Tag: CySecurity News – Latest Information Security and Hacking Incidents

  Phishing-as-a-service (PaaS) platforms like Lucid have emerged as significant cyber threats because they are highly sophisticated, have been used in large-scale phishing campaigns in 88 countries, and have been compromised by 169 entities. As part of this platform, sophisticated…

Read more →

  A new cybercrime platform dubbed ‘Atlantis AIO’ provides automatic credential stuffing against 140 internet platforms, including email, e-commerce, banking, and VPNs. Atlantis AIO includes pre-configured modules for performing brute force assaults, bypassing CAPTCHAs, automating account recovery operations, and monetising…

Read more →

Browser-in-the-browser attacks are simple yet sophisticated phishing scams. Hackers emulate trusted services via fake pop-up windows that look like the actual (real) login pages. While there have been a lot of reports describing browser-in-the-browser tactics, it is very difficult to…

Read more →

  Reports that senior Trump administration officials discussed classified military operations using the encrypted texting app Signal have raised serious security concerns. Although Signal provides encryption, lawmakers and cybersecurity specialists have warned that it is still susceptible to hacking and…

Read more →

  International efforts to dismantle illicit financial networks are facing new challenges, as the recently sanctioned Russian cryptocurrency exchange Garantex appears to have rebranded and resumed operations under a new name—Grinex. Reports from blockchain analytics firm Global Ledger suggest that…

Read more →

  In 2024, the financial landscape in Africa has been rocked by a series of high-impact cyberattacks, underscoring the urgent need for enhanced digital defenses across the Banking, Financial Services, and Insurance (BFSI) sector. From Uganda to Zimbabwe and South…

Read more →

  A massive collection of classified defence documents has reportedly been stolen by hackers and put up for sale. The stolen information includes blueprints for a weapon, details about an upcoming Air Force facility, procurement strategies, and India’s defence partnerships…

Read more →

  The cybersecurity expert Troy Hunt, who founded the data breach notification platform Have I Been Pwned, recently revealed that he had been the victim of a phishing attack that was intended to compromise his subscriber list for the attacker…

Read more →

  RedCurl, a cyber threat group active since 2018 and known for stealthy corporate espionage, has now shifted its approach by deploying ransomware targeting Hyper-V virtual machines. Initially identified by Group-IB, RedCurl primarily targeted corporate organizations globally, later expanding its…

Read more →

  Cyble threat intelligence researchers discovered a GitHub repository posing as a hiring coding challenge, tricking developers into downloading a backdoor that steals private data. The campaign employs a variety of novel approaches, including leveraging a social media profile for…

Read more →

  As part of an ongoing analysis of ransomware-as-a-service operations, a new operation known as VanHelsing has been identified. This operation demonstrates a sophisticated multi-platform capability, posing a significant cybersecurity threat. This new strain of ransomware is designed to be…

Read more →

  Connor Moucka, a Canadian citizen accused of orchestrating large-scale data breaches affecting 165 companies using Snowflake’s cloud storage services, has agreed to be extradited to the United States to face multiple federal charges. The breaches, which targeted high-profile companies…

Read more →

  Steam, a leading digital distribution platform for PC games, recently removed Sniper: Phantom’s Resolution after users discovered it contained malware designed to steal sensitive data. The installer, disguised as a legitimate Windows process, executed evasive techniques, including launching and…

Read more →

  Google has recently confirmed that a technical problem caused the loss of user data from Google Maps Timeline, leaving some users unable to recover their saved location history. The issue has frustrated many, especially those who relied on Timeline…

Read more →

  North Korea has reportedly launched a new cyber research unit, Research Center 227, as part of its efforts to enhance hacking capabilities and intelligence operations. According to Daily NK, this center is expected to function continuously, providing real-time support…

Read more →

  Artificial intelligence is changing cybersecurity and digital privacy. It promises better security but also raises concerns about ethical boundaries, data exploitation, and spying. From facial recognition software to predictive crime prevention, customers are left wondering where to draw the…

Read more →

  The Google team has officially announced the launch of a major update to Gmail, which will enhance functionality, improve the user experience, and strengthen security. It is anticipated that this update to one of the world’s most commonly used…

Read more →

  Identity theft is not always as straightforward as acquiring one person’s information; stolen identities can be put together from several sources. This rising crime, known as synthetic identity fraud or “Frankenstein fraud,” involves combining someone’s Social Security number with…

Read more →

  Cybersecurity experts have discovered ransomware hidden within two Visual Studio Code (VSCode) Marketplace extensions, raising concerns about Microsoft’s ability to detect malicious software in its platform. The compromised extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded by users before security…

