2/10/2026

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

North Korean Hackers Use New macOS Malware in Crypto-Theft Attacks

“Digital Parasite” Warning as Attackers Favor Stealth for Extortion

White House to Meet With GOP Lawmakers on FISA Section 702 Renewal

Cyber Command, NSA Nominee Rudd Advances to Senate Floor

British Army Splashes $86M on AI Gear to Speed up the Battlefield Kill Chain

Fugitive Behind $73M ‘Pig Butchering’ Scheme Gets 20 Years in Prison

Google Secures EU Antitrust Approval for $32 Billion Wiz Acquisition

Microsoft Announces New Mobile-Style Windows Security Controls
Nearly 17,000 Volvo Staff Dinged in Supplier Breach

Phorpiex Phishing Delivers Low-Noise Global Group Ransomware

New Mobile Spyware ZeroDayRAT Targets Android and iOS

Malicious 7-Zip Site Distributes Installer Laced With Proxy Tool

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

New Linux Botnet SSHStalker Uses Old-School IRC for C2 Comms

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Krebs: Patch Tuesday, February 2026 Edition

Microsoft Is Keeping Secure Boot Alive With Windows Updates

What Organizations Need to Change When Managing Printers

2/9/2026

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

Senegal Confirms Breach of National ID Card Department After Ransomware Claims

EU, Dutch Government Announce Hacks Following Ivanti Zero-Days

European Commission Discloses Breach That Exposed Staff Data

Leaked Technical Documents Show China Rehearsing Cyberattacks on Neighbors’ Critical Infrastructure

Iran’s Digital Surveillance Machine Is Almost Complete

AI Is Here to Replace Nuclear Treaties. Scared Yet?

Researchers Find 40,000+ Exposed OpenClaw Instances

Social Media Platforms Earn Billions from Scam Ads

Hacked, Leaked, Exposed: Why You Should Never Use Stalkerware Apps

Two Connecticut Men Charged In Alleged $3m Gambling Fraud Scheme
Hackers Breach SmarterTools Network Using Flaw in Its Own Software

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Discord Faces Backlash Over Age Checks After Data Breach Exposed 70,000 IDs

Payment Tech Provider for Texas, Florida Governments BridgePay Working With FBI to Resolve Ransomware Attack

Suspected Sabotage Disrupts Trains in Northern Italy as Winter Games Begin

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code

New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix

BeyondTrust Warns of Critical RCE Flaw in Remote Support Software

Microsoft: Exchange Online Flags Legitimate Emails as Phishing

Russia Grants Asylum to Spanish Professor Wanted for Alleged Pro-Moscow Cyber Operations

2/6-8/2026

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Norwegian Intelligence Discloses Country Hit by Salt Typhoon Campaign

Unsettled Cyber Intel Law Erodes Private-Sector Trust

U.S. Software Stocks Slammed on Mounting Fears Over AI Disruption, Lose $1 Trillion in Week

NYC Explores Using AI Cameras to Spot Subway Fare Evaders

EU Says TikTok Faces Large Fine Over “Addictive Design”

Illinois Man Pleads Guilty to Hacking Nearly 600 Women’s Snapchat Accounts
DKnife: Chinese-Made Malware Kit Targets Chinese-Based Routers and Edge Devices

Flickr Emails Users About Data Breach, PINs It on 3rd Party

Payments Platform BridgePay Confirms Ransomware Attack Behind Outage

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

CISA Warns of SmarterMail RCE Flaw Used in Ransomware Attacks

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

New Tool Blocks Imposter Attacks Disguised as Safe Commands

2/5/2026

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

Protests Don’t Impede Iranian Spying on Expats, Syrians, Israelis

Russian Hackers Attacking European Maritime and Transport Orgs Using Microsoft Office Exploit

Asia-Based Government Spies TGR-STA-1030 Quietly Broke Into Critical Networks Across 37 Countries

ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are

Smartphones Now Involved in Nearly Every Police Investigation

AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+

UNICEF Calls for Criminalization of AI Content Depicting Child Sex Abuse

Dark Patterns Undermine Security, One Click at a Time

CISA Gives Federal Agencies One Year to Rip Out End-Of-Life Devices
Spain’s Ministry of Science Shuts Down Systems After Breach Claims

Romanian Oil Pipeline Operator Conpet Discloses Cyberattack

Italian University la Sapienza Goes Offline After Cyberattack

Substack Data Breach Exposed Users’ Emails and Phone Numbers

Data Breach at Govtech Giant Conduent Balloons, Affecting Millions More Americans

Betterment Breach May Expose 1.4m Users After Social Engineering Attack

Zendesk Spam Wave Returns, Floods Users With ‘Activate Account’ Emails

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

Ransomware Gang Uses ISPsystem VMs for Stealthy Payload Delivery

Malicious Commands in GitHub Codespaces Enable RCE

2/4/2026

U.S. Used Cyber Weapons to Disrupt Iranian Air Defenses During 2025 Strikes

Ukraine Tightens Controls on Starlink Terminals to Counter Russian Drones

Italy Foiled Russia-Linked Cyberattacks on Embassies, Olympic Sites, Minister Says

How 2026 Winter Olympics Security Is Preparing for the Opening Ceremony

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

OpenClaw’s AI ‘Skill’ Extensions Are a Security Nightmare

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Google Cloud’s Customer Chief Returns to Microsoft as Head of Security

With AI Accountability Stalling, Boards Must Push Tech Giants for Greater Transparency

Super Bowl Prepares for Potential AI Cybersecurity Threat

Owner of Incognito Dark Web Drugs Market Gets 30 Years in Prison

DragonForce Ransomware Gang Goes Full ‘Godfather’ With Cartel
Hackers Compromise NGINX Servers to Redirect User Traffic

Coinbase Confirms Insider Breach Linked to Leaked Support Tool Screenshots

Cybercrime Group Claims Responsibility for Penn Email Hack, Leaks Additional Internal Files

Hackers Publish Personal Information Stolen During Harvard, UPenn Data Breaches

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Global SystemBC Botnet Found Active Across 10,000 Infected Systems

New Technical Markers Reveal Expanding ShadowSyndicate Cybercriminal Infrastructure

EDR Killer Tool Uses Signed Kernel Driver From Forensic Software

Nitrogen Ransomware Is So Broken Even the Crooks Can’t Unlock Your Files

CISA Warns of Five-Year-Old GitLab Flaw Exploited in Attacks

CISA: VMware ESXi Flaw Now Exploited in Ransomware Attacks

Critical n8n Flaws Disclosed Along With Public Exploits

2/3/2026

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days

Poland Detains Defense Ministry Employee on Suspicion of Spying for Russia

U.S. Senator Says AT&T, Verizon Blocking Release of Salt Typhoon Security Assessment Reports

CISA Official Says CIRCIA Cyber Reporting Update Is ‘Weeks’ Away

CISA Updated Ransomware Intel on 59 Bugs Last Year Without Telling Defenders

Trump Administration Eyes 10-Year Extension of Cybersecurity Law

How Data Brokers Can Fuel Violence Against Public Servants

X Marks the Raid: French Cops Swoop on Musk’s Paris Ops

UK ICO Launches Investigation into X Over AI Generated Non-Consensual Sexual Imagery

UK Investigating First Suspected Breach of Cyber Sanctions

Polish Cops Bail 20-Year-Old Bedroom Botnet Operator

Varonis to Acquire AllTrue as AI Security Concerns Mount

OpenAI CEO Altman Dismisses Moltbook as Likely Fad, Backs the Tech Behind It

The Rise of Moltbook Suggests Viral AI Prompts May Be the Next Big Security Threat
Iron Mountain: Data Breach Mostly Limited to Marketing Materials

Step Finance Says Compromised Execs’ Devices Led to $40M Crypto Theft

New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials

Wave of Citrix NetScaler Scans Use Thousands of Residential Proxies

Researchers Warn of New “Vect” RaaS Variant

DockerDash Exposes AI Supply Chain Weakness In Docker’s Ask Gordon

Critical React Native Metro Dev Server Bug Under Attack as Researchers Scream Into the Void

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

CISA Flags Critical SolarWinds RCE Flaw as Exploited in Attacks

SQL Injection Flaw Affects 40,000 WordPress Sites

8-Minute Access: AI Accelerates Breach of AWS Environment

Microsoft Finally Sends TLS 1.0 and 1.1 to the Cloud Retirement Home

California City Turns off Flock Cameras After Company Shared Data Without Authorization

