7/8/2025

Imposter Used AI to Pose as Marco Rubio and Contact Foreign Ministers

Suspected Chinese Silk Typhoon Cybersnoop Grounded in Italy After U.S. Tipoff

Iranian Ransomware Group Pay2Key.I2P Offers Bigger Payouts for Attacks on Israel, U.S.

Over 500 Scattered Spider Phishing Domains Poised to Target Multiple Industries

BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally

4 Critical Steps in Advance of 47-Day SSL/TLS Certificates

SatanLock Ransomware to Leak All Stolen Data as Operation Shuts Down

Unless Users Take Action, Android Will Let Gemini Access Third-Party Apps

Chinese Video Surveillance Vendor Hikvision to Fight Canadian Ban

British Criminals Convicted Over Wagner Group-Linked Arson Attack on London Warehouse
UK Companies Should Have to Disclose Major Cyberattacks, Marks & Spencer Says

Marks & Spencer Chair Refuses to Say if Retailer Paid Hackers After Ransomware Attack

Activision Took Down Call of Duty Game After PC Players Hacked

Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play

Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks

Public Exploits Released for Citrix Bleed 2 NetScaler Flaw, Patch Now

Microsoft July 2025 Patch Tuesday Fixes One Zero-Day, 137 Flaws

CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

7/7/2025

Cyberattack Deals Blow to Russian Firmware Used to Repurpose Civilian Drones for Ukraine War

TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors

‘Batavia’ Windows Spyware Campaign Targets Dozens of Russian Orgs

Hundreds of Malicious Domains Registered Ahead of Prime Day

SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools

Hackers Target Employee Credentials Amid Spike in ID Attacks

Employee Gets $920 for Credentials Used in $140 Million Bank Heist
Russia’s St. Petersburg Hit by Major Internet Outage Amid Drone Strike Warnings

Qantas Is Being Extorted in Recent Data-Theft Cyberattack

Nearly 300,000 People Were Impacted by Cyberattack on Nova Scotia Power

Beware of Bert: New Ransomware Group Targets Healthcare, Tech Firms

Hackers Abuse Leaked Shellter Red Team Tool to Deploy Infostealers

Atomic macOS Infostealer Adds Backdoor for Persistent Attacks

Researchers Share CitrixBleed 2 Detection Analysis After Initial Hold

TikTok Recruits Senior UK Privacy Regulator as It Battles Fine and Investigation

7/4-6/2025

NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors

Ransomware: Hunters International Is Not Shutting Down, It’s Rebranding

Massive Spike in Use of .es Domains for Phishing Abuse

Qantas Attack Reveals One Phone Call Is All It Takes to Crack Cybersecurity’s Weakest Link: Humans

Android 16 Can Warn You That You Might Be Connected to a Fake Cell Tower

Taiwan Flags Chinese Apps Over Data Security Violations
Ingram Micro Confirms SafePay Ransomware Behind Multi-Day Outage

Hacker Leaks Telefónica Data Allegedly Stolen in a New Breach

Louis Vuitton Korea Says Systems Breach Led to Customer Data Leak

Coinbase Director Flags Possible Hack Behind $8B Bitcoin Awakening

WordPress Plugin Flaw Exposes 600,000 Sites to File Deletion

Leaks Hint at Operator-Like Tool in ChatGPT Ahead of GPT-5 Launch

South Korea Penalises ‘Negligent’ SK Telecom Over Major Data Leak

7/3/2025

Two New Pro-Russian Hacktivist Groups Target Ukraine, Recruit Insiders

Microsoft Shuts Down 3,000 Email Accounts Created by North Korean IT Workers

Top FBI Cyber Official: Salt Typhoon ‘Largely Contained’ in Telecom Networks

The Person in Charge of Testing Tech for U.S. Spies Has Resigned

CBP Wants New Tech to Search for Hidden Data on Seized Phones

Krebs: Big Tech’s Mixed Response to U.S. Treasury Sanctions

Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches

The Sky-High Cyber Risk in Healthcare: WSJ Readers Weigh In

Ransomware Crew Hunters International Shuts Down, Hands Out Keys to Victims

Russia Jails Man for 16 Years Over Pro-Ukraine Cyberattacks on Critical Infrastructure
IdeaLab Confirms Data Stolen in Ransomware Attack Last Year

Young Consulting Finds Even More Folks Affected in Breach Mess – Now Over 1 Million

Gloucester County (VA) Says April Ransomware Attack Exposed Employee SSNs

Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

IDE Extensions Pose Hidden Risks to Software Supply Chain

Privilege Escalation Flaw Found in Azure Machine Learning Service

Grafana Releases Critical Security Update for Image Renderer Plugin

Linux Users Urged to Patch Critical Sudo CVE

CVE Program Launches Two New Forums to Enhance CVE Utilization

Microsoft Windows Firewall Complains About Microsoft Code

Google Open-Sources Privacy Tech for Age Verification

7/2/2025

Scattered Spider: A Group of Young Cybercriminals Poses the ‘Most Imminent Threat’ of Cyberattacks Right Now

Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign

China-Linked Hackers Spoof Big-Name Brand Websites to Steal Shoppers’ Payment Info

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

AI Models Mislead Users on Login URLs

States Notch Victory Over 10-Year AI Law Ban

California Jury Orders Google to Pay $314 Million Over Data Transfers From Android Phones

DOJ Investigates Ex-Ransomware Negotiator Over Extortion Kickbacks

Spain Arrests Hackers Who Targeted Politicians and Journalists

CISA Warns the Signal Clone Used by Natsec Staffers Is Being Attacked, so Patch Now

Germany Seeks Deeper Partnership With Israel on Cybersecurity

1 Year Later: Lessons Learned From the CrowdStrike Outage
Airline Qantas Hit by Cyber Attack, Leaving 6 Million Customer Records at Risk of Data Breach