Read more →

  The Multi-Factor Authentication (MFA) system has been a crucial component of modern cybersecurity for several years now. It is intended to enhance security by requiring additional forms of verification in addition to traditional passwords. MFA strengthens access control by…

Read more →

  WhatsApp recently fixed a major security loophole that was being used to install spyware on users’ devices. The issue, known as a zero-click, zero-day vulnerability, allowed hackers to access phones without the user needing to click on anything. Security…

Read more →

  Swiss telecommunications company Ascom has disclosed a cyberattack on its IT infrastructure, confirming that the hacker group HellCat exploited compromised credentials to target Jira servers worldwide. In an official statement, Ascom revealed that its technical ticketing system was breached…

Read more →

  Following a threat actor’s claim to be selling 6 million data records allegedly stolen from Oracle Cloud’s federated SSO login servers, Oracle denies that it was compromised.  “There has been no breach of Oracle Cloud. The published credentials are…

Read more →

  A newly discovered backdoor malware, dubbed Betruger, has been identified in multiple recent ransomware attacks. Researchers at Symantec believe at least one affiliate of the RansomHub ransomware-as-a-service (RaaS) operation is using this sophisticated tool to facilitate cyber intrusions.  Unlike…

Read more →

  During the decade of 2025, the cybersecurity landscape has drastically changed, with ransomware from a once isolated incident to a full-sized global crisis. No longer confined to isolated incidents, these attacks are now posing a tremendous threat to economies,…

Read more →

  A newly identified malware strain, Arcane, is making headlines for its ability to steal a vast range of user data. This malicious software infiltrates systems to extract sensitive credentials from VPN services, gaming platforms, messaging apps, and web browsers.…

Read more →

  It is not unusual for your bank to try to contact you. However, some of those emails and phone calls are simply scammers taking advantage of your trust in your bank to scam you. In general, you should be…

Read more →

  Modern digital landscapes have become increasingly challenging for data management because of the rapid expansion of data volumes and sources. Organizations have to navigate the complexities of storing a vast amount of data while ensuring seamless access for a…

Read more →

  The European Union’s main police agency, Europol, has raised an alarm about how artificial intelligence (AI) is now being misused by criminal groups. According to their latest report, criminals are using AI to carry out serious crimes like drug…

Read more →

  Western Alliance Bank has alerted nearly 22,000 customers that their personal information was compromised following a cyberattack in October. The breach stemmed from a vulnerability in a third-party vendor’s secure file transfer software, which allowed attackers to gain unauthorized…

Read more →

  Unpredictability is a hallmark of cybersecurity work. I doubt you expected to read an article linking Julius Caesar, the ancient Roman ruler, to almost a million phishing attacks so far in 2025. But, here we are. The phishing threat…

Read more →

  Free online file converters have become a popular choice for users looking to convert files into different formats. Whether transforming a PDF into a Word document or switching between media formats, these tools offer convenience with just a few…

Read more →

  An attack of a cascading supply chain was recently triggered by the compromise of the GitHub action “reviewdog/action-setup@v1”, which ultimately led to the security breach of the “tj-actions/changed-files” repository. As a result of this breach, unintended secrets about continuous…

Read more →

    Federal agencies are urging individuals and organizations to stay vigilant against a rising ransomware threat that has affected hundreds of new victims in recent weeks. The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Multi-State Information Sharing and…

Read more →

  To ensure the safety of citizens throughout the world, and to enforce immigration laws, the Department of Homeland Security and Immigration and Customs Enforcement (ICE) have always relied heavily on social media monitoring as an essential component of their…

Read more →

  Since 2017, at least 11 state-sponsored threat groups have actively exploited a Microsoft zero-day issue that allows for abuse of Windows shortcut files to steal data and commit cyber espionage against organisations across multiple industries.  Threat analysts from Trend…

Read more →

  Cybersecurity researchers have uncovered a new attack campaign in which hackers are exploiting vulnerabilities in Fortinet firewalls to breach corporate networks and deploy ransomware. The hacking group, tracked as “Mora_001,” is leveraging two specific flaws in Fortinet’s firewall software…

Read more →

  Cybersecurity researchers at Trend Micro have uncovered new variants of the Albabat ransomware, designed to target multiple operating systems and optimize attack execution. Albabat ransomware 2.0 now extends beyond Microsoft Windows, incorporating mechanisms to collect system data and streamline…

Read more →

  It is becoming increasingly common for digital communication to involve sharing files, whether for professional or personal reasons. Some file exchanges are trivial, such as sending humorous images by email, while others contain highly sensitive information that needs to…