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

Spain Will Ban Social Media for Kids Under 16

2/2/2026

Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks

Notepad++ Updates Got Hijacked for Months and Could Have Spied for China

Spyware Maker Is Hijacking Diplomatic Efforts to Limit Commercial Hacking, Civil Society Warns

From Clawdbot to Moltbot to OpenClaw: Meet the AI Agent Generating Buzz and Fear Globally

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

Malicious MoltBot Skills Used to Push Password-Stealing Malware

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site

Hackers Recruit Unhappy Insiders to Bypass Data Security

Drone Sightings Have Doubled Near UK Military Bases, Warns British Government
Krebs: Please Don’t Feed the Scattered Lapsus ShinyHunters

Hackers Attempt to Extort Parents After School Refuses to Pay Ransom Fee

StopICE Hacked to Send Alarming Text Messages, Admins Accuse Border Patrol Agent of Sabotage

Panera Bread Breach Impacts 5.1 Million Accounts, Not 14 Million Customers

McDonald’s Is Not Lovin’ Your BigMac, Happy Meal, and McNuggets McPasswords

NationStates Confirms Data Breach, Shuts Down Game Site

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

NSA Publishes New Zero Trust Implementation Guidelines

Netherlands Latest European Country to Mull Social Media Ban for Children

1/30-2/1/2026

Labyrinth Chollima Evolves into Three North Korean Hacking Groups

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

RedKitten: New AI-Developed Malware SloppyMIO Campaign Targets Iranian Protests

I Mocked the Saudi Leader on YouTube – Then My Phone Was Hacked and I Was Beaten up in London

Informant Told FBI That Jeffrey Epstein Had a ‘Personal Hacker’

Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup

Coupang CEO Questioned by Police Investigating Obstruction of Probe Into Data Breach

Thoma Bravo Explores Sale of Identity Software Firm Imprivata, Sources Say

Operation Switch Off Dismantles Major Pirate TV Streaming Services

Department of Justice Seizes Domains for Bulgarian Piracy Sites

Crypto Wallets Received a Record $158 Billion in Illicit Funds Last Year
New Britain (CT) ‘Network Disruption’ Was Due to Ransomware Attack, Mayor Says

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Cloud Storage Payment Scam Floods Inboxes With Fake Renewals

National Crime Agency and NatWest Issue Joint Warning Over Invoice Fraud Threat

Exposed MongoDB Instances Still Targeted in Data Extortion Attacks

Researcher Reveals Evidence of Private Instagram Profiles Leaking Photos

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

New Apple Privacy Feature Limits Location Tracking on iPhones, iPads

AI Security Startup CEO Posts a Job. Deepfake Candidate Applies, Inner Turmoil Ensues.

Open-Source AI Is a Global Security Nightmare Waiting to Happen, Say Researchers

1/29/2026

Latvia Says Russia Remains Its Top Cyber Threat as Attacks Hit Record High

Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

Operation Winter SHIELD: FBI Issues Call to Arms for Organizations to Improve Cybersecurity

Google Disrupts Extensive Residential Proxy Networks IPIDEA

Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups

How Can CISOs Respond to Ransomware Getting More Violent?

Patch or Perish: Vulnerability Exploits Now Dominate Intrusions

An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account

Open-Source AI Models Vulnerable to Criminal Misuse, Researchers Warn

U.S. Software Stocks Slump as AI Disruption Fears Take Over

ICE Is Using Palantir’s AI Tools to Sort Through Tips

Italy’s Winter Games Security Plan Keeps U.S. ICE in Advisory Role

Cybersecurity Teams Embrace AI, Just Not at the Scale Marketing Suggests

AV Vendor eScan Goes to War With Security Shop Morphisec Over Update Server Scare

France Fines National Employment Agency €5m Over 2024 Data Breach
Cyberattack on Large Russian Bread Factory The Vladimir Bread Factory Disrupts Supply Deliveries

ShinyHunters Swipes Right on 10M Records in Alleged Dating App Match Group Data Grab

Match Group Breach Exposes Data from Hinge, Tinder, OkCupid, and Match

Contractor Data Breach at TriZetto Provider Solutions May Have Exposed the Protected Health Info of Thousands of Central Oregonians

Fintech Marquis Blames Ransomware Breach on SonicWall Cloud Backup Hack

Initial Access Hackers TA584 Switch to Tsundere Bot for Ransomware Attacks

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

Hugging Face Abused to Spread Thousands of Android Malware Variants

Aisuru Botnet Sets New Record with 31.4 Tbps DDoS Attack

Ivanti Warns of Two EPMM flaws Exploited in Zero-Day Attacks

Google Rolls Out Android Theft Protection Feature Updates

New Apple Feature Will Block Cell Networks From Capturing Precise Location Data

New Microsoft Teams Feature Will Let You Report Suspicious Calls

NSA Pick Champions Foreign Spying Law as Nomination Advances

1/28/2026

Cyberattack on Polish Energy Grid Impacted Around 30 Facilities

Ransomware Crims Forced to Take Off-RAMP as FBI Seizes Forum

Virginia Man & Empire Cybercrime Market Owner, with Partner from Florida, Pleads Guilty to Drug Conspiracy

Teen Swatting Suspects Arrested in Hungary and Romania

Slovakian Man Pleads Guilty to Operating Darknet Marketplace

OpenAI’s ChatGPT’s Ad Costs Are on Par With Live NFL Broadcasts

Ex-Palantir Engineer Raises $40 Million for Cyber Startup Outtake, With Backing From Microsoft CEO Nadella

Trump’s Acting Cybersecurity Chief Madhu Gottumukkala Uploaded Sensitive Government Docs to ChatGPT
eScan Confirms Update Server Breached to Push Malicious Update

Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign

Hackers Hijack Exposed LLM Endpoints in Bizarre Bazaar Operation

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

Autonomous System Uncovers Long-Standing OpenSSL Flaws

SolarWinds Warns of Critical Web Help Desk RCE, Auth Bypass Flaws

Critical and High Severity n8n Sandbox Flaws Allow RCE

UK Leaders Warned Country Risks ‘Absorbing’ Cyber and Hybrid Attacks Without Offensive Deterrence

FTC Commissioner Says Online Age Verification ‘Offers a Better Way’ to Protect Kids

1/27/2026

Chinese Mustang Panda Hackers Deploy Infostealers via CoolClient Backdoor

PeckBirdy Framework Tied to China-Aligned Cyber Campaigns

Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities

Over 80% of Ethical Hackers Now Use AI

Revealed: Leaked Chats Expose the Daily Life of a Scam Compound’s Enslaved Workforce

He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive

WhatsApp’s New ‘Lockdown’ Settings Add Another Layer of Protection Against Cyberattacks

France to Replace U.S. Videoconferencing Wares With Unfortunately Named Sovereign Alternative

Private Equity Firm Audax Group Seeks Over $1.5 Billion for BlueCat Networks

U.S. Charges 31 More Suspects Linked to Tren de Aragua ATM Malware Attacks

Chinese Money Launderers Moved More Than $16 Billion of Illicit Crypto in 2025, Report Finds
Let Them Eat Sourdough: ShinyHunters Claims Panera Bread as Stolen Credentials Victim

Nike Investigates Data Breach After Extortion Gang Leaks Files

Russian Security Systems Firm Delta Hit by Cyberattack, Services Disrupted

Ransomware Attacks Hits Winona County (MN)

Have I Been Pwned: SoundCloud Data Breach Impacts 29.8 Million Accounts

New Malware Service ‘Stanley’ Guarantees Phishing Extensions on Chrome Web Store

WinRAR Path Traversal Flaw Still Exploited by Numerous Hackers

Fortinet Blocks Exploited FortiCloud SSO Zero Day Until Patch is ready

Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core

Critical Sandbox Escape Flaw Found in Popular vm2 NodeJS Library

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

UK Plans Sweeping Overhaul of Policing Amid Surge in Online Crimes

1/26/2026

Krebs: Who Operates the Badbox 2.0 Botnet?