Amid Scattered Spider Aviation Breaches

Ransomware Gang Attacks German Charity That Feeds Starving Children

Medical Device Company Surmodics Reports Cyberattack, Says It’s Still Recovering

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

Dozens of Fake Wallet Add-Ons Flood Firefox Store to Drain Crypto

Data Breach Reveals Catwatchful ‘Stalkerware’ Is Spying on Thousands of Phones

Android SMS Stealer Infects 100,000 Devices in Uzbekistan

NimDoor Crypto-Theft macOS Malware Revives Itself When Killed

Forminator Plugin Flaw Exposes WordPress Sites to Takeover Attacks

Cisco Scores a Perfect 10 – Sadly for a Critical Flaw in Its Comms Platform

Citrix Warns of Login Issues After Netscaler Auth Bypass Patch

7/1/2025

New Report Uncovers Major Overlaps in Cybercrime and State-Sponsored Espionage

Cyberattack on Russian Independent Media Had Links to U.S.-Sanctioned Institute, Researchers Find

Columbia Cyberattack Appears Politically Motivated, University Says

TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns

Aeza Group Sanctioned for Hosting Ransomware, Infostealer Servers

AT&T Now Lets You Lock Down Your Account to Prevent SIM Swapping Attacks

Cloudflare Now Blocks AI Web Scraping by Default

Why Cybersecurity Should Come Before AI in Schools
Kelly Benefits Says 2024 Data Breach Impacts 550,000 Customers

Esse Health Says Recent Data Breach Affects Over 263,000 Patients

Johnson Controls Starts Notifying People Affected by 2023 Breach

DragonForce Ransomware Variant Tied to Emerging DEVMAN Threat Actor

New FileFix Attack Runs JScript While Bypassing Windows MoTW Alerts

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Google Issues Emergency Patch for Fourth Chrome Zero-Day of 2025

6/30/2025

Iran-Linked Hackers May Target U.S. Firms and Critical Infrastructure, U.S. Government Warns

DOJ Raids 29 ‘Laptop Farms’ in Operation Against North Korean IT Worker Scheme

Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams

Krebs: Senator Chides FBI for Weak Advice on Mobile Security

FBI: Cybercriminals Steal Health Data Posing as Fraud Investigators

Sinaloa Drug Cartel Hired a Cybersnoop to Identify and Kill FBI Informants

International Taskforce Dismantles €460m Crypto Fraud Network

IT Worker Jailed After Revenge Attack on Employer

Germany Asks Google, Apple to Remove DeepSeek AI From App Stores

Cloudflare Confirms Russia Restricting Access to Services Amid Free Internet Crackdown
ICC Says New Cybersecurity Incident Has Been Contained

Swiss Nonprofit Health Organization Breached by Sarcoma Ransomware Group

Switzerland Says Government Data Stolen in Ransomware Attack

Integrated Oncology Network Reports Data Breach Affecting cCARE Patients

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

Over 1,200 Citrix Servers Unpatched Against Critical Auth Bypass Flaw

Vulnerability Debt: How Do You Put a Price on What to Fix?

Microsoft Warns of Windows Update Delays Due to Wrong Timestamp

Microsoft Defender for Office 365 Now Blocks Email Bombing Attacks

Microsoft Authenticator Is Ending Support for Passwords

6/27-29/2025

NATO Members Aim for Spending 5% of GDP on Defense, With 1.5% Eligible for Cyber

U.S. Falling Behind China in Exploit Production

How Vulnerable Is Critical Infrastructure to Cyberattack in the U.S.?

Canada Orders China’s Hikvision to Close Canadian Operations

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack

FBI Warns of Scattered Spider’s Expanding Attacks on Airlines Using Social Engineering

Aviation, Transportation Firms

Update: Hawaiian Airlines Cyberattack Has Marks of Scattered Spider
Retail Giant Ahold Delhaize, Parent of Food Lion, Stop & Shop, Giant Food, and Hannaford, Says Data Breach Affects 2.2 Million People

Whole Foods Supplier UNFI Restores Core Systems After Cyberattack

GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool

MOVEit Transfer Systems Face Fresh Attack Risk Following Scanning Activity Surge

Bluetooth Flaws Could Let Hackers Spy Through Your Microphone

Citrix Bleed 2 Flaw Now Believed to Be Exploited in Attacks

Let’s Encrypt Ends Certificate Expiry Emails to Cut Costs, Boost Privacy

Cloudflare Open-Sources Orange Meets With End-To-End Encryption

New York Orders Local Governments to Start Reporting Cyberattacks

6/26/2025

When Iran’s Supreme Leader Emerges From Hiding He Will Find a Very Different Nation

Ayatollah Khamenei Says Iran ‘Delivered a Heavy Slap to America’s Face’; Claims Victory Over ‘Zionist’ Israel

Pentagon Chief: Iran Strike Was a ‘Historically Successful Attack’

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

Scam Compounds Labeled a ‘Living Nightmare’ as Cambodian Government Accused of Turning a Blind Eye

FBI Used Bitcoin Wallet Records to Peg Notorious IntelBroker as UK National

Missouri Man Pleads Guilty to Hacking Networks to Pitch Security Services

Ex-Student Charged Over Hacking University for Cheap Parking, Data Breaches

FTC Approves $126 Million in Fortnite Refunds Over ‘Dark Patterns’

NSA’s Patrick Ware Takes Over as Top Civilian at U.S. Cyber Command
Hawaiian Airlines Hit by Cyber Attack

Microsoft 365 ‘Direct Send’ Abused to Send Phishing as Internal Users

FBI Warning for Phone Users to Delete Certain Messages Immediately Even if Unopened – You Risk Accounts Being Drained

‘Cyber Plague’: Experts Warn of Growing Infostealer Threat After Billions of Login Details Exposed

ClickFix Attacks Surge 517% in 2025

Hundreds of MCP Servers at Risk of RCE and Data Leaks

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Windows Is Getting Rid of the Blue Screen of Death After 40 Years

How Geopolitical Tensions Are Shaping Cyber Warfare

6/25/2025

Trump Says NATO’s New 5% Defence Spending Pledge a ‘Big Win’

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

NSA and CISA Urge Adoption of Memory Safe Languages for Safety

Half of Customer Signups Are Now Fraudulent

U.S. Exchanges, SEC in Talks to Ease Public Company Regulations

British Hacker ‘IntelBroker’ Charged with $25M in Cybercrime Damages

Ransomware Attack Contributed to Patient’s Death, Says Britain’s NHS

French Cybercrime Police Arrest Five Suspected BreachForums Admins

PACER Electronic Filing System Under Attack by Hackers, Federal Judge Warns Lawmakers

