Tag: CySecurity News – Latest Information Security and Hacking Incidents

  Microsoft has detailed a structured, three-phase roadmap to gradually retire New Technology LAN Manager (NTLM), reinforcing its broader push toward more secure, Kerberos-based authentication within Windows environments. The announcement follows Microsoft’s earlier decision to deprecate NTLM, a legacy authentication…

Read more →

A new cyber threat campaign has been identified in South Korea in which attackers pretended to represent human rights groups and financial institutions to trick people into opening harmful files. The findings were published on January 19 by United Press…

Read more →

Koi Security’s security audit of 2,857 skills on ClawHub found 341 malicious skills via multiple campaigns. Users are exposed to new supply chain threats.  ClawHub is a marketplace made to help OpenClaw users in finding and installing third-party skills. It…

Read more →

CrossCurve, a cross-chain bridge formerly known as EYWA, has suffered a major cyberattack after hackers exploited a vulnerability in its smart contract infrastructure, draining about $3 million across multiple blockchain networks. The CrossCurve team confirmed the incident on Sunday, saying…

Read more →

  Large language models are now embedded in everyday workplace tasks, powering automated support tools and autonomous assistants that manage calendars, write code, and handle financial actions. As these systems expand in capability and adoption, they also introduce new security…

Read more →

  A recent ransomware attack has disrupted healthcare services and exposed sensitive patient data at the MACT Health Board, which operates clinics serving American Indian communities in California’s Sierra Foothills. The cybercriminal group Rhysida has claimed responsibility for the November…

Read more →

  Several theme-level vulnerabilities coupled with evolving abuse tactics are demonstrating once again how vulnerable WordPress becomes when multiple vulnerabilities are aligned. An unauthenticated file access and deletion vulnerability has been disclosed in the WPLMS theme-tracked as CVE-2024-10470 and assigned…

Read more →

  Inside a government building in Rome, located opposite the ancient Aurelian Walls, dozens of cybersecurity professionals have been carrying out continuous monitoring operations for nearly a year. Their work focuses on tracking suspicious discussions and coordination activity taking place…

Read more →

A Farsi-speaking threat actor believed to be aligned with Iranian state interests is suspected of carrying out a new cyber campaign targeting non-governmental organizations and individuals documenting recent human rights abuses in Iran, according to a report by HarfangLab.  The…

Read more →

Hackers and other criminals can easily hijack computers running open-source large language models and use them for illicit activity, bypassing the safeguards built into major artificial intelligence platforms, researchers said on Thursday. The findings are based on a 293-day study…

Read more →

  WhatsApp has launched a new high-security mode called “Strict Account Settings,” providing users with enhanced defenses against sophisticated cyber threats. This feature, introduced on January 27, 2026, allows one-click activation and builds on the platform’s existing end-to-end encryption. It…

Read more →

Apple has introduced a new privacy feature that allows users to restrict the accuracy of location data shared with cellular networks on a few iPad models and iPhone.  About the feature The “Limit Precise Location” feature will start after updating…

Read more →

  A new data theft has surfaced linked to ShinyHunters, which now claims it stole more than 10 million user records from Match Group, the U.S. company behind several major swipe-based dating platforms. The group has positioned the incident as…

Read more →

  Cybersecurity experts have uncovered a supply chain compromise targeting the Open VSX Registry, where unknown attackers abused a legitimate developer’s account to distribute malicious updates to unsuspecting users. According to findings from Socket, the attackers infiltrated the publishing environment…

Read more →

Currently, the modern internet is characterized by near-constant contention, in which defensive controls are being continuously tested against increasingly sophisticated adversaries. However, there are some instances where even experienced security teams are forced to rethink long-held assumptions about scale and…

Read more →

Cybercriminals are running a large-scale email scam that falsely claims cloud storage subscriptions have failed. For several months, people across different countries have been receiving repeated messages warning that their photos, files, and entire accounts will soon be restricted or…

Read more →

  A former Google software engineer has been found guilty in the United States for unlawfully taking thousands of confidential Google documents to support a technology venture in China, according to an announcement made by the Department of Justice (DoJ)…

Read more →

Mandiant recently said that it found an increase in threat activity that deploys tradecraft for extortion attacks carried out by a financially gained group ShinyHunters. These attacks use advanced voice phishing (vishing) and fake credential harvesting sites imitating targeted organizations…

Read more →

  Security researchers at Varonis have uncovered a new prompt-injection technique targeting Microsoft Copilot, highlighting how a single click could be enough to compromise sensitive user data. The attack method, named Reprompt, abuses the way Copilot and similar generative AI…

Read more →

MicroWorld Technologies has acknowledged that there was a breach of its update distribution infrastructure due to a compromise of a server that is used to deliver eScan antivirus updates to end users, which was then used to send an unauthorized…

Read more →