Deepfake ‘Nudify’ Technology Is Getting Darker—And More Dangerous

EU Launches Investigation Into X Over Grok-Generated Sexual Images

2025 Was a Wake-up Call to Protect Human Decisions, Not Just Systems

CISA Releases List of Post-Quantum Cryptography Product Categories

Upwind Raises $250 Million to Expand Cloud Security

Law Firm Investigates Coupang Security Failures Ahead of Class Action Deadline

Google Agrees to Pay $68 Million to Settle Voice Recording Lawsuit

Judge Awards British Critic of Saudis $4.1 Million, Finds the Regime Hacked His Devices
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

New ClickFix Attacks Abuse Windows App-V Scripts to Push Malware

eScan Antivirus Supply Chain Breach Delivers Signed Malware

Researchers Uncover “Haxor” SEO Poisoning Marketplace

Cloudflare Misconfiguration Behind Recent BGP Route Leak

Hackers Can Bypass npm’s Shai-Hulud Defenses via Git Dependencies

Microsoft Patches Actively Exploited Office Zero-Day Vulnerability

Supreme Court to Hear Facebook Pixel Tracking Case

Romania Probes Two Suspects Over Alleged Hitman-For-Hire Website

1/23-25/2026

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

Konni Hackers Target Blockchain Engineers With AI-Built Malware

Millions of People Imperiled Through Sign-in Links Sent by SMS

Gmail’s Spam Filter and Automatic Sorting Are Broken

Ring Can Verify Videos Now, but That Might Not Help You With Most AI Fakes

TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

U.S. to Deport Venezuelans Who Emptied Bank ATMs Using Malware

UK Border Tech Budget Swells by £100M as Home Office Targets Small Boat Crossings

Germany Expels Russian Diplomat Accused of Spying on Ukraine War Effort

China Investigates Top General Zhang Youxia in Rare Purge of Senior Military Leaders

U.S. Storm Leaves 850,000 Without Power, Forces 10,000 Flight Cancellations
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

Cyberattack Disrupts Digital Systems at Renowned Dresden Museum Network

149 Million Usernames and Passwords Exposed by Unsecured Database

ShinyHunters Claims Okta Customer Breaches, Leaks Data Belonging to 3 Orgs

Nike Probing Potential Security Incident as Hackers Threaten to Leak Data

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Malicious AI Extensions on VSCode Marketplace Steal Developer Data

Fortinet Confirms Critical FortiCloud Auth Bypass Not Fully Patched

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

Hackers Get $1,047,000 for 76 Zero-Days at Pwn2Own Automotive 2026

1/22/2026

From a Whisper to a Scream: Europe Frets About Overreliance on U.S. Tech

Risky Chinese Electric Buses Spark Aussie Gov’t Review

Spanish Judge Closes NSO Group Spyware Probe Due to Lack of Cooperation From Israel

Claude’s New AI File-Creation Feature Ships With Security Risks Built In

Crims Compromised Energy Firms’ Microsoft Accounts, Sent 600 Phishing Emails

Microsoft Teams to Add Brand Impersonation Warnings to Calls

1Password Is Introducing a New Phishing Prevention Feature

House of Lords Backs Legislation to Ban Social Media for Children Under 16

Bank of England: Financial Sector Failing to Implement Basic Cybersecurity Controls

Over 160,000 Companies Notify Regulators of GDPR Breaches

Europe’s GDPR Cops Dished Out €1.2B in Fines Last Year as Data Breaches Piled Up

INC Ransomware Opsec Fail Allowed Data Recovery for 12 U.S. Orgs
Hackers Breach Fortinet FortiGate Devices, Steal Firewall Configs

Fortinet Firewalls Hit With Malicious Configuration Changes

Jordan Used Cellebrite Phone-Hacking Tools Against Activists Critical of Gaza War, Report Finds

Okta SSO Accounts Targeted in Vishing-Based Data Theft Attacks

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

RealHomes CRM Plugin Flaw Affected 30,000 WordPress Sites

Critical Appsmith Flaw Enables Account Takeovers

Hackers Exploit 29 Zero-Days on Second Day of Pwn2Own Automotive

Curl Ending Bug Bounty Program After Flood of AI Slop Reports

1/21/2026

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

Phishing and Spoofed Sites Remain Primary Entry Points For Olympics

Hackers Exploit Security Testing Apps to Breach Fortune 500 Firms

Fortinet Admins Report Patched FortiGate Firewalls Getting Hacked

New Android Malware Uses AI to Click on Hidden Browser Ads

Greek Police Arrest Scammers Using Fake Cell Tower Hidden in Car Trunk

Ireland Wants to Give Its Cops Spyware, Ability to Crack Encrypted Messages

EU Unveils Cybersecurity Overhaul with Proposed Update to Cybersecurity Act

UK’s NCC Group to Sell Escode for $369.4 Million
Everest Ransomware Gang Said to Be Sitting on Mountain of Under Armour Data

Online Retailer PcComponentes Says Data Breach Claims are Fake

Peruvian Loan Scam Harvests Cards and PINs via Fake Applications

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Cisco Fixes Unified Communications RCE Zero Day Exploited in Attacks

Tesla Hacked, 37 Zero-Days Demoed at Pwn2Own Automotive 2026

Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch

1/20/2026

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

EU Plan to Phase-Out High-Risk Tech Draws Fire From China’s Huawei

Greece, Israel to Cooperate on Anti-Drone Systems, Cybersecurity, Greek Minister Says

Krebs: Kimwolf Botnet Lurking in Corporate, Gov’t Networks

UK Launches Landmark ‘Report Fraud’ Service to Tackle Cybercrime and Fraud

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook

AI Supercharges Attacks in Cybercrime’s New ‘Fifth Wave’

VoidLink Cloud Malware Shows Clear Signs of Being AI-Generated

True Agentic AI Is Years Away – Here’s Why and How We Get There

Supreme Court to Consider Whether Geofence Warrants Are Constitutional

UK Says It Will Consider Banning Social Media for Children
Hackers Target Afghan Government Workers With Fake Correspondence From Senior Officials

Linkedin Phishing Campaign Exploits Open-Source Pen Testing Tool to Compromise Business Execs

Numerous Mass Spam Attacks Leverage Zendesk Instances

UStrive Security Lapse Exposed Personal Data of Its Users, Including Children

Minnesota Department of Human Services Data Breach Affects Over 300K Individuals

Everest Ransomware Claims McDonalds India Breach Involving Customer Data

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

ACF Plugin Bug Gives Hackers Admin on 50,000 WordPress Sites

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps

Prompt Injection Bugs Found in Official Anthropic Git MCP Server

Lawmakers Move to Extend Two Cyber Programs (Again) in Funding Proposal

1/19/2026

Iran to Consider Lifting Internet Ban; State TV Hacked to Air Anti-Regime Messages

Russian Hacktivists Intensify Disruptive Cyber Pressure on UK Orgs

Read the Texts Between Trump and Norway’s Prime Minister

How Crypto Criminals Stole $700 Million From People – Often Using Age-Old Tricks
Ingram Micro Admits Summer Ransomware Raid Exposed Thousands of Staff Records

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Researchers Uncover PDFSIDER Malware Built for Long-Term, Covert System Access

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

1/16-18/2026

China-Linked Hackers Exploited Sitecore Zero-Day for Initial Access

Trump Says Iran Has Told Him ‘Killing Has Stopped’ as He Pulls Back From Strike Threats

Donald Trump Calls off Iran Strikes After Steve Witkoff, Araghchi Texts

By Asking Trump to Delay Iran Attacks, Netanyahu Exposes Israel’s Air Defense Holes

Anti-Regime Activists Hack Iran’s National Broadcaster, Transmit Pahlavi’s Calls to Protest

Canada Will Regret Allowing Chinese EVs Into Their Market, U.S. Says

EU Moves to Force the Phase-Out of Chinese Suppliers From Key Infrastructure

A Faceless Hacker Stole My Therapy Notes – Now My Deepest Secrets Are Online Forever

Jordanian Initial Access Broker Pleads Guilty to Helping Target 50 Companies

Police Raid Homes of Alleged Black Basta Hackers, Hunt Suspected Russian Ringleader

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Canadian Investment Regulatory Organization (CIRO) Confirms Data Breach Exposed Info on 750,000 Canadian Investors

Tens of Millions of French Citizen Records Exposed

TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals

RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

Malicious GhostPoster Browser Extensions Found with 840,000 Installs

Hackers Now Exploiting Critical Fortinet FortiSIEM Flaw in Attacks

StealC Hackers Hacked as Researchers Hijack Malware Control Panels

Cisco Finally Fixes AsyncOS Zero-Day Exploited Since November

I’m Sorry Dave, I’m Afraid I Can’t Do That! PCs Refuse to Shut Down After Microsoft Patch