Google Rolls Out Text-To-Image Model Imagen 4 for Free
Data Theft Fears After Cyber Attack on Glasgow City Council

Hackers Use Open-Source Offensive Cyber Tools to Attack Financial Businesses in Africa

Hackers Turn ScreenConnect Into Malware Using Authenticode Stuffing

SAP GUI Input History Found Vulnerable to Weak Encryption

Millions of Brother Printers Hit by Critical, Unpatchable Bug

Hackers Abuse Microsoft ClickOnce and AWS Services for Stealthy Attacks

Microsoft nOAuth Flaw Still Exposes SaaS Apps Two Years After Discovery

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

WinRAR Patches Bug Letting Malware Launch From Extracted Archives

6/24/2025

Trump Says Iran-Israel Ceasefire in Effect After Accusing Both Sides of Violating It

U.S. Strikes Did Not Destroy Iran’s Nuclear Programme, Intelligence Report Says

Trump’s Iran Attack Spurs Concerns of Retaliation in the U.S.: ICE Arrests 11 Iranian Nationals

Iran’s Cyber Forces Have Many Ways to Attack U.S., Experts Warn

FBI Cyber Leader: U.S. Can’t Forget About China’s ‘Typhoon’ Groups Amid Mideast Conflict

China-Nexus ‘LapDogs’ Network Thrives on Backdoored SOHO Devices

Insurers ‘Under Siege’ by Notorious Hacking Group Scattered Spider

Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously

Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue

New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public
Columbia University Hit by Possible ‘Cyberattack’ as It Outage Impacts Key Student Services

Leak of Data Belonging to 7.4 Million Paraguayans Traced Back to Infostealers

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

Trezor’s Support Platform Abused in Crypto Theft Phishing Attacks

Researchers Say Cybercriminals are Using Jailbroken AI Tools from Mistral and xAI

Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards

SonicWall Warns of Trojanized NetExtender Stealing VPN Logins

New FileFix Attack Weaponizes Windows File Explorer for Stealthy Commands

Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network

U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues

6/23/2025

Trump Urges Iran, Israel to Seek ‘Peace and Harmony’ After ‘Weak’ Qatar Strike

Trump Says Iran, Israel Agree to Truce

Iran Refutes Trump’s Claims of Ceasefire Deal With Israel, but Signals Readiness to End Hostilities

Cyber Fattah Leaks Data from Saudi Games in Alleged Iranian Operation

U.S. Tells Companies to Prepare for Iranian Cyberattacks

Chinese “LapDogs” ORB Network Targets U.S. and Asia

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

Taiwan Is Rushing to Make Its Own Drones Before It’s Too Late

Telegram Purged Chinese Crypto Scam Markets—Then Watched as They Rebuilt

Former U.S. Army Sergeant Pleads Guilty After Amateurish Attempt at Selling Secrets to China

Revil Ransomware Members Released After Time Served on Carding Charges

A CISO’s AI Playbook
APT28 Hackers Use Signal Chats to Launch New Malware Attacks on Ukraine

Second Attack on McLaren Health Care in a Year Affects 743K People

U.S. Insurance Giant Aflac Says Customers’ Personal Data Stolen During Cyberattack

FC Barcelona’s Data Compromised in Ransomware Attack on Insurer

CoinMarketCap Briefly Hacked to Drain Crypto Wallets via Fake Web3 Popup

Steel Giant Nucor Confirms Hackers Stole Data in Recent Breach

184 Million Passwords Leaked Across Facebook, Google, More: What to Know About This Data Breach

XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks

SparkKitty Malware on Google Play, Apple App Store Stole Your Photos—And Crypto

Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content

Citrix Patches Critical Vulns in NetScaler ADC and Gateway

6/20-22/2025

U.S. Begins Moving B-2 Bombers, as Trump Weighs Attack on Iran

U.S. Strikes 3 Nuclear Sites in Iran, in Major Regional Conflict Escalation

What We Know About U.S. Strikes on Three Iranian Nuclear Sites

U.S. Strike on Iran Began With a Ruse

Iran Hacks Security Cameras to Gain Intel on Israel

Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions

How Cyber Warfare Changes the Face of Geopolitical Conflict

Russia Expert Falls Prey to Elite Hackers Disguised as U.S. Officials

Dutch Launch Operation Orange Shield to Keep NATO Summit Safe

Tonga Ministry of Health Hit With Cyberattack Affecting Website, IT Systems

Microsoft Is Blocking Google Chrome Through Its Family Safety Feature

Microsoft to Remove Legacy Drivers From Windows Update for Security Boost
Insurer Aflac Investigating Possible Data Leak After Cyberattack

Personal Data of Oxford City Council Officers Exposed

M&S and Co-op Hacks Classified as Single Cyber Event

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages

Bitopro Exchange Links Lazarus Hackers to $11 Million Crypto Heist

No, the 16 Billion Credentials Leak Is Not a New Data Breach

Russian Dairy Supply Disrupted by Cyberattack on Animal Certification System

Netflix, Apple, BofA Websites Hijacked With Fake Help-Desk Numbers

Cloudflare Blocks Record 7.3 Tbps DDoS Attack Against Hosting Provider

New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud, and NFC Theft

WordPress Motors Theme Flaw Mass-Exploited to Hijack Admin Accounts

Meta To Introduce Full Passkey Support for Facebook on Mobiles

6/18-19/2025

Israel-Tied Predatory Sparrow Hackers Are Waging Cyberwar on Iran’s Financial System

Israeli Hacktivists Steal and Burn $90m+ from Iranian Crypo Biz

Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict

Iran’s Internet Blackout Adds New Dangers for Civilians Amid Israeli Bombings

Finland Could Charge Russia-Linked Ship’s Officers Over Cable Breaks by ‘August at the Latest’

Argentina Uncovers Suspected Russian Spy Ring Behind Disinformation Campaigns

Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Telecom Giant Viasat Breached by China’s Salt Typhoon Hackers

North Korean Hackers Deploy Python-Based Trojan PylangGhost Targeting Crypto

North Korean BlueNoroff Hackers Deepfake Execs in Zoom Call to Spread Mac Malware

Researchers Warn of ‘Living off AI’ Attacks After PoC Exploits Atlassian’s AI Agent Protocol

AI Now Generates Majority of Spam and Malicious Emails

Think Twice Before You Click ‘Unsubscribe’

Ransomware Group Qilin Offers Legal Counsel to Affiliates

Alleged Ryuk Initial Access Broker Extradited to the U.S.