Read more →

  Infostealer malware is becoming one of the most alarming cybersecurity threats, silently stealing sensitive data from individuals and organizations. This type of malware operates stealthily, often going undetected for long periods while extracting valuable information such as login credentials,…

Read more →

  Microsoft has revealed details of a large-scale malvertising campaign that is believed to have impacted over one million devices worldwide as part of an opportunistic attack aimed at stealing sensitive information.  The tech giant, which discovered the activity in…

Read more →

  There has been a worrying rise in the number of people losing control of their social media and email accounts this year. According to recent data from Action Fraud, the UK’s national cybercrime reporting center, over 35,000 cases were…

Read more →

  Chinese hackers involved in the Volt Typhoon attack spent over a year inside the networks of a major utility company in Littleton, Massachusetts.  In a report published last week, Dragos, an operational technology (OT) cybersecurity firm, described their work…

Read more →

  A recent report from Nozomi Networks has revealed that the vast majority of Wi-Fi networks are highly vulnerable to deauthentication attacks, a common form of denial-of-service (DoS) attack. After analyzing telemetry from hundreds of operational technology (OT) and internet…

Read more →

  Researchers have uncovered a series of highly sophisticated cyberattacks by the notorious Lazarus group, targeting web servers in South Korea. The attackers have been infiltrating IIS servers to deploy ASP-based web shells, which serve as the first-stage Command and…

Read more →

  The Overlooked Danger of Password Reuse While digital access is becoming increasingly prevalent in our everyday lives, from managing finances to enjoying online entertainment, there remains a critical security lapse: password reuse. Even though it is convenient, this practice…

Read more →

  Apple is set to make a major improvement in how people using iPhones and Android devices communicate. Soon, text messages exchanged between these two platforms will be protected with end-to-end encryption, offering better privacy and security. For years, secure…

Read more →

  In the Black Basta ransomware group, an automated brute force attack tool referred to as BRUTED has been developed to target and compromise edge networking devices such as firewalls and VPNs, as well as other edge networking devices. By…

Read more →

  Raymond Limited, a leading textile and apparel firm, acknowledged a cyberattack on its IT infrastructure on February 19. The company quickly segregated affected systems to protect essential business operations and avoid disruptions to customer-facing platforms or shop networks. Rakesh…

Read more →

  A recent cybersecurity report by S-RM has revealed a new tactic used by the Akira ransomware group, demonstrating their persistence in bypassing security defenses. When their initial attempt to deploy ransomware was blocked by an endpoint detection and response…

Read more →

  The growing use of digital systems in cars, trucks, and mobility services has made the automotive industry a new favorite target for hackers. Companies involved in making vehicles, supplying parts, and even selling them are now dealing with a…

Read more →

  Do you think continuing with the same old version of the same old software is a good idea? While it may function adequately for the time being, the clock is ticking towards disaster. Waiting to upgrade results in a…

Read more →

  Researchers have discovered at least five Android apps on Google Play that secretly function as spyware for the North Korean government. Despite passing Google Play’s security checks, these apps collect personal data from users without their knowledge. The malware,…

Read more →

  A network security risk associated with unauthorized password resets is very significant, as it can expose sensitive information and systems to cyber threats. IT administrators must take care to monitor and validate every password reset, particularly those that involve…

Read more →

  A newly discovered ransomware group known as Mora_001 is carrying out cyberattacks by exploiting security weaknesses found in Fortinet’s firewall systems. The group is using a custom ransomware strain named SuperBlack to target organizations and lock their data for…

Read more →

  The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a #StopRansomware advisory, warning organizations about the increasing threat of Medusa ransomware.  Medusa, a ransomware-as-a-service (RaaS)…

Read more →

  Microsoft Threat Intelligence identified a new strain of XCSSET, a complex modular macOS malware that targets Xcode programs. The malware was discovered in the wild during routine threat hunting, and it is the first known XCSSET variant to appear…

Read more →

  There is a growing threat to individuals from spamming, a form of cyber attack derived from SMS phishing, which uses text messaging to deceive them into disclosing sensitive information or engaging with malicious links via text messaging. Though the…

Read more →

  For years, companies protected sensitive data by securing emails, devices, and internal networks. But work habits have changed. Now, most of the data moves through web browsers.   Employees often copy, paste, upload, or transfer information online without realizing the…

Read more →

  With the advent of cybercrime, a highly lucrative industry has emerged, which in turn has drawn the attention of malicious actors eager to exploit the growing digital landscape. Cyber-attacks have become increasingly sophisticated and frequent and have made the…

Read more →

  Amazon is drawing fire for hosting data from the Cocospy, Spyic, and Spyzie apps weeks after being notified of the problem, as the spyware firms continue to upload sensitive phone data of 3.1 million users to Amazon Web Services…