1/15/2026

Chinese-Linked Hackers Target U.S. Entities With Venezuelan-Themed Malware

ICE Agent Doxxing Site DDoS-ed Via Russian Servers

Hackers Increasingly Shun Encryption in Favour of Pure Data Theft and Extortion

Former CISA Director Jen Easterly Will Lead RSAC Conference

FTC Bans GM From Selling Drivers’ Location Data for Five Years

Google to Pay $8.25 Million to Settle Lawsuit Alleging Children’s Privacy Violations

Elon Musk’s X Says It Will Block Grok From Making Sexual Images

Data Privacy Teams Face Staffing Shortages and Budget Constraints, ISACA Warns

Cloudflare Acquires AI Data Marketplace Human Native

Former U.S. Special Forces Officer Is Now a Startup CEO—His Cybersecurity Company Has Raised $22 Million
Verizon’s Hourslong Wireless Outage Tied to Software Update

Grubhub Confirms Hackers Stole Data in Recent Security Breach

Anchorage Police Department Takes Servers Offline After Cyberattack on Service Provider

Contagious Claude Code Bug Anthropic Ignored Promptly Spreads to Cowork

WhisperPair: Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login

Trio of Critical Bugs Spotted in Delta Industrial PLCs

CodeBuild Flaw Put AWS Console Supply Chain At Risk

Germany Turns to Israel for a ‘Cyber Dome’ Amid Rising Threats

1/14/2026

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

Ukraine Appoints Digital Chief as Defense Minister to Drive Military Reform

Western Cyber Agencies Warn About Threats to Industrial Operational Technology

Beijing Tells Chinese Firms to Stop Using U.S. and Israeli Cybersecurity Software, Sources Say

Lawmakers to Restart Efforts to Revive Lapsed Cyber Intel Bill

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

Criminal Subscription Service Behind AI-Powered Cyber-Attacks Taken Out By Microsoft

Verizon Outage Knocks Out U.S. Mobile Service, Including Some 911 Calls

France Fines Telcos €42M for Sub-Par Security Prior to 24M Customer Breach

Palantir Is Trying to ‘Destroy’ Percepta Through Legal Action, Startup’s Execs Say in Filing

Google’s Personal Intelligence links Gmail, Photos and Search to Gemini

California AG to Probe Musk’s Grok for Nonconsensual Deepfakes

Ugandan Officials Turn Off Internet on Eve of National Elections
Victorian Department of Education Says Hackers Stole Students’ Data

Monroe University Says 2024 Data Breach Affects 320,000 People

South Korean Giant Kyowon Confirms Data Theft in Ransomware Attack

Cloud Marketplace Pax8 Accidentally Exposes Data on 1,800 MSP Partners

Reprompt Attack Hijacked Microsoft Copilot Sessions for Data Theft

Hackers Use Fake PayPal Notices to Steal Credentials, Deploy RMMs

DeadLock Ransomware Uses Polygon Smart Contracts For Proxy Rotation

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Krebs: Patch Tuesday, January 2026 Edition

Federal Agencies Ordered to Patch Microsoft Desktop Windows Manager Bug

Microsoft Updates Windows DLL That Triggered Security Alerts

1/13/2026

Massive Cyberattack on Polish Power System in December Failed, Minister Says

Hill Warning: Don’t Put Cyber Offense Before Defense

Trump Renominates Sean Plankey for CISA Director

Ukraine Parliament Approves Resignation of Security Service Chief in Major Reshuffle

Kremlin-Linked Hackers Pose as Charities to Spy on Ukraine’s Military

Senior Military Cyber Operator Removed From Russia Task Force

More Than 40 Countries Impacted by North Korea IT Worker Scams, Crypto Thefts

Oracle Hack Still Generating Ransom Demands

India’s Smartphone Security Proposal Faces Backlash Over Privacy Concerns

Quantum Software Company Haiqu Raises $11 Million

AI and Automation Could Erase 10.4 Million U.S. Roles by 2030

What’s the Deal With Physical AI? Why the Next Frontier of Tech Is Already All Around You

Teen Hackers Recruited Through Fake Job Ads

Tennessee Man to Plead Guilty to Hacking Supreme Court’s Electronic Case Filing System

Dutch Cops Cuff Alleged AVCheck Malware Kingpin in Amsterdam
Target Employees Confirm Leaked Source Code Is Authentic

Suspected Ransomware Attack Threatens One of South Korea’s Largest Companies, Kyowon Group

Everest Ransomware Group Claims Nissan Breach, Demands Response

Central Maine Healthcare Breach Exposed Data of Over 145,000 People

Belgian Hospital AZ Monica Shuts Down Servers After Cyberattack

VoidLink: New Chinese-Made Malware Framework Targets Linux-Based Cloud Environments

Global Magecart Campaign Targets Six Card Networks

SHADOW#REACTOR Campaign Uses Text-Only Staging to Deploy Remcos RAT

Convincing LinkedIn Comment-Reply Tactic Used in New Phishing

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

Popular Python Libraries Used in Hugging Face Models Subject to Poisoned Metadata Attack

Adobe Patches Critical Apache Tika Bug in ColdFusion

Microsoft January 2026 Patch Tuesday Fixes 3 Zero-Days, 114 Flaws

Microsoft Releases Windows 10 KB5073724 Extended Security Update

New Windows Updates Replace Expiring Secure Boot Certificates

1/12/2026

Internet Monitoring Experts Say Iran Blackout Likely to Continue

Sweden Detains Ex-Military IT Consultant Suspected of Spying for Russia

Hungary Grants Asylum to Former Polish Minister Implicated in Spyware Probe

World Economic Forum: Cyber-Fraud Overtakes Ransomware as Business Leaders’ Top Cyber-Security Concern

Illicit Crypto Activity Hits Record $158bn in 2025

Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud

Ofcom Officially Investigating X as Grok’s Nudify Button Stays Switched On

Palo Alto Networks Introduces New Vibe Coding Security Governance Framework

Hacker Gets Seven Years for Breaching Rotterdam and Antwerp Ports

‘Violence-As-A-Service’ Suspect Arrested in Iraq, Extradition Underway

Kentucky Sues Character.AI, Alleging It Harms Children and Violates Data Law

Anthropic Brings Claude to Healthcare with HIPAA-Ready Enterprise Tools
University of Hawaii Cancer Center Hit by Ransomware Attack

Spanish Energy Giant Endesa Discloses Data Breach Affecting Customers

‘Bad Actor’ Hijacks Apex Legends Characters in Live Matches

Target’s Dev Server Offline After Hackers Claim to Steal Source Code

Armenia Probes Alleged Sale of 8 Million Government Records on Hacker Forum

Fintech Firm Betterment Confirms Data Breach After Hackers Send Fake Crypto Scam Notification to Users

Instagram Denies Breach After Many Receive Emails Asking to Reset Password

Facebook Login Thieves Now Using Browser-In-Browser Trick

Hidden Telegram Proxy Links Can Reveal Your IP Address in One Click

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

CISA Orders Feds to Patch Gogs RCE Flaw Exploited in Zero-Day Attacks

Apple Confirms Google Gemini Will Power Siri, Says Privacy Remains a Priority

Torq Raises $140 Million for Agentic AI-Powered Cybersecurity Platform

1/9-11/2026

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

World Economic Forum: Deepfake Face-Swapping Tools Are Creating Critical Security Risks

Krebs: Who Benefited from the Aisuru and Kimwolf Botnets?

