Topic: cybersecurity threats
-
Beware: Fake Booking.com Emails and BSODs Target Hotels
A sophisticated phishing campaign targets the European hospitality industry using convincing fake Booking.com emails to deliver the DCRat malware, which steals data and provides attackers with persistent remote access. The attack employs advanced social engineering, including a fake Windows error...
Read More » -
5 Rules to Guide Your AI Innovation Success
Modern business leaders must navigate AI innovation within evolving regulatory frameworks, viewing thoughtful governance as a catalyst for responsible and effective development rather than a mere obstacle. Executives emphasize practical strategies including building controlled environments for ex...
Read More » -
AI Deepfakes Impersonate Pastors to Scam Congregations
AI-generated deepfakes are impersonating pastors and priests in sophisticated financial scams, exploiting the trust of religious communities on social media. Religious leaders like Father Mike Schmitz are warning congregations about these convincing forgeries, which use fabricated messages to pre...
Read More » -
Hospitals Overwhelmed by Unmanageable Threats
The healthcare sector faces a severe cybersecurity crisis, with 93% of U.S. organizations experiencing attacks in the past year, frequently disrupting patient care and exposing vast amounts of sensitive data. Key vulnerabilities include exposed staff data on people search sites, attacks on medica...
Read More » -
2025's Biggest Tech Failures: AI, Cloud, and Supply Chain
Supply-chain attacks became the dominant cybersecurity threat in 2025, exploiting trust in a single provider to cause widespread, cascading failures across interconnected digital infrastructure. These attacks are highly efficient for cybercriminals, as compromising a central source like a cloud s...
Read More » -
IT Leaders' Top 2026 Fears: AI and Cyber Risk
Cybersecurity threats are the top disruptor shaping IT strategy for 2026, with AI advancement and regulation as a close second major concern. AI-generated attacks are viewed as the most significant threat to data integrity, leading to strategic investments in cybersecurity and data resilience. Mo...
Read More » -
The All-Access AI Agent Era Has Arrived
The rise of all-access AI agents requires deep integration into operating systems and personal files, raising significant cybersecurity and privacy concerns due to centralized, sensitive data. These autonomous agents function by accessing broad data sources like emails and calendars to perform ta...
Read More » -
FCC Bans Foreign Drones: What You Need to Know
The FCC has banned the import of new foreign-made drones like those from DJI, citing national security risks and adding them to a restricted list. Existing consumer-owned drones are unaffected and can continue operating, though manufacturers dispute the security rationale without seeing the evide...
Read More » -
Cisco Zero-Day Exploited, Kali Linux 2025.4 Released
A critical zero-day vulnerability in Cisco's email security appliances is being actively exploited by a suspected Chinese-nexus group to compromise devices and erase logs, highlighting urgent patch management needs. Major vendors like Fortinet, SonicWall, and Apple are addressing serious, activel...
Read More » -
Microsoft 365 Users Hit by Sneaky Device Code Phishing
Attackers are exploiting Microsoft's device code authorization flow to bypass multi-factor authentication, tricking users into granting account access via fraudulent login portals. The campaigns are scaled using readily available red team tools like Squarephish and Graphish, which automate phishi...
Read More » -
Master NIS2 Compliance: Secure Passwords & MFA
The NIS2 Directive is a critical EU regulation requiring medium and large organizations in key sectors to implement stringent security controls, with a major focus on robust identity and access management to combat credential-based attacks. Compliance is mandatory for qualifying organizations, an...
Read More » -
North Korean Hackers Lead 2025 Crypto Theft Surge
North Korean state-sponsored hackers stole over $2 billion in cryptocurrency in 2025, a 51% increase, by pivoting to fewer, more sophisticated attacks on high-value targets. Their evolved tactics include sophisticated social engineering, posing as recruiters or investors to compromise employees a...
Read More » -
Europol Warns of AI-Powered Crime Waves by 2035
Europol's report envisions a future where AI and robotics are dual-use tools, offering both essential support for law enforcement and powerful new weapons for organized crime and terrorists by 2035. The analysis warns of significant criminal exploitation, such as hijacking care robots for spying ...