U.S. Recovers $225 Million of Crypto Stolen in Investment Scams
Krispy Kreme Says November Data Breach Impacts Over 160,000 People

Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud

UBS Employee Data Reportedly Exposed in Third Party Attack

Asana Warns MCP AI Feature Exposed Customer Data to Other Orgs

Healthcare SaaS Firm Episource Says Data Breach Impacts 5.4 Million Patients

India’s TCS Says None of Its Systems Were Compromised in M&S Hack

Minecraft Cheaters Never Win … But They May Get Malware

Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs

Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign

GodFather Malware Upgraded to Hijack Legitimate Mobile Apps

ClickFix Helps Infostealers Use MHSTA for Defense Evasion

New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains

Critical Linux Flaws Discovered Allowing Root Access Exploits

CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability

BeyondTrust Warns of Pre-auth RCE in Remote Support Software

Microsoft Unveils New Security Defaults for Windows 365 Cloud PCs

DuckDuckGo Beefs up Scam Defense to Block Fake Stores, Crypto Sites

6/17/2025

Israel-Iran Air War Enters Sixth Day, Trump Calls for Iran’s ‘Unconditional Surrender’

Suspected Israeli Hackers Claim to Destroy Data at Iran’s Bank Sepah

Pro-Cambodian Hacktivists Launch Attacks on Thai Government Sites Amid Border Dispute

Taiwan Hit by Sophisticated Phishing Campaign

Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware

Viasat Identified as Victim in Sweeping Phone Hack Tied to China

Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses

Paddle Settles for $5 Million Over Facilitating Tech Support Scams

UK ICO Fines 23andMe £2.3m for Data Protection Failings

Microsoft Promises to Keep European Cloud Data in Europe

Italy’s Leonardo Buys a European Cybersecurity Company

Operation Endgame: Do Takedowns and Arrests Matter?
Scania Confirms Insurance Claim Data Breach in Extortion Attempt

Hacker Steals 1 Million Cock.li User Records in Webmail Data Breach

Russia Detects First SuperCard Malware Attacks Skimming Bank Data via NFC

Hacklink Marketplace Fuels Surge in Covert SEO Poisoning Attacks

Instagram ‘BMO’ Ads Use AI Deepfakes to Scam Banking Customers

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

New Veeam RCE Flaw Lets Domain Users Hack Backup Servers

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

‘b’: Chained Flaws in Enterprise CMS Provider Sitecore Could Allow Remote Code Execution

LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents

6/16/2025

Israeli Startup Hub Under Missile Fire

Companies Warned On Iranian Cyberattacks

Hackers Impersonating U.S. Government Compromise Email Account of Prominent Russia Researcher

Bipartisan Bill Aims to Create CISA-HHS Liaison for Hospital Cyberattacks

Archetyp Market Shut Down in Europe-Wide Law Enforcement Operation

U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network

U.S. Offering $10 Million for Info on Iranian Hackers Behind IOControl Malware

Kali Linux 2025.2 Released With 13 New Tools, Car Hacking Updates
Zoomcar Discloses Security Breach Impacting 8.4 Million Users

As Grocery Shortages Persist, UNFI Says It’s Recovering From Cyberattack

Remorseless Extortionists Claim to Have Stolen Thousands of Files From Freedman HealthCare

Scattered Spider Has Moved From Retail to Insurancee

Threat Actors Target Victims with HijackLoader and DeerStealer

ASUS Armoury Crate Bug Lets Attackers Get Windows Admin Privileges

Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus

Microsoft: June Windows Server Security Updates Cause DHCP Issues

6/13-15/2025

Here Are the Top Iranian Leaders Killed in Israel’s Precision Airstrikes — Including Revolutionary Guard Leader, Gen. Hossein Salami

A Miscalculation by Iran Led to Israeli Strikes’ Extensive Toll, Officials Say

Israel-Iran Clashes Escalate, Civilians Urged to Evacuate Target Areas

700% Spike in Cyber Attacks on Israel Since Strike on Iran

Trump Vetoed Israeli Plan to Kill Iran’s Supreme Leader, U.S. Official Tells AP

‘No Kings’ Protests, Citizen-Run ICE Trackers Trigger Intelligence Warnings

Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names

Krebs: Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Google’s $32 Billion Deal for Wiz Gets Antitrust Review

Danish Government Agency to Ditch Microsoft Software in Push for Digital Independence

Do You Trust XI With Your ‘Private’ Browsing Data? Apple, Google Stores Still Offer China-Based VPNs

CISOs Must Align Business Objectives & Cybersecurity
Cyberattack on Washington Post Strikes Journalists’ Email Accounts

WestJet Probes Cybersecurity Incident Affecting App and Internal Systems

Victoria’s Secret Recovers Critical Systems After Cyberattack

Cloudflare: Outage Not Caused by Security Incident, Data Is Safe

Government Offices in North Carolina, Georgia Disrupted by Cyberattacks

Worker Information Provided to MEMIC Indemnity Leaked in at OneGroup NY Data Breach

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

Anubis Ransomware Adds Wiper to Destroy Files Beyond Recovery

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Over 46,000 Grafana Instances Exposed to Account Takeover Bug

6/12/2025

Graphite Spyware Used in Apple iOS Zero-Click Attacks on Journalists

Apple Fixes New iPhone Zero-Day Bug Used in Paragon Spyware Hacks

Predator Spotted in Mozambique for First Time, Another Sign of Spyware’s Availability

Belarusian Hackers Taunt Kaspersky Over Report Detailing Their Attacks

SmartAttack Uses Smartwatches to Steal Data From Air-Gapped Systems

NIST Publishes New Zero Trust Implementation Guidance

Europol Says Criminal Demand for Data is “Skyrocketing”