Europol Leads Global Crackdown on Black Axe Cybercrime Gang, 34 Arrested

X Didn’t Fix Grok’s ‘Undressing’ Problem. It Just Makes People Pay for It

Lawmakers Call On App Stores to Remove Grok, X Over Sexualized Deepfakes

Illinois Man Charged With Hacking Snapchat Accounts to Steal Nude Photos

Ireland Recalls Almost 13,000 Passports Over Missing ‘IRL’ Code

California Bans Data Broker Reselling Health Data of Millions

Stellar Gains, Heavy Losses: Cybersecurity Stocks Had a Mixed Year

Here’s What Cloud Security’s Future Holds for the Year Ahead
BreachForums Hacking Forum Database Leaked, Exposing 324,000 Accounts

Ransomware Attack on Texas Gas Station Firm Gulshan Management Services Leaks 377,000 User Records

At Least $26 Million in Crypto Stolen From Truebit Platform as Crypto Crime Landscape Evolves

AI-Powered Truman Show Operation Industrializes Investment Fraud

Betterment’s Financial App Sends Customers a $10,000 Crypto Scam Message

Warning Over Scams Targeting Manx Email Accounts

Instagram Says It Fixed the Issue That Let Someone Send All Those Password Reset Emails

FBI Warns of North Korean QR Phishing Campaigns

Hackers Target Misconfigured Proxies to Access Paid LLM Services

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

UK Government Exempting Itself From Flagship Cyber Law Inspires Little Confidence

Former NSA Insider Kosiba Brought Back as Spy Agency’s No. 2

1/8/2026

China Hacked Email Systems of U.S. Congressional Committee Staff

U.S. To Leave Global Forum on Cyber Expertise

NSA Cyber Directorate Gets New Acting Leadership

Venezuela Raid Highlights Cyber Vulnerability of Critical Infrastructure

ChatGPT Health Feature Draws Concern From Privacy Critics Over Sensitive Medical Data

Grok Is Generating Sexual Content Far More Graphic Than What’s on X

CrowdStrike Buys Identity Security Startup SGNL for $740 Million in Latest Deal Push

Cyera Valued at $9 Billion as Data Security Firm Raises $400 Million

EU Antitrust Regulators to Decide on Google’s Wiz Deal by February 10

Texas Court Blocks Samsung From Tracking TV Viewing, Then Vacates Order

Ransomware Attacks Kept Climbing in 2025 as Gangs Refused to Stay Dead

Two-Fifths of 50% of Breaches Take Two Weeks to Recover From

Russia Frees French Researcher in Prisoner Swap for Alleged Ransomware Hacker
China-Linked UAT-7290 Targets Telecom Networks in South Asia

Iran-Linked Hacker Group Claims to Have Hacked, Surveilled Senior Mossad Agent

More Than 100,000 Households Warned After Cyber Attack on Kensington and Chelsea Council

Sedgwick Breach Linked to TridentLocker Ransomware Attack

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

GoBruteforcer Botnet Targets Linux Servers

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

New Zero-Click Attack Lets ChatGPT User Steal Data

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Cisco Switches Hit by Reboot Loops Due to DNS Client Bug

Microsoft to Enforce MFA for Microsoft 365 Admin Center Sign-Ins

1/7/2026

Cyberattacks Likely Part of Military Operation in Venezuela

European Space Agency Calls Cops as Crims Lift Off 500 GB of Files, Say Security Black Hole Still Open

Taiwan Says China’s War Games Sought to Undermine Global Support for the Island

China Intensifies Cyber-Attacks on Taiwan as Energy Sector Sees Tenfold Spike

Grok AI Still Being Used to Digitally Undress Women and Children Despite Suspension Pledge

IBM’s AI Agent Bob Easily Duped to Run Malware, Researchers Show

Google Search AI Hallucinations Push Google to Hire “AI Answers Quality” Engineers

Personal LLM Accounts Drive Shadow AI Data Leak Risks

Cloudy Outlook for Cyber Jobs as AI Fills Security Gaps

Stalkerware Operator Pleads Guilty in Rare Prosecution

Alleged Cyber Scam Kingpin Arrested, Extradited to China
MFA Failure Enables Infostealer Breach At 50 Enterprises

Illinois Department of Human Services Reports Yearslong Data Breach

Cyberattack Under Investigation by Coles County School District (IL)

Spanish Airline Iberia Attributes Recent Data Breach Claims to November Incident

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

Ghost Tap Malware Fuels Surge in Remote NFC Payment Fraud

Versatile Malware Loader pkr_mtsi Delivers Diverse Payloads

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Critical jsPDF Flaw Lets Hackers Steal Secrets via Generated PDFs

Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

1/6/2026

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

UK Launches New Cyber Unit to Bolster Defences Against Cyber Threats

UK Government Admits Years of Cyber Policy Have Failed, Announces Reset

Ring’s Mobile Security Trailer Provides 360-Degree Coverage Anywhere

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Jaguar Land Rover Wholesale Volumes Down 43% After Cyberattack

Startup Trends Shaking Up Browsers, SOC Automation, AppSec

Cybersecurity Predictions 2026: An AI Arms Race and Malware Autonomy
Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat

Hospitality Sector Hit By PHALT#BLYX ClickFix Malware Campaign

Cloud File-Sharing Sites Targeted for Corporate Data Theft Attacks

High-Severity Flaw in Open WebUI Affects AI Connections

New D-Link Flaw in Legacy DSL Routers Actively Exploited in Attacks

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

1/5/2026

Russian Hackers Target European Hospitality Industry With ‘Blue Screen of Death’ Malware

The French University Where Spies Go for Training

As Supply-Chain Cyber Risks Mount, Can AI Help?

EU Looking ‘Very Seriously’ at Taking Action Against X Over Grok

Finland Arrests Two Crew Members of Ship Suspected of Cable Break

Playing Koi: Palo Alto Isn’t Saying if It Will Buy Security Start-up

VSCode IDE Forks Expose Users to “Recommended Extension” Attacks
New Zealand Orders Review Into ManageMyHealth Cyberattack

Aurora College Working to Get Systems Back Up After Cyber Attack

Cyberattack Forces British High School to Close

Ledger Customers Impacted by Third-Party Global-E Data Breach

U.S. Broadband Provider Brightspeed Investigates Breach Claims

NordVPN Denies Breach Claims, Says Attackers Have “Dummy Data”

VVS Stealer Uses Advanced Obfuscation to Target Discord Users

1/2-4/2026

Inside the Operation: How the U.S. Moved to Capture Nicolás Maduro

Trump Suggests U.S. Used Cyberattacks to Turn Off Lights in Venezuela During Strikes

Krebs: The Kimwolf Botnet is Stalking Your Local Network

8 WhatsApp Features to Boost Your Security and Privacy

How to Protect Your iPhone or Android Device From Spyware

Trump Admin Sends Heart Emoji to Commercial Spyware Makers With Lifted Predator Sanctions

Bitfinex Crypto Thief Who Was Serving Five Years Thanks Trump for Early Release

Palo Alto Networks Security-Intel Boss Calls AI Agents 2026’s Biggest Insider Threat

Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats
Cybercrook Claims to Be Selling Infrastructure Info About Three Major U.S. Utilities

Hackers Claim to Hack Resecurity, Firm Says It Was a Honeypot

Sedgwick Confirms Cyber Incident Affecting Its Major Federal Contractor Subsidiary

Trust Wallet Links $8.5 Million Crypto Theft to Shai-Hulud NPM Attack

Covenant Health Says May Data Breach Impacted Nearly 478,000 Patients

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

12/30-31/2025

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Finland Seizes Ship Suspected of Damaging Subsea Cable in Baltic Sea

Washington Wants to Get Tough on Nation-State Hackers. Are Infrastructure Operators Ready?

Fears Mount That U.S. Federal Cybersecurity Is Stagnating—Or Worse

Two Cybersecurity Employees Plead Guilty to Carrying Out Ransomware Attacks

Meta Created ‘Playbook’ to Fend Off Pressure to Crack Down on Scammers, Documents Show

Hong Kong’s Newest Anti-Scam Technology: Over-The-Counter Banking

New York’s Incoming Mayor Zohran Mamdani Bans Raspberry Pi at His Inauguration Party

And Flipper Zero

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

Disney Will Pay $10 Million to Settle Children’s Data Privacy Lawsuit

Coupang to Split $1.17 Billion Among 33.7 Million Data Breach Victims
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware

European Space Agency Hit Again as Cybercrims Claim 200 GB Data up for Sale

Hackers Drain $3.9M From Unleash Protocol After Multisig Hijack

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

Zoom Stealer Browser Extensions Harvest Corporate Meeting Intelligence

New ERRTraffic Service Enables ClickFix Attacks via Fake Browser Glitches

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

RondoDox Botnet Exploits React2Shell Flaw to Breach Next.js Servers

US, Australia Say ‘MongoBleed’ Bug Being Exploited

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass

12/29/2025

The Worst Hacks of 2025

Happy 16th Birthday, KrebsOnSecurity.com!