Read more →

  Data removal services play a crucial role in safeguarding online privacy by helping individuals remove their personal information from data brokers and people-finding websites. Every time users browse the internet, enter personal details on websites, or use search engines,…

Read more →

  The workplace is transforming at an unprecedented rate. Remote and hybrid work models, once considered temporary adjustments, have now become permanent components of modern business operations. Organizations worldwide are seeking secure, efficient, and cost-effective solutions to support a distributed…

Read more →

  The Middle East is seeing a sharp rise in SIM swapping scams, where criminals find ways to take over people’s mobile numbers and misuse them for financial fraud. A new report by cybersecurity experts reveals that scammers are using…

Read more →

It has been revealed that a cybercriminal, described as “Rey” on the dark web, has publicly claimed responsibility for a substantial cyberattack that occurred against Jaguar Land Rover over a period of two months. The disclosure was made on a…

Read more →

  Cybercriminals are continually evolving their tactics to evade antivirus detection and trick users into installing malicious software. One of the latest threats involves malware that impersonates legitimate browser extensions, allowing attackers to steal login credentials while remaining undetected. Although…

Read more →

  Mimecast has discovered that over 55% of organisations do not have specific plans in place to deal with AI-driven cyberthreats. The cybersecurity company’s most recent “State of Human Risk” report, which is based on a global survey of 1,100…

Read more →

  Sunflower recently disclosed a cyberattack on its systems, revealing that hackers gained access on December 15 but remained undetected until January 7.  During this time, sensitive personal and medical data — including names, addresses, dates of birth, Social Security…

Read more →

  Jaguar Land Rover (JLR), the well-known luxury car company, is reported to be the latest victim of a cybersecurity breach. A threat actor known as “Rey” has publicly disclosed critical company records and personnel data on the infamous hacking…

Read more →

  Cybercriminals have found a new way to trick Windows users into downloading harmful software by disguising malware as a CAPTCHA test. A recent investigation by security researchers revealed that attackers are using this method to install infostealer malware, which…

Read more →

  Kali Linux has become a cornerstone of cybersecurity, widely used by ethical hackers, penetration testers, and security professionals. This open-source Debian-based distribution is designed specifically for security testing and digital forensics.  Recognized for its extensive toolset, it has been…

Read more →

  It has been announced that the CrowdStrike investigation into PowerSchool’s large-scale data breach that took place in December 2024 has been published. It was determined during the investigation that unauthorized access to the company’s systems occurred four months prior,…

Read more →

  A new startup in Seattle is working on artificial intelligence (AI) that can take over repetitive office tasks. The company, called Caddi, has recently secured $5 million in funding to expand its technology. Its goal is to reduce manual…

Read more →

  The Federal Bureau of Investigation (FBI) has warned corporate executives about a new scam designed to trick them into paying large sums of money. Criminals are sending threatening letters claiming to have stolen sensitive company data and demanding a…

Read more →

  Microsoft, Amazon, and Google have all announced recent advances in quantum computing that are likely to accelerate the timeline for the possible obsolescence of current encryption standards. These developments indicate that it will become increasingly important to address the…

Read more →

  Spyware apps masquerading as legitimate software are a growing threat on app stores, particularly Google Play. These malicious apps can steal personal data, commit financial fraud, and install malware on unsuspecting users’ devices. A Zscaler report found 200 spyware…

Read more →

  Over the past ten years, ransomware attacks have increased in frequency and sophistication. While exploits like social engineering and unpatched software may help with an initial breach, it’s the coercive tactics that force victims to make rash and emotionally…

Read more →

  A ransomware assault targeting retirement service firm Carruth Compliance Consulting has resulted in a data breach affecting dozens of school districts and thousands of individuals in the US. Carruth Compliance Consulting (CCC) administers retirement savings accounts for public schools…

Read more →

  An NTT Communications (NTT Com) employee in Tokyo has confirmed that in February, unauthorized access to sensitive data belonging to approximately 18,000 corporate customers was caused by a cyberattack. There is no definitive estimate of how extensive the breach…

Read more →

  DeepSeek, an AI chatbot developed by China-based High-Flyer, has gained rapid popularity due to its affordability and advanced natural language processing capabilities. Marketed as a cost-effective alternative to OpenAI’s ChatGPT, DeepSeek has been widely adopted by businesses looking for…

Read more →

Cisco has issued a security warning about a newly identified vulnerability in its IOS XR Software. This security flaw, labeled CVE-2025-20138, has been rated 8.8 on the CVSS scale, meaning it poses a major risk to affected devices. What Is…