Microsoft Edge Now Offers Secure Password Deployment for Businesses

23andMe Privacy Ombudsman Recommends Company Obtains Consent for Sale of Customer Data
‘Major Compromise’ at NHS Temping Arm Exposed Gaping Security Holes

Ransomware Attack on Ticketing Platform Yes24 Upends South Korean Entertainment Industry

Fog Ransomware Attack Uses Unusual Mix of Legitimate and Open-Source Tools

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

GitLab Patches High Severity Account Takeover, Missing Auth Issues

Trend Micro Fixes Critical Vulnerabilities in Multiple Products

Palo Alto Networks Patches Series of Vulnerabilities

The $200,000 Zoom Call

6/11/2025

Congress Introduces Bill to Strengthen Healthcare Cybersecurity

Half of Mobile Users Now Face Daily Scams

20,000 Asian IPs and Domains Dismantled in Infostealer Crackdown

Singapore Leads Multinational Operation to Shutter Scam Centers Tied to $225 Million in Thefts

How Waymo Handles Footage From Events Like the LA Immigration Riots

Cyber Startup Cyera Raises $540 Million in Series E Round

Infamous Website 4chan to Be Investigated by UK Communications Regulator
Erie Insurance Confirms Cyberattack Behind Business Disruptions

Cyber-Attack Targets Ogeechee (GA) Judicial Circuit District Attorney

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Zero-Click AI Data Leak Flaw Uncovered in Microsoft 365 Copilot

WhatsApp Moves to Join Apple’s Encryption Fight With UK Government

6/10/2025

Trump Administration Executive Order Changes Cybersecurity Policy

Stealth Falcon: CISA, Microsoft Warn of Windows Zero-Day Used in Attack on ‘Major’ Turkish Defense Org

Hundreds of Russian Devices Hit by Rare Werewolf Cryptomining Attacks

DDoS Attacks on Financial Sector Surge in Scale and Sophistication

DanaBot Malware Operators Exposed via C2 Bug Added in 2022

ConnectWise Rotating Code Signing Certificates Over Security Concerns

Microsoft Outlook to Block More Risky Attachments Used in Attacks

Apple Intelligence Is Gambling on Privacy as a Killer Feature

Airlines Don’t Want You to Know They Sold Your Flight Data to DHS

Spanish Minister Says Private Power Firms Slow to Share Information in Blackout Probe

Five Plead Guilty to Laundering $36 Million Stolen in Investment Scams

SSH Keys: The Most Powerful Credential You’re Probably Ignoring
Mastery Schools Notifies 37,031 of Major Data Breach

Ongoing Cyberattack at U.S. Grocery Distributor Giant UNFI Affecting Customer Orders

Stolen Ticketmaster Data From Snowflake Attacks Briefly for Sale Again

FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

New Secure Boot Flaw Lets Attackers Install Bootkit Malware, Patch Now

Android Enterprise Rolls Out Security and Productivity Updates

Ivanti Workspace Control Hardcoded Key Flaws Expose SQL Credentials

Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

Krebs: Patch Tuesday, June 2025 Edition

6/9/2025

Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group PurpleHaze

SentinelOne Shares New Details on China-Linked Breach Attempt

U.S. Infrastructure Could Crumble Under Cyberattack, Ex-NSA Advisor Warns

Paraguay President’s X Account Likely Hacked in Bitcoin Scheme

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

Sam Altman Brings His Eye-Scanning Identity Verification Startup to the UK

Spyware Maker Paragon Cuts Ties With Italy After Government Refused Audit Into Hack of Journalist’s Phone

Kazakhstan Detains Over 140 for Allegedly Selling Citizens’ Data via Telegram Channels
Let Them Eat Junk: United Natural Foods, Supplier to Whole Foods, Walmart, Hit by Cyberattack

NHS Calls for 1 Million Blood Donors as UK Stocks Remain Low Following Cyberattack

Jackson Health System Announces Another 5-Year Insider Data Breach

Nearly 300,000 Crash Records Stolen From Texas Transportation Department

Sensata Technologies Says Personal Data Stolen by Ransomware Gang

New Hacker Group Uses LockBit Ransomware Variant to Target Russian Companies

PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites

Over 84,000 Roundcube Instances Vulnerable to Actively Exploited Flaw

Next-Gen Developers Are a Cybersecurity Powder Keg

6/6-8/2025

Chinese Hackers and User Lapses Turn Smartphones Into a ‘Mobile Security Crisis’

New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack

OpenAI Takes Down ChatGPT Accounts Linked to State-Backed Hacking, Disinformation

The Pentagon Disinformation That Fueled America’s UFO Mythology

States Rebuff Proposed Federal Ban on AI Laws

Trump Administration Takes Aim at Biden and Obama Cybersecurity Rules

Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam

Uncle Sam Moves to Seize $7.7m Laundered by North Korean IT Worker Ring

Hacker Arrested After Exploiting 5,000 Accounts in $4.5 Million Cryptojacking Scheme

Nigeria Jails 9 Chinese Nationals for Being Part of International Cyberfraud Syndicate

Police Arrests 20 Suspects for Distributing Child Sexual Abuse Content

Microsoft Shares Script to Restore Inetpub Folder You Shouldn’t Delete
Tax Resolution Firm Optima Tax Relief Hit by Ransomware, Data Leaked

Kettering Health Confirms Attack by Interlock Ransomware Group as Health Record System Is Restored

Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025

Malicious npm Packages Posing as Utilities Delete Project Directories

Malware Found in npm Packages With 1 Million Weekly Downloads

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

New Mirai Botnet Infect TBK DVR Devices via Command Injection Flaw

Critical Fortinet Flaws Now Exploited in Qilin Ransomware Attacks

Google’s Upcoming Gemini Kingfall Is Allegedly a Coding Beast

Enterprises Are Getting Stuck in AI Pilot Hell, Say Chatterbox Labs Execs

6/5/2025

Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands

Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware

China Offers Cash Rewards for Hackers It Says Are Taiwanese Military

Krebs: Proxy Services Feast on Ukraine’s IP Address Exodus

What Really Happened in the Aftermath of the Lizard Squad Hacks

Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect

What to Know About Picking a Virtual Cyber Chief

Nintendo Warns Switch 2 GameChat Users: “Your Chat Is Recorded”