Indian Cops Cuff Ex-Coinbase Rep Over Selling Customer Info to Crims

Hacker Arrested for KMSAuto Malware Campaign with 2.8 Million Downloads

Accused Data Thief Threw MacBook Into a River to Destroy Evidence
Korean Air Data Breach Exposes Data of Thousands of Employees

Romanian Energy Provider Oltenia Energy Complex Hit by Gentlemen Ransomware Attack

Two More Banks Notifying Thousands of Victims About Marquis Software Ransomware Attack

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

12/26-28/2025

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

The U.S. Must Stop Underestimating Drone Warfare

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

Death, Torture, and Amputation: How Cybercrime Shook the World in 2025

From Video Games to Cyber Defense: If You Don’t Think Like a Hacker, You Won’t Win

Coupang Founder Kim Bom Apologises for Data Leak, Pledges Compensation

Shaping the Next Generation of Cyber Experts
Trust Wallet Users Lose $7 Million to Hacked Chrome Extension

Fake GrubHub Emails Promise Tenfold Return on Sent Cryptocurrency

Ubisoft Shuts Down ‘Rainbow Six Siege’ Servers Following Hack

Hacker Claims to Leak WIRED Database with 2.3 million Records

Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data

Exploited MongoBleed Flaw Leaks MongoDB Secrets, 87K Servers Exposed

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

12/25/2025

Why Hackers Love the Holidays, Especially Christmas and the Like

OpenAI is Reportedly Testing Multiple Claude-Like Skills For ChatGPT

Study Reveals Businesses Continue to Underinvest in Cybersecurity and are Neglect in Vulnerability Assessments

The Biggest Cybersecurity Mergers and Acquisitions of 2025
Somerset County (PA) Utilizing New 911 Alert System After Cyber Attack

Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

12/24/2025

Pro-Russian Hackers Noname057 Claim Cyberattack on French Postal Service

NIST, MITRE Partner on $20m AI Centers For Manufacturing and Cybersecurity

The Age of the All-Access AI Agent Is Here

Pen Testers Accused of ‘Blackmail’ After Reporting Eurostar Chatbot Flaws

All I Want for Christmas Is Not a Scam – Tips to Avoid Digital Threats During the Festive Season
AI Powered Cyber Attack Hits Chinese TikTok Short Video Rival Kuaishou

Coordinated Scams Target MENA Region Extensively With Fake Online Job Ads

Fake MAS Windows Activation Domain Used to Spread PowerShell Malware

MongoDB Warns Admins to Patch Severe RCE Flaw Immediately

Cyber Volunteer Effort for Small Water Utilities Announces New MSSP Effort

12/23/2025

86% Surge in Fake Delivery Websites Hits Shoppers During Holiday Rush

Dozens of Flock AI Camera Feeds Were Just Out There

FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks

Chinese Crypto Scammers on Telegram Are Fueling the Biggest Darknet Markets Ever

SEC Sues Crypto Firms for Defrauding Investors Out of $14 Million

U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme

NYPD Sued Over Possible Records Collected Through Muslim Spying Program

Italy Fines Apple $116 Million Over App Store Privacy Policy Issues
More Than 22 Million Aflac Customers Impacted by June Data Breach

Baker University (KS) Says 2024 Data Breach Impacts 53,000 People

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites

WebRAT Malware Spread via Fake Vulnerability Exploits on Github

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

Microsoft Rolls Out Hardware-Accelerated BitLocker in Windows 11

A Cybersecurity Playbook for AI Adoption

ServiceNow Opens $7.7b Ticket Titled ‘Buy Security Company, Make It Armis’

12/22/2025

Cyber Spies Use Fake New Year Concert Invites to Target Russian Military

Romanian Water Authority Hit by BitLocker Ransomware Attack Over Weekend

Hacktivists Scrape 86M Spotify Tracks, Claim Their Aim Is to Preserve Culture

Microsoft Windows ‘Hack Your Own Password’ Attack Warning Issued

South Korea to Require Facial Recognition for New Mobile Numbers

Judge Rules That NSO Cannot Continue to Install Spyware via WhatsApp Pending Appeal

Interpol-Led Action Decrypts 6 Ransomware Strains, Arrests Hundreds

Nefilim Ransomware Affiliate Pleads Guilty
France’s National Post Office Hit by Suspected Cyber-Attack, Delaying Deliveries

University of Phoenix Data Breach Impacts Nearly 3.5 Million Individuals

Nissan Says Thousands of Customers Exposed in Red Hat Breach

Scripted Sparrow Sends Millions of BEC Emails Each Month

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

New MacSync Malware Dropper Evades macOS Gatekeeper Checks

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Monitoring Tool Nezha Abused For Stealthy Post-Exploitation Access

12/19-21/2025

Inquiry Ongoing After UK Government Hacked, Says Minister

Firms Warned to Be On ‘High Alert’ for Scam Emails

Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence

Russian Defense Firms Targeted by Hackers Using AI, Other Tactics

Trump Signs Defense Bill Allocating Millions for Cyber Command, Mandating Pentagon Phone Security

Senate Confirms New Pentagon CIO

Krebs on Dismantling Defenses: Trump 2.0 Cyber Year in Review

Here’s What’s in the DOJ’s Epstein Files Release—And What’s Missing

U.S. Charges 54 in Massive ATM Jackpotting Conspiracy

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Ex-Michigan Assistant Matt Weiss Seen on Video Hacking Into Student Accounts, Security Footage Reveals
Hacks, Thefts, and Disruption: The Worst Data Breaches of 2025

Richmond Behavioral Health Authority (VA) Breach Hits Over 113K

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

RansomHouse Upgrades Encryption With Multi-Layered Data Processing

How RomCom Became a Multipurpose Cyberweapon

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

Over 25,000 FortiCloud SSO Devices Exposed to Remote Attacks

New UEFI Flaw Enables Pre-Boot Attacks on Motherboards from Gigabyte, MSI, ASUS, ASRock

Docker Hardened Images Now Open Source and Available for Free

Palo Alto Networks Announces Multibillion-Dollar Deal With Google Cloud

FTC: Instacart to Refund $60M Over Deceptive Subscription Tactics

12/18/2025

Denmark Says Russia Was Behind Two ‘Destructive and Disruptive’ Cyber-Attacks

LongNosedGoblin: China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

New BeaverTail Malware Variant Linked to Lazarus Group

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

North Korea Steals Over $2bn in Crypto in 2025

Amazon Blocked 1,800 Suspected North Korean Scammers Seeking Jobs

Haotian: The Ultra-Realistic AI Face Swapping Platform Driving Romance Scams

France Arrests Latvian for Installing Malware on Italian Ferry

Austria’s High Court Orders Meta to Change Its Personalized Ad Practices

Pa. High Court Rules That Police Can Access Google Searches Without a Warrant
Tech Provider for NHS England DXS International Confirms Data Breach

University of Sydney Suffers Data Breach Exposing Student and Staff Info

HMRC Warns of Over 135,000 Scam Reports

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

Clop Ransomware Targets Gladinet Centrestack in Data Theft Attacks

Your Car’s Web Browser May Be On the Road to Cyber Ruin

New Password Spraying Attacks Target Cisco, PAN VPN Gateways

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

BlackBerry Lifts Lower End of Annual Revenue Forecast on Cybersecurity Demand

12/17/2025

Chinese Ink Dragon Group Hides in European Government Networks

APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

New Spyware Discovered on Belarusian Journalist’s Phone After Interrogation

Former Israeli Prime Minister Bennett’s Telegram Hacked, Not Phone, Despite Iranian Group’s Claims

Microsoft Will Finally Kill an Encryption Cipher That Enabled a Decade of Windows Hacks

Border Patrol Bets on Small Drones to Expand U.S. Surveillance Reach

Trump Targets Defense Giants’ Shareholder Payouts as Cost Overruns Mount, Sources Say

Blockchain Company Nomad to Repay Users Under FTC Deal After $186M Cyberattack

FBI Takes Down Alleged Money Laundering Service for Ransomware Groups

France Arrests Suspect Tied to Cyberattack on Interior Ministry

TikTok Tracked User’s Grindr Activity in Violation of European Law, Rights Group Alleges

Privacy Advocates See Risk in New Meta Policy That Uses AI Chats to Serve Targeted Ads
U.S. Autoparts Maker LKQ Confirms Oracle EBS Breach