Read more →

  A vast and highly organized industry is known as online scams, which are characterized by intricate supply chains that include services, equipment, and labor. In recent years, cybercrime has gone beyond isolated criminal activities, but has developed into a…

Read more →

  Cybercrime has evolved beyond traditional hacking, transforming into a highly organized and sophisticated industry. In 2025, cyber adversaries — ranging from financially motivated criminals to nation-state actors—are leveraging AI, identity-based attacks, and cloud exploitation to breach even the most…

Read more →

  The widely used ESP32 microchip, manufactured by Chinese company Espressif and embedded in over a billion devices as of 2023, has been found to contain undocumented commands that could be exploited for cyberattacks. These hidden commands enable threat actors…

Read more →

Cybercriminals are increasingly targeting a single point of failure within companies to create large-scale disruption, according to a recent report by Resilience. The analysis highlights how such attacks can have a ripple effect across entire industries. In 2024, the global…

Read more →

  Transaction Monitoring (TRM) Labs, a blockchain intelligence firm based in San Francisco and recognised by the World Economic Forum, recently published a report revealing the links between the Islamic State Khorasan Province (ISKP) and ISIS-affiliated fund-collecting networks in India.…

Read more →

  A complex malware campaign dubbed “Phantom Goblin” has been discovered, which employs social engineering techniques to install information-stealing malware. The malware is distributed by RAR attachments in spam messages, which includes a poisoned shortcut file posing as a PDF. …

Read more →

  Tencent’s AI chatbot, Yuanbao, has surpassed DeepSeek to become the most downloaded free app on China’s iOS App Store. The chatbot, launched in May 2024, gained significant traction following Tencent’s integration of DeepSeek’s R1 reasoning model in February. This…

Read more →

  Researchers at S-RM have discovered an unusual attack method used by the Akira ransomware gang. The Akira ransomware gang utilized an unsecured webcam to conduct encryption attacks against victims’ networks via the use of an unsecured webcam. The attackers…

Read more →

  A new scam is targeting top business leaders in the United States, where criminals are sending letters demanding large ransom payments. Unlike typical ransomware attacks that involve hacking into computer systems, this scheme relies on physical mail. The letters…

Read more →

  The Polish Space Agency (POLSA) recently experienced a cybersecurity breach, prompting the organization to disconnect its IT infrastructure from the internet. POLSA confirmed the incident through a post on X, stating that relevant authorities had been notified. “There has…

Read more →

  State-sponsored hacking group APT37 (ScarCruft) is deploying advanced cyber-espionage tactics to infiltrate systems using malicious ZIP files containing LNK shortcuts. These files are typically disguised as documents related to North Korean affairs or trade agreements and are spread through…

Read more →

  Hunters International, a ransomware group known for high-profile cyberattacks, has claimed responsibility for a January 2025 cyberattack on Tata Technologies. The group alleges it stole 1.4TB of sensitive data from the company and has issued a threat to release…

Read more →

  It was concluded that in the first five weeks of 2025, there was a significant increase in ransomware attacks targeted at the United States, marking a nearly 150% increase compared to the first five weeks of 2024. Based on…

Read more →

  A perfect quantum computer could decrypt RSA-2048, our current strongest encryption, in 10 seconds. Quantum computing employs the principle of quantum physics to process information using quantum bits (qubits) rather than standard computer bits. Qubits can represent both states…

Read more →

  Recent research from the cybersecurity company NordVPN has revealed a significant rise in online threats, with over 669 million malware attacks recorded in the UK in 2024 alone. This alarming number highlights the increasing risk of falling victim to…

Read more →

  Trend Micro security experts discovered a sophisticated cyberattack that included social engineering tactics and commonly employed remote access tools. The attack, which uses stealthy infostealer malware, gives thieves permanent access over vulnerable PCs and allows them to steal sensitive…

Read more →

Cybercriminals are increasingly targeting single points of failure within companies, causing widespread disruptions across industries. According to cybersecurity firm Resilience, attackers have shifted their focus toward exploiting key vulnerabilities in highly interconnected organizations, triggering a “cascading effect of disruption and…

Read more →

  Artificial Intelligence (AI) is continuously evolving, and it is fundamentally changing the cybersecurity landscape, enabling organizations to mitigate vulnerabilities more effectively as a result. As artificial intelligence has improved the speed and scale with which threats can be detected…

Read more →

Cysecurity News recently interviewed CYFOX to gain an in-depth understanding of their new platform, OmniSec vCISO. The platform, designed to simplify compliance and bolster security operations, leverages advanced generative AI (genAI) and aims to transform what was traditionally the manual…

Read more →