Cellebrite Buys Corellium to Help Cops Bust Phone Encryption

Uncle Sam Puts $10M Bounty on RedLine Dev and Russia-Backed Cronies

ViLE Gang Members Sentenced for DEA Portal Breach, Extortion
AT&T Not Sure if New Customer Data Dump Is Déjà Vu

Old AT&T Data Leak Repackaged to Link SSNs, DOBs to 49M Phone Numbers

Evansville Based Business Anchor Industries Hit with Ransomware Attack

UK Tax Authority Reveals Scammers Stole £47 Million

FBI: BADBOX 2.0 Android Malware Infects Millions of Consumer Devices

Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials

Hacker Selling Critical Roundcube Webmail Exploit as Tech Info Disclosed

Google’s Upcoming Gemini Kingfall Is Allegedly a Coding Beast

Microsoft Makes a ‘Proactive Investment’ in EU Cybersecurity Amid Bloc’s Tensions With U.S.

Trump’s National Cyber Director Nominee Grilled About His Resume, Proposed Spending Cuts

FTC Chair Implores Congress to Strengthen Children’s Online Privacy Protection Law

6/4/2025

The Race to Build Trump’s ‘Golden Dome’ Missile Defense System Is On

Ukraine Claims It Hacked Tupolev, Russia’s Strategic Warplane Maker

Microsoft Unveils Free EU Cybersecurity Program for Governments

See How Much Faster a Quantum Computer Will Crack Encryption

FBI Says Palm Springs Bombing Suspects Used AI Chat Program to Help Plan Attack

ICE Quietly Scales Back Rules for Courthouse Raids

Hacker Arrested for Breaching 5,000 Hosting Accounts to Mine Crypto

BidenCash Carding Market Domains Seized in International Operation

Cybersecurity Investor Merlin Ventures Raises Over $75 Million Debut Fund

In the AI Race With China, Don’t Forget About Security

CISA Workforce Cut by Nearly One-Third So Far
Ecopetrol Alerts About Security Violations and Possible Leak

Crims Stole 40,000 People’s Data From Our Network, Admits Publisher Lee Enterprises

Interlock Ransomware Gang Claims Responsibility for Kettering Health Hack

Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

Phishing Campaign Uses Fake Booking.com Emails to Deliver Malware

FBI Warns of NFT Airdrop Scams Targeting Hedera Hashgraph Wallets

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Widespread Campaign Targets Cybercriminals and Gamers

Play Ransomware Crims Exploit SimpleHelp Flaw in Double-Extortion Schemes

Cisco Warns of ISE and CCP Flaws with Public Exploit Code

6/3/2025

Thousands Impacted by Cyberattacks on Governments in Ohio, Oklahoma, Puerto Rico

X’s New ‘Encrypted’ Xchat Feature Seems No More Secure Than the Failure That Came Before It

Man Pleads Guilty to Swatting Spree Impacting Scores of Government Officials

Meta and Yandex Are De-anonymizing Android Users’ Web Browsing Identifiers

Germany Hands Vodafone $51 Million Fine Over Data Privacy Violations

How ‘Big Ag’ Spied on Animal Rights Activists and Pushed the FBI to Treat Them as Bioterrorists

Marriott Wins U.S. Appeals Order Striking Down Data Breach Class Action

CrowdStrike Shares Drop on Weak Revenue Guidance

Mozilla Launches New System to Detect Firefox Crypto Drainer Add-Ons
Indian Grocery Startup KiranaPro Was Hacked and Its Servers Deleted, CEO Confirms

Coinbase Breach Tied to Bribed TaskUs Support Agents in India

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware

Malicious RubyGems Pose as Fastlane to Steal Telegram API Data

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Hewlett Packard Enterprise Warns of Critical StoreOnce Auth Bypass

CISA Warns of ConnectWise ScreenConnect Bug Exploited in Attacks

Google Quietly Pushes Emergency Fix for Chrome 0-Day as Exploit Runs Wild

OpenAI is Hopeful GPT-5 Will Compete a Little More

6/2/2025

Ukrainians Smuggle Drones Hidden in Cabins on Trucks to Strike Russian Airfields

Pro-Ukraine Hacker Group Black Owl Poses ‘Major Threat’ to Russia, Kaspersky Says

North Korean Spies Want Your Jobs. Here’s What You Can Do.

‘Forest Blizzard’ vs ‘Fancy Bear’ – Cyber Companies Hope to Untangle Weird Hacker Nicknames

Top U.S. Cyber Agency Faces Staff and Funding Cuts in New Budget

Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown

‘Russian Market’ Emerges as a Go-to Shop for Stolen Credentials

Mysterious Leaker GangExposed Outs Conti Kingpins in Massive Ransomware Data Dump

AI Is Learning to Escape Human Control

Google Chrome to Distrust Chunghwa Telecom, Netlock Certificates in August

SentinelOne: Last Week’s 7-Hour Outage Caused by Software Flaw

NSO Appeals WhatsApp Decision, Says It Can’t Pay $168 Million in ‘Unlawful’ Damages
The North Face Warns Customers of April Credential Stuffing Attack

Cartier Discloses Data Breach Amid Fashion Brand Cyberattacks

MainStreet Bancshares Says Thieves Drained Customer Data Through Third Party Hole

Coinbase Breach Linked to Customer Data Leak in India, Sources Say

Malaysian Home Minister’s WhatsApp Hacked, Used to Scam Contacts

Vanta Bug Exposed Customers’ Data to Other Customers

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Cryptojacking Campaign Targets DevOps Servers Including Nomad

Sophisticated Malware Campaign Targets Windows and Linux Systems

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Implementing Secure by Design Principles for AI

5/30-6/1/2025

U.S. Government Is Investigating Messages Impersonating Trump’s Chief of Staff, Susie Wiles

Impersonator Breached Chief of Staff Susie Wiles’s Phone, Trump Says

Senators Call on Trump Admin to Reinstate Cyber Review Board for Salt Typhoon Investigation