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

Critical React2Shell Flaw Exploited in Ransomware Attacks

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

Cellik Android Malware Builds Malicious Versions From Google Play Apps

WhatsApp Device Linking Abused in Account Hijacking Attacks

New “Lies-in-the-Loop” Attack Undermines AI Safety Dialogs

Motors WordPress Vulnerability Exposes Sites to Takeover

Cisco Warns of Unpatched AsyncOS Zero-Day Exploited in Attacks

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

Zeroday Cloud Hacking Event Awards $320,0000 for 11 Zero Days

Think Like an Attacker: Cybersecurity Tips From a CISO

Roblox in Talks With Russia to Restore Access After Platform Ban Sparks Backlash

12/16/2025

Amazon Warns Russian GRU Hackers Target Western Firms via Edge Devices

Cyberattack Disrupts Venezuelan Oil Giant PDVSA’s Operations

Venezuela State Oil Company Blames Cyberattack on U.S. After Tanker Seizure

House Homeland Security Chairman Keeps Attention on Cyber Issues

Senior Official at Indo-Pacific Command Is Set to Be Trump’s Pick to Lead Cyber Command, NSA

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

Phishing Messages and Social Scams Flood Users Ahead of Christmas

Krebs: Most Parked Domains Now Serving Malicious Content

European Authorities Dismantle Call Center Fraud Ring in Ukraine

Still Using Windows 10? You’re a Prime Target for Ransomware Now – Unless You Do This
Hacking Group ‘ShinyHunters’ Threatens to Expose Premium Users of Sex Site PornHub

Analytics Provider Mixpanel: We Didn’t Expose You to Crims

City of Westminster (SC) Missing Public Funds After Cyber Attack, Officials Say

Madison Healthcare (MN) Confirms Data Breach After Ransomware Attack

Urban VPN Proxy Accused of Harvesting AI Chat Conversations

GhostPoster Attacks Hide Malicious JavaScript in Firefox Addon Logos

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

JumpCloud Windows Agent Flaw Enables Local Privilege Escalation

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

12/15/2025

Suspected Russian Hackers Step Up Attacks on U.S. Energy Firms, Research Shows

German Parliament Suffers Suspected Cyber Attack During Zelenskyy’s Visit

French Interior Ministry Confirms Cyberattack on Email Servers

Google Links More Chinese Hacking Groups to React2Shell Attacks

MI6 Chief Warns ‘Front Line Is Everywhere’ and Signals Intent to Pressure Putin

U.S. Government Launches Campaign to Hire Engineers for AI, Tech Roles

Starlink Claims Chinese Launch Came Within 200 Meters of Broadband Satellite

Google’s Turning off Its Dark Web Monitoring Service That Scoured Data Breaches for Your Info

Texas Sues 5 Smart TV Manufacturers Over Data Collection Practices

Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case

Vibe Coding: Innovation Demands Vigilance
700Credit Data Breach Impacts 5.8 Million Vehicle Dealership Customers

Nearly 20 Million Affected by Prosper, 700Credit Data Breaches

Askul Confirms Theft of 740K Customer Records in Ransomware Attack

PornHub Extorted After Hackers Steal Premium Member Activity Data

More Than 238K Hit by Akira-Claimed Fieldtex Product Hack

Ongoing SoundCloud Issue Blocks VPN Users With 403 Server Error

SoundCloud Confirms Breach After Member Data Stolen, VPN Access Disrupted

Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files

New SantaStealer Malware Steals Data From Browsers, Crypto Wallets

Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

12/12-14/2025

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

Germany Summons Russian Ambassador Over Cyberattack, Election Disinformation

Announced Pick for No. 2 at NSA Won’t Get the Job as Another Candidate Surfaces

Trump Order on AI May Not Deter State Laws

AI Toys for Kids Talk About Sex and Issue Chinese Communist Party Talking Points, Tests Show

U.S. Bill Seeks Phase-Out of Chinese Sensors in Self-Driving Cars, After Space Hack Fears

ServiceNow in Talks to Acquire Cybersecurity Startup Armis in Potential $7 Billion Deal

Uncle Sam Sues Ex-Accenture Manager Over Army Cloud Security Claims

Coupang Data Breach Traced to Ex-Employee Who Retained System Access

MKVCinemas Streaming Piracy Service With 142M Visits Shuts Down

Canada’s Privacy Regulator to Probe Billboards Equipped With Facial Scanning Tech

Streisand Effect: Businesses That Pay Ransomware Gangs Are More Likely to Hit the Headlines

CyberVolk’s Ransomware Debut Stumbles on Cryptography Weakness
More Than 340,000 Impacted by Cyberattack on Library System of Pierce County (WA)

Hamas-Affiliated APT Targeting Government Agencies in the Middle East, Morocco

Beware: PayPal Subscriptions Abused to Send Fake Purchase Emails

Fake ‘One Battle After Another’ Torrent Hides Malware in Subtitles

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

New Windows RasMan Zero-Day Flaw Gets Free, Unofficial Patches

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

MITRE Shares 2025’s Top 25 Most Dangerous Software Weaknesses

Kali Linux 2025.4 Released With 3 New Tools, Desktop Updates

12/11/2025

Hackers Reportedly Breach Developer Involved With Russia’s Military Draft Database

OpenAI Enhances Defensive Models to Mitigate Cyber-Threats

Google Ads for Shared ChatGPT, Grok Guides Push macOS Infostealer Malware

Russian Hackers Debut Simple Ransomware Service, but Store Keys in Plain Text

Lawmaker Calls Facial Recognition on Doorbell Cameras a ‘Privacy Nightmare’

Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data

LastPass Hammered With £1.2M Fine for 2022 Breach Fiasco

Federal Agencies Now Only Have One More Day to Patch React2Shell Bug
Data Breach at 700Credit Impacts 160,000 Michiganders

WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor

New ConsentFix Attack Hijacks Microsoft Accounts via Azure CLI

NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems

Malware Discovered in 19 Visual Studio Code Extensions

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

Active Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code Execution

Notepad++ Fixes Flaw That Let Attackers Push Malicious Update Files

12/10/2025

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

U.S. Says Russia-Backed Hacks Targeted Critical Infrastructure

U.S. Extradites Ukrainian Woman Accused of Hacking Meat Processing Plant for Russia

2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’

U.S. Halts Plans to Sanction Chinese Spy Agency

British Government Sanctions Russian and Chinese Groups Over Information Warfare

OpenAI Warns New Models Pose ‘High’ Cybersecurity Risk

Log4Shell Downloaded 40 Million Times in 2025

Nvidia Builds Location Verification Tech That Could Help Fight Chip Smuggling

Coupang CEO Resigns Over Data Breach in South Korea

Senators Return to Effort to Boost Cybersecurity for Commercial Satellite Industry

Coalition Adds Deepfake Response to Cyber Insurance Policies Globally
Petco Takes Down Vetco Website After Exposing Customers’ Personal Information

Russia’s Flagship Airline Aeroflot Hacked Through Little-Known Tech Vendor Bakka Soft, According to New Report

ClickFix Social Engineering Sparks Rise of CastleLoader Attacks

New Spiderman Phishing Service Targets Dozens of European Banks

New DroidLock Malware Locks Android Devices and Demands a Ransom

Over 10,000 Docker Hub Images Found Leaking Credentials, Auth Keys

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling

Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data

Microsoft Teams to Warn of Suspicious Traffic With External Domains

12/9/2025

React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics

Deploy New EtherRAT Malware

Gartner Calls For Pause on AI Browser Use

Analysts Warn of Cybersecurity Risks in Humanoid Robots

How to Answer the Door When the AI Agents Come Knocking

Trump Plans Executive Order Curbing State AI Law

Cyber Startup Saviynt Raises $700 Million to Secure Identity and Access

California Man Pleads Guilty to Rico Charges as DOJ Indicts Crypto Theft Gang

Spain Arrests Teen Who Stole 64 Million Personal Data Records

Seoul Cyber Investigators Seize Data, Devices From ‘South Korea’s Amazon’ Following Data Breach

Khashoggi Widow Files Complaint in France Alleging Saudi Government Infected Devices With Spywares
Space Bears Ransomware Claims Comcast Data Breach via Contractor Quasar Inc.

