New Phishing Service Bypasses MFA by Proxying Real Login Pages
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse ac
Security
22 articles
36 Malicious npm Packages Target Redis, PostgreSQL
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to
International Law Enforcement Identifies 20,000+ Crypto Fraud Victims
An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada,
Massive IoT Botnet Kimwolf Cripples I2P Privacy Network
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized,
Drift Exchange Heist: $285M Theft Linked to DPRK
Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticul
Wearable Biometrics Redefine Security Beyond MFA
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—bloc
Decode Threat Actor Signals Before Attacks Strike
Threat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and credential requests. Join our upcoming
CPUID Platform Compromised: Malware Injected Into CPU-Z Downloads
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-
Hackers Compromise Smart Slider 3 Plugin Update System
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]
VENOM Phishing Platform Targets Executive Microsoft Credentials
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multi
LucidRook Malware Targets NGOs and Universities in Taiwan
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]
Nearly 4,000 US Industrial Devices Targeted in Iranian Cyber Campaign
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed progr
Dutch Healthcare Vendor ChipSoft Crippled by Ransomware
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for
StubHub Settles $10M FTC Case Over Ticket Pricing
StubHub has agreed to pay $10 million to resolve Federal Trade Commission allegations that the ticket marketplace engaged in deceptive pricing practices that mi
Adobe Reader Zero-Day Under Active Exploit Since December
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...]
Chrome 146 Blocks Session Cookie Theft with New Security
Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting sess
Eurail Confirms Data Breach Affecting 300,000 Travelers
Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,00
Pro-Iran Group Deploys AI Lego Videos in Political Trolling Campaign
Group has released over a dozen videos mocking President Trump and the US.
1 Billion Security Records Reveal Critical Patching Crisis
Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defen
Microsoft Warns of Account Hijacking Targeting Canadian Workers
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate atta
Mercor's $10B Valuation Under Pressure Following Security Incident
Mercor, a startup valued at $10 billion, is navigating challenging circumstances following a significant security incident that exposed customer data. The breac
Gmail's End-to-End Encryption Now Available on Mobile
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without add