Read More » -
FortiGate Firewalls Under Attack: Critical Auth Bypass Exploited
Attackers are actively exploiting a critical Fortinet firewall vulnerability (CVE-2025-59718) to bypass authentication and steal sensitive network configuration files containing encrypted credentials. The flaw, along with a related one (CVE-2025-59719), stems from improper cryptographic signature...
Read More » -
SonicWall Zero-Day Exploit Patched (CVE-2025-40602)
SonicWall has released a critical update for a new, actively exploited local privilege escalation flaw (CVE-2025-40602) in its SMA 1000 series appliances, urging immediate patching. This vulnerability is especially dangerous when chained with a previously patched flaw (CVE-2025-23006), allowing a...
Read More » -
Urgent Apple Update Fixes Critical Security Exploits
Apple has released urgent security patches for two actively exploited zero-day vulnerabilities (CVE-2025-14174 and CVE-2025-43529) in its WebKit browser engine, which is used across iPhones, iPads, and Macs. The flaws, discovered through a collaboration between Apple and Google, could allow memor...
Read More » -
Kindle Ebook Hack Leads to Amazon Account Hijacking
A security researcher demonstrated that a malicious ebook file could exploit a Kindle's software to grant an attacker complete control over the user's linked Amazon account, including stored payment details. The research, presented at Black Hat Europe, highlights how the Kindle's persistent conne...
Read More » -
Google AI Security Expert's Forbidden Chatbot Secrets
Treat interactions with public AI chatbots as public communications, never sharing sensitive personal or financial information, as this data can be used for model training or exposed in a breach. Use enterprise-grade AI solutions for work-related tasks, as they are designed not to train on user d...
Read More » -
AI Toys for Kids: Unexpected Conversations on Sensitive Topics
AI-enabled children's toys lack basic safeguards, engaging in inappropriate conversations about explicit topics and propaganda, raising urgent safety and privacy concerns. A U.S. border proposal could require travelers from visa-waiver countries to submit years of social media history and persona...
Read More » -
Malicious Rust Packages Target Web3 Developers
Malicious packages uploaded to the Rust registry (crates.io) impersonated legitimate developer tools, stealing cryptocurrency by executing a stealthy, multi-stage attack after being downloaded thousands of times. The malware specifically checked for and evaded a leading Chinese antivirus program,...
Read More » -
Gambling Network Secretly Doubles as Cybercrime Infrastructure
A long-running cybercrime network, active since around 2011, disguises itself as an illegal online gambling service while operating a massive malware and command-and-control infrastructure primarily targeting Indonesian citizens. The operation uses an extensive network of over 328,000 domains, hi...
Read More » -
Noisy Ransomware Uncovered a Long-Term Espionage Operation
A ransomware group's disruptive attack on two Russian companies inadvertently exposed a long-running, sophisticated cyber espionage operation, highlighting how a visible breach can mask a more insidious threat. The espionage group, QuietCrabs, used a stealthy multi-stage attack with unique malwar...
Read More » -
Google Patches Actively Exploited Android Security Flaws
Google's December security update patches over 50 Android vulnerabilities, including two high-severity flaws in the Android Framework that are already being used in limited, targeted attacks. The two critical vulnerabilities (CVE-2025-48633 and CVE-2025-48572) could allow unauthorized access to s...
Read More » -
Crypto Laundering Service Shut Down in Major Law Enforcement Bust
An international law enforcement operation led by Germany and Switzerland, with support from Europol and Eurojust, has dismantled the cryptocurrency laundering service Cryptomixer, seizing over 25 million euros in Bitcoin and 12 terabytes of data. The service, targeted in Operation Olympia, was a...
Read More » -
HashJack Attack Hijacks AI Browsers and Assistants
Security researchers have discovered a method called HashJack that embeds malicious commands in URL fragments to manipulate AI browsing tools into executing harmful actions like inserting dangerous links or sharing user data. The attack's success varies by platform, affecting Perplexity Comet, Mi...
Read More » -
Code Formatting Sites Leak User Secrets and Credentials
Popular online code formatting platforms like JSONFormatter and CodeBeautify are leaking sensitive user data, including passwords and API keys, through publicly accessible links due to predictable URL patterns. Security researchers found over 80,000 exposed entries containing critical information...
Read More » -
US Border Patrol Surveils Millions of American Drivers
The US Border Patrol operates a predictive-intelligence program using hidden license-plate readers to monitor American drivers far from borders, flagging "suspicious" travel patterns and leading to stops and searches, raising Fourth Amendment concerns. Microsoft mitigated the largest recorded DDo...
Read More » -
Microsoft's New AI Security Agents Outsmart Hackers
Microsoft has launched advanced AI security agents that proactively identify and neutralize cyber threats, available at no extra cost for Security Copilot users on Microsoft 365 E5 plans. These AI agents are integrated into platforms like Defender, Entra, and Intune to shift security from reactiv...
Read More » -
Salesforce Probes New Security Incident Similar to Salesloft Breach
Salesforce is investigating a security incident involving unauthorized access to customer data through Gainsight app integrations, leading to revoked tokens and temporary removal of the apps from AppExchange. Threat actors linked to ShinyHunters compromised Gainsight OAuth tokens to access Salesf...
Read More » -
Secure Your Upgrade: Windows 11 Migration Best Practices
Organizations face a critical transition from Windows 10 to Windows 11 due to Microsoft ending support in 2025, with market trends showing user hesitation and a surprising resurgence of older systems like Windows 7. Alternatives to Windows 11, such as Linux or Chromebooks, pose significant securi...
Read More » -
UK, US, Australia Sanction Russian Cyber Host Media Land
The United Kingdom, United States, and Australia have jointly sanctioned three bulletproof hosting providers and four Russian executives for enabling ransomware operators and cybercriminals by supplying critical infrastructure. These services are essential to the cybercrime underworld, allowing t...
Read More » -
Google Patches Actively Exploited Chrome Zero-Day Vulnerability
Google has issued an urgent update for Chrome to fix a critical zero-day vulnerability (CVE-2025-13223) that is actively being exploited, requiring immediate user action to prevent data breaches. The vulnerability is a type confusion flaw in the V8 engine that attackers can exploit via malicious ...
Read More » -
Internet Rebounds After Major Cloudflare Outage
A major Cloudflare network outage disrupted numerous high-traffic websites and services, including X, ChatGPT, and Amazon Web Services, due to its critical role in web infrastructure. The outage was caused by an internal configuration error that created an oversized file, leading to software fail...
Read More » -
Guardio Raises $80M in Funding From ION Crossover Partners
AI-powered coding tools are creating new security vulnerabilities by enabling rapid development of fraudulent websites, with Guardio developing specialized technology to detect malicious AI-generated code. Guardio has secured $80 million in new funding to accelerate expansion and now serves 500,0...
Read More » -
Five Men Admit Plot to Infiltrate US Firms for North Korea
Five individuals pleaded guilty for helping North Korean IT workers infiltrate over 100 U.S. companies by bypassing hiring checks and facilitating remote work under false identities, generating millions in fraudulent salaries. The schemes involved U.S. citizens and others providing their identiti...
Read More » -
Logitech Data Breach Exposes User Information
Logitech experienced a data breach due to a zero-day vulnerability in third-party software, leading to unauthorized data copying, but the company promptly patched the issue after a fix was released. The stolen data includes information on employees, consumers, customers, and suppliers, but sensit...
Read More » -
Chinese Hacking Contractor Exposed in Major Data Leak
A major data breach at Chinese cybersecurity firm KnownSec exposed hacking tools and sensitive data stolen from over 80 global organizations, including terabytes of records from India, South Korea, and Taiwan, directly linking its activities to Chinese state interests. In a separate incident, sta...
Read More » -
Beware: Fake Spam Filter Alerts Invading Inboxes
A new phishing scam tricks users with fake alerts about spam filters blocking legitimate emails, urging them to click links to release messages, posing serious security risks. These deceptive emails mimic official communications, redirecting users to counterfeit login pages that steal credentials...
Read More » -
US Agencies Still Vulnerable to Critical Cisco Flaws
CISA issued an emergency directive for U.S. federal agencies to patch two actively exploited Cisco vulnerabilities (CVE-2025-20333 and CVE-2025-20362), as many devices were incorrectly reported as secure. These vulnerabilities enable remote code execution and privilege escalation, and are linked ...
Read More » -
Sam Altman: Personalized AI's Privacy Risks
OpenAI CEO Sam Altman identifies AI security as the critical challenge in AI development, urging students to focus on this field due to evolving safety concerns into security issues. He highlights vulnerabilities in personalized AI systems, where malicious actors could exploit connections to exte...
Read More » -
Cybercriminals Upgrade ClickFix with E-commerce Tricks
Cybercriminals are enhancing the ClickFix malware delivery method by using persuasive design elements like tutorial videos and countdown timers to rush users into executing harmful commands, making pages appear legitimate. The fraudulent pages dynamically adapt to the victim's operating system an...
Read More » -
Protect Your Business from Deepfakes: 4 Essential Steps Now
Deepfakes, created using AI, are a growing threat to businesses, enabling cybercriminals to produce convincing fake audio and video for fraud and misinformation. The risks include severe reputational and financial damage, such as stock value drops from fake announcements, and identity theft throu...
Read More » -
State Actor Behind SonicWall Cloud Backup Hack
A state-sponsored threat actor breached SonicWall's cloud backup service using brute-force techniques, accessing all stored backup files through an API call in a sophisticated nation-state level operation. SonicWall confirmed that core products, internal systems, and customer infrastructures were...
Read More » -
Secure Your Enterprise Data with Hypori Workspace
Hypori has expanded its Secure Workspace Ecosystem with new products, including Hypori Mobile and Hypori Lyte, to offer flexible, scalable, and secure mobile access while addressing modern cybersecurity challenges. Hypori Mobile provides a re-engineered virtual workspace with enhanced performance...
Read More » -
Cyber-Espionage Attack Mimics Sandworm Hits Russian, Belarusian Forces
A sophisticated spear-phishing campaign targets Russian and Belarusian military personnel using weaponized documents disguised as legitimate military correspondence to deliver malware. The attack deploys a malicious LNK file that executes PowerShell scripts, establishes persistence, and sets up O...
Read More » -
The Looming Threat of Malicious AI Agents
Businesses are rapidly adopting AI agents but lack proper security measures, particularly in identity management, creating risks as these non-human workers operate without adequate tracking of their credentials and actions. The core security challenge is that AI agents require access to sensitive...
Read More » -
SOTI ONE Enhances Secure Device Management for Australian Healthcare
SOTI has upgraded its SOTI ONE Platform with Stella, an AI assistant, to enhance operational efficiency, reduce device downtime, and accelerate patient response times in the Australian healthcare sector. Outdated infrastructure and legacy systems hinder digital progress, with 99% of Australian IT...
Read More » -
Python Foundation Rejects US Security Grant
The Python Software Foundation rejected a $1.5 million U.S. government grant because the terms would have prohibited its diversity, equity, and inclusion (DEI) initiatives, conflicting with its core mission. The grant was intended to fund the development of proactive security tools for the Python...
Read More » -
FCC to Roll Back ISP Cybersecurity Mandate
The FCC is reversing a cybersecurity mandate for internet providers after industry lobbying, with Chairman Brendan Carr arguing it overstepped legal authority and that companies have already improved security voluntarily. The original 2025 ruling responded to state-sponsored cyberattacks like Chi...
Read More » -
AI Browsers: The Looming Cybersecurity Threat
The rapid integration of AI into web browsers introduces serious cybersecurity vulnerabilities, including data breaches and privacy invasions, as these tools collect and retain more personal data than traditional browsers. Security researchers have identified flaws in early AI browsers, such as p...
Read More »