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware

DeadLock Ransomware Uses BYOVD to Evade Security Measures

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Fortinet Warns of Critical FortiCloud SSO Login Auth Bypass Flaws

Ivanti Warns of Critical Endpoint Manager Code Execution Flaw

SAP Fixes Three Critical Vulnerabilities Across Multiple Products

Krebs: Microsoft Patch Tuesday, December 2025 Edition

Windows PowerShell Now Warns When Running Invoke-WebRequest Scripts

12/8/2025

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

Three Hacking Groups, Two Vulnerabilities and All Eyes on China

U.S. to Allow Nvidia H200 Chip Shipments to China, Trump Says

Meta Proposal for Less Data Sharing Is Approved by European Commission

UK Moves to Strengthen Undersea Cable Defenses as Russian Snooping Ramps Up

Home Office Kept Police Facial Recognition Flaws to Itself, UK Data Watchdog Fumes

Poland Arrests Ukrainians Utilizing ‘Advanced’ Hacking Equipment

193 Cybercrims Arrested, Accused of Plotting ‘Violence-As-A-Service’

Russian Police Bust Bank-Account Hacking Gang That Used NFCGate-Based Malware

Russian Kids Revolt as Kremlin Bans Roblox, Other Popular Apps
Researchers Track Dozens of Organizations Affected by React2Shell Compromises Tied to China’s MSS

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Malicious VSCode Extensions on Microsoft’s Registry Drop Infostealers

Ransomware Gangs Turn to Shanya EXE Packer to Hide EDR Killers

ClayRat Android Spyware Expands Capabilities

Malware Families FvncBot, and SeedSnatcher Too

Total Ransomware Payments Surpass $4.5 Billion Since 2013

Over $2.1B From 2022 To 2024

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

UK Intelligence Warns AI ‘Prompt Injection’ Attacks Might Never Go Away

12/5-7/2025

China-Linked Warp Panda Targets North American Firms in Espionage Campaign

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

React2Shell Flaw Exploited to Breach 30 Orgs, 77K IP Addresses Vulnerable

Cloudflare Restores Services After Minor Dashboard Outage

Cloudflare Blames Today’s Outage on react2shell Mitigations

Krebs: SMS Phishers Pivot to Points, Taxes, Fake Retailers

Krebs: Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

Crims Using Social Media Images, Videos in ‘Virtual Kidnapping’ Scams

Louvre to Bolster Its Security, Issues €57m Public Tender

Portugal Updates Cybercrime Law to Exempt Security Researchers

Maryland Man Sentenced for N. Korea IT Worker Scheme Involving U.S. Government Contracts

EU Fines X $140 Million Over Deceptive Blue Checkmarks

SolarWinds’ Tim Brown Escaped the SEC. Future Cyber Chiefs Might Not.
Pharma Firm Inotiv Discloses Data Breach After Ransomware Attack

Barts Health NHS Discloses Data Breach After Oracle Zero-Day Hack

Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database

New Wave of VPN Login Attempts Targets Palo Alto GlobalProtect Portals

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Novel Clickjacking Attack Relies on CSS and SVG

Hackers are Exploiting ArrayOS AG VPN Flaw to Plant Webshells

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

NCSC’s ‘Proactive Notifications’ Warns Orgs of Flaws in Exposed Devices

Death to One-Time Text Codes: Passkeys Are the New Hotness in MFA

A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability

12/4/2025

Amid Rising Threats, NATO Holds Its Largest-Ever Cyberdefense Exercise

Twins Who Hacked State Dept Hired to Work for Gov Again, Now Charged With Deleting Databases

UK Sanctions Russia’s GRU Agency and Cyber Spies Over Deadly Nerve Agent Attack

FBI Says DC Pipe Bomb Suspect Brian Cole Kept Buying Bomb Parts After January 6

Pentagon’s Signalgate Report Finds Pete Hegseth Violated Military Policies

Taiwan to Ban China’s Xiaohongshu App for One Year on Fraud Concerns

A New Anonymous Phone Carrier Lets You Sign Up With Nothing but a Zip Code

British Officials Seek to Expand Facial Recognition Technology Use

Cybersecurity Startup 7AI Raises $130 Million in Series A Funding

I Saw Drone Deliveries Launch in Atlanta – How They Work and Which Cities Are Next
CISA Warns of Chinese “BrickStorm” Malware Attacks on VMware Servers

Predator Spyware Uses New Infection Vector for Zero-Click Attacks

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

New GhostFrame Phishing Framework Hits Over One Million Attacks

Critical React, Next.js Flaw Lets Hackers Execute Code on Servers

CISA and International Partners Issue Guidance for Secure AI in Infrastructure

Russia Blocks FaceTime and Snapchat for Alleged Use by Terrorists

Russian Scientist Sentenced to 21 Years on Treason, Cyber Sabotage Charges

12/3/2025

French NGO Reporters Without Borders Targeted by Star Blizzard

Disinformation and Cyber-Threats Among Top Global Business Exec Concerns

‘Exploitation Is Imminent’ as 39 Percent of Cloud Environs Have Max-Severity React Hole

UK Ransomware Payment Ban to Come with Exemptions, Security Minster Say

India Revokes Order to Preload Cybersecurity App on Smartphones After Outcry

FDA Scrutiny of WHOOP Signals Challenges for Niche Wearable Device Makers

Russia Wants This Mega Missile to Intimidate the West, but It Keeps Crashing

Security Startup Verkada Hits $5.8 Billion Valuation in Latest Funding Round Led by CapitalG

How Amazon Finds Its Cybersecurity Weak Spots

Russia Blocks Roblox Over Distribution of LGBT “Propaganda”

Google Expands Android Scam Protection Feature to Chase, Cash App in U.S.

DOJ Takes Down Myanmar Scam Center Website Spoofing TickMill Trading Platform

Canadian Police Department Becomes First to Trial Body Cameras Equipped With Facial Recognition Technology
French DIY Retail Giant Leroy Merlin Discloses a Data Breach

University of Phoenix Discloses Data Breach After Oracle Hack

Japan’s Askul Resumes Limited Online Sales 6 Weeks After Ransomware Attack

ASUS Listed by Everest Ransomware Group, 1 TB Data Stolen

Freedom Mobile Discloses Data Breach Exposing Customer Data

Fintech Firm Marquis Alerts Dozens of U.S. Banks and Credit Unions of a Data Breach After Ransomware Attack

Impacts Over 74 U.S. Banks, Credit Unions

Yearn Finance yETH Pool Hit by $9M Exploit

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

Aisuru Botnet Behind New Record-Breaking 29.7 Tbps DDoS Attack

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

12/1-2/2025

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

ShadyPanda’s Seven-Year Campaign Infects 4.3M Chrome and Edge Users

Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

Officials Accuse North Korea’s Lazarus of $30 Million Theft From Crypto Exchange

Most Companies Fear State-Sponsored Cyber-Attacks and Want More Government Help

Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

Flock Uses Overseas Gig Workers to Build its Surveillance AI

Former Cyber Spy Raises $60 Million to Fight AI Threats

CrowdStrike Forecasts Upbeat Quarterly Revenue as AI Adoption Fuels Growth

Okta Projects Strong Quarterly Revenue on Rising Demand for Cybersecurity Tools

Axiado Raises $100 Million for Chip to Save Space, Power in AI Data Centers

Your Data Might Determine How Much You Pay for Eggs

ICO Set to Check If Mobile Games Comply with Children’s Code

FTC Settlement Requires Illuminate to Delete Unnecessary Student Data

Korea Arrests Suspects Selling Intimate Videos From Hacked IP Cameras

Europol Nukes Cryptomixer Laundering Hub, Seizing €25M in Bitcoin
India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud

Faces Backlash

ChatGPT Is Down Worldwide, Conversations Dissapeared for Users

Microsoft Defender Portal Outage Disrupts Threat Hunting Alerts

Google Deletes X Post After Getting Caught Using a ‘Stolen’ AI Recipe Infographic

University of Pennsylvania Joins List of Victims From Clop’s Oracle EBS Raid

Shai-Hulud 2.0 NPM Malware Attack Exposed Up To 400,000 Dev Secrets

Southold (NY) Police Are Reporting With Pen and Paper After Cyber Attack

Fake Calendly Invites Spoof Top Brands to Hijack Ad Manager Accounts

SmartTube YouTube App for Android TV Breached to Push Malicious Update

Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

New Android Albiriox Malware Gains Traction in Dark Web Markets

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Critical PickleScan Vulnerabilities Expose AI Model Supply Chains

Google Releases Patches for Android Zero-Day Flaws Exploited in the Wild