India’s Alarm Over Chinese Spying Rocks the Surveillance Industry

Mandatory Ransomware Payment Disclosure Begins in Australia

U.S. Banks Urge SEC to Repeal Cyber Disclosure Rule

Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin

Police Takes Down AVCheck Site Used by Cybercriminals to Scan Malware

Krebs: U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Feds Arrest DoD Techie, Claim He Dumped Top Secret Files in Park for Foreign Spies to Find
Meta Says It Disrupted Influence Operations Linked to China, Iran, Romania

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

ConnectWise Breach Linked to Nation-State Hackers

Hospitals in Maine, New Hampshire Limit Services After Cyberattack on Catholic Health Org Covenant Health

DDoS Incident Disrupts Internet for Thousands in Moscow

New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data

Hackers Are Exploiting Critical Flaw in vBulletin Forum Software

Exploit Details for Max Severity Cisco iOS XE Flaw Now Public

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Microsoft Authenticator Now Warns to Export Passwords Before July Cutoff

5/29/2025

Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Threat Actors Abuse Google Apps Script in Evasive Phishing Attacks

New Fullscreen Browser-in-the-Middle (BitM) Exploit Technique Undermines Phishing Detection

Do-It-Yourself Cyberattack Tools Are Booming

The U.S. Is Storing Migrant Children’s DNA in a Criminal Database

U.S. Sanctions Firm Linked to Cyber Scams Behind $200 Million in Losses

European Commission: Make Europe Great Again… For Startups
Victoria’s Secret Takes Website Offline After Security Incident

ConnectWise Confirms Hack, “Very Small Number” of Customers Affected

Kettering Health No Longer Diverting Ems From Its Hospitals

Malware Analysis Reveals Sophisticated RAT With Corrupted Headers

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

The Ancient Warfare Tactics Behind Modern Cyber Attacks

UK Military to Establish New Cyber and Electromagnetic Command

5/28/2025

Czech Republic Accuses China (APT31) of Government Hack

Ukraine Tallies up Russian Cyberattacks on Local Media Since Start of War

Ukraine Detains Alleged Russian Spies Who Used Dash Cams to Guide Missile Strikes

Russian IT Pro Sentenced to 14 Years Forced Labor for Sharing Medical Data With Ukraine

North Korea Infiltrates U.S. Remote Jobs—With the Help of Everyday Americans

Google Warns of Vietnam-Based Hackers Using Bogus AI Video Generators to Spread Malware

Krebs: Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Oregon Becomes Second State to Ban Sale of Precise Geolocation Data

Cybersecurity Provider Netskope Taps Morgan Stanley for U.S. IPO, Sources Say

AI Developers Should Be Philosophers as Much as Technologists

Why Take9 Won’t Improve Cybersecurity
LexisNexis Leaked Social Security Numbers and Other Personal Data of Over 364,000 People

More Than $12 Million Stolen From Crypto Platform Cork Protocol

Dark Partners Cybercrime Gang Fuels Large-Scale Crypto Heists

Interlock Ransomware Gang Deploys New NodeSnake RAT on Universities

Fake Bitdefender Site Spreads Trio of Malware Tools

251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch

New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

Botnet Hacks 9,000+ ASUS Routers to Add Persistent SSH Backdoor

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

Ivanti Vulnerability Exploit Could Expose UK NHS Data

Microsoft OneDrive Flaw Exposes Users to Data Overreach Risks

5/27/2025

China, Taiwan Trade Accusations Over Cyberattacks

Russian Hackers Void Blizzard (aka Laundry Bear) Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

CISA Cuts Could Sap U.S. Response to China, Insiders Say

U.S. Government Launches Audit of NIST’s National Vulnerability Database

Governments Urge Organizations to Prioritize SIEM/SOAR Adoption

Apple Says It Blocked $2 Billion in App Store Fraud Last Year

Iranian Pleads Guilty to RobbinHood Ransomware Attacks, Faces 30 Years
MATLAB Dev Confirms Ransomware Attack Behind Service Outage

Nearly 70,000 Impacted by Ransomware Attack on Sheboygan, Wisconsin

Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

DragonForce Ransomware Leveraged in MSP Attack Using RMM Tool

Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Malicious Machine Learning Model Attack Discovered on PyPI

5/23-25/2025

Musk’s DOGE Expanding His Grok AI in U.S. Government, Raising Conflict Concerns

When 20,000 Devices Were Paralyzed by a Bad Update, a Georgia Health System Turned to Apple

Glitch to End App Hosting and User Profiles on July 8

Telegram ‘Surprised’ as Vietnam Orders Messaging App to Be Blocked

Law Enforcement Busts Initial Access Malware Used to Launch Ransomware

Remembering John Young, Co-founder of Web Archive Cryptome

Leak Suggests xAI is Getting Ready to Ship Grok 3.5

Vibe Coding Company Says Claude 4 Reduced Syntax Errors by 25%

Researchers Claim ChatGPT O3 Bypassed Shutdown in Controlled Test

ChatGPT Deep Research Can Now Pull Data From Dropbox and Box
Adidas Warns of Consumer Data Breach

Ransomware Scum Leaked Nova Scotia Power Customers’ Info

DragonForce Engages in “Turf War” for Ransomware Dominance

FBI Warns of Luna Moth Extortion Attacks Targeting Law Firms

Fake Zenmap. WinMRT Sites Target IT Staff with Bumblebee Malware

Dozens of Malicious Packages on NPM Collect Host and Network Data

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Windows Zero-Day Bug Exploited for Browser-Led RCE

Commvault Clients Should Beware of Campaign Targeting Cloud Applications, CISA Says

5/22/2025

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

Krebs: Oops, DanaBot Malware Devs Infected Their Own PCs

FTC Finalizes Order Requiring GoDaddy to Secure Hosting Services

OpenAI, Google and xAI Battle for Superstar AI Talent, Shelling Out Millions

Russia Expected to Pass Experimental Law That Tracks Foreigners in Moscow via Smartphones

Police Arrests 270 Dark Web Vendors, Buyers in Global Crackdown

Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying

U.S. Indicts Leader of Qakbot Botnet Linked to Ransomware Attacks
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials

Sui Validators Freeze Majority of Stolen Funds in $220M Cetus Hack

AI-Generated TikTok Videos Used to Distribute Infostealer Malware

Blurring Lines Between Scattered Spider & Russian Cybercrime

Russian Hacker Group Killnet Returns With New Identity

Russian Threat Actor TAG-110 Goes Phishing in Tajikistan

Hackers Use Fake Ledger Apps to Steal Mac Users’ Seed Phrases

Following Data Breach, Multiple Stalkerware Apps Go Offline

Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise

Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform

5/21/2025

Western Intelligence Agencies Expose Russian Cyber Campaign Targeting Support for Ukraine

Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics

Hacker Who Breached Communications App Used by Trump Aide Stole Data From Across U.S. Government

M&S Says Cyber Attack Was Result of Human Error, Declines to Comment on Ransom

M&S Cyberattack to Wipe out Nearly One-Third of Annual Profits

Authorities Carry out Elaborate Global Takedown of Infostealer Lumma Heavily Used by Cybercriminals

3 Teens Almost Got Away With Murder. Then Police Found Their Google Searches

EU Sanctions Target Individuals, Organizations Behind Russia’s Disinformation and Sabotage Operations

European Union Sanctions Stark Industries for Enabling Cyberattacks

“Microsoft Has Simply Given Us No Other Option,” Signal Says as It Blocks Windows Recall
Coinbase Confirms Insiders Handed over Data of 70K Users

Sensitive Data Stolen in West Lothian Cyber Attack

Bell Canada Restores Internet Service After Outage Hits Users in Quebec, Ontario

Cybercriminals Mimic Kling AI to Distribute Infostealer Malware

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

3AM Ransomware Uses Spoofed IT Calls, Email Bombing to Breach Networks

PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms

Data-stealing Chrome Extensions Impersonate Fortinet, YouTube, VPNs

Critical Samlify SSO Flaw Lets Attackers Log in as Admin

Flaw in Google Cloud Functions Sparks Broader Security Concerns

OpenAI Hints at a Big Upgrade for ChatGPT Operator Agent

Anthropic Web Config Hints at Claude Sonnet 4 and Opus 4

5/20/2025

Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits and Wipers

South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware

Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

Dutch Government Passes Law to Criminalize Cyber-Espionage

Half of Consumers Targeted by Social Media Fraud Ads

Uncensored AI Tool Raises Cybersecurity Alarms

Cybersecurity Is in a Pivotal Moment With AI, Says Palo Alto Networks CEO

Mounting GenAI Cyber Risks Spur Investment in AI Security

PowerSchool Hacker Pleads Guilty to Student Data Extortion Scheme

Police Investigation Into UK Retail Hacks Focuses on English-Speaking Youths

Federal Charges Filed Against Dem Congresswoman Following Confrontation at ICE Facility

What to Expect When You’re Convicted

VanHelsing Ransomware Builder Leaked on Hacking Forum

Why Rigid Security Programs Keep Failing
Krebs: KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

Kettering Health Suffers System-Wide Tech Outage From Cyberattack, Cancels Elective Procedures

Supplier to Major Supermarkets Peter Green Chilled Hit by Cyber Attack

Mobile Carrier Cellcom Confirms Cyberattack Behind Extended Outages

SK Telecom Says Malware Breach Lasted 3 Years, Impacted 27 Million Numbers

Debt Collector Data Breach Affects 200,000 Harbin Clinic Patients

Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery

Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

Premium WordPress ‘Motors’ Theme Vulnerable to Admin Takeover Attacks

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Freshly Discovered Bug in OpenPGP.js Undermines Whole Point of Encrypted Comms

5/19/2025

Russia-Linked Disinformation Floods Poland, Romania as Voters Cast Ballots

France Rejects Telegram CEO’s Accusations of Romanian Election Interference

Trump Signs Bill Cracking down on Explicit Deepfakes

GDPR Changes Risk Undermining its Principles, Civil Society Groups Warn

Delta Can Sue CrowdStrike Over Computer Outage That Caused 7,000 Canceled Flights

23andMe Sold for $256 Million as Buyer Pledges to Comply With Existing Privacy Policies

SolarWinds Security Chief on the Risks and Rewards of Being a CISO

OpenAI Plans to Combine Multiple Models Into GPT-5

Microsoft Unveils Windows AI Foundry for AI-Powered PC Apps
UK Legal Aid Agency Admits Major Breach of Applicant Data

Breaches at Serviceaide, Nationwide Recovery Services Expose Medical Info of More Than 500,000 People

Arla Foods Confirms Cyberattack Disrupts Production, Causes Delays

RVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized Installer

Fake KeePass Password Manager Leads to ESXi Ransomware Attack

RCE Vulnerability Found in RomethemeKit For Elementor Plugin

O2 UK Patches Bug Leaking Mobile User Location From Call Metadata

Mozilla Fixes Firefox Zero-Days Exploited at Hacking Contest

Hackers Earn $1,078,750 for 28 Zero-Days at Pwn2Own Berlin

5/16-18/2025

Key Lawmaker Says Pause in Offensive Cyber Operations Against Russia Lasted One Day

Japan Enacts New Active Cyberdefense Law Allowing for Offensive Cyber Operations

Fired U.S. Gov’t Workers, Uncle XI Wants You! – To Apply for This Fake Consulting Gig

A Letter From the M&S Hackers Landed in My Inbox – This Is What Happened Next

Ex-NSA Bad-Guy Hunter Listened to Scattered Spider’s Fake Help-Desk Calls: ‘Those Guys Are Good’

How the Signal Knockoff App Telemessage Got Hacked in 20 Minutes

Boffins Devise Technique That Lets Users Prove Location Without Giving It Away

U.S. Charges 12 More Suspects Linked to $230 Million Crypto Theft

How a Band of Gamers Became a $263 Million Bitcoin Crime Syndicate

Israel Arrests New Suspect Behind Nomad Bridge $190M Crypto Hack

Hack of SEC Social Media Account Earns 14-Month Prison Sentence for Alabama Man
Russian Hospