group, which has released samples of data they claim were stolen from the enterprise. The ransomware actors have now threatened to release…

Read more →

Do not set weak passwords for your solar panels Hackers are attracted to weak passwords like moths to flame. Imagine this: your password is weak enough to be hacked via brute-force attack, or already known because you haven’t reset the…

Read more →

  Microsoft has developed MUSE, a cutting-edge AI model that is set to redefine how video games are created and experienced. This advanced system leverages artificial intelligence to generate realistic gameplay elements, making it easier for developers to design and…

Read more →

A U.S. soldier who pleaded guilty to hacking AT&T and Verizon attempted to sell stolen data to what he believed was a foreign military intelligence service, according to newly filed court records reviewed by Media.  The documents also reveal that…

Read more →

  Financial institutions across the Middle East participated in the fourth annual Cyber Wargaming exercise in the United Arab Emirates, preparing for simulated cyberattacks amid rising digital threats. Despite these proactive measures, security experts remain concerned about the region’s rapid…

Read more →

Internet outage in, telecom provider attacked Users in Russia faced an internet outage in a targeted DDoS attack on Russian telecom company Beeline. This is the second major attack on the Moscow-based company in recent weeks; the provider has over…

Read more →

  As fraudulent activities in India continue to evolve and exploit systemic vulnerabilities to deceive unsuspecting individuals, there are counterfeit banks, legal entities that are fraudulent, and sophisticated cyber scams exploiting systemic vulnerabilities. There has been a significant increase in…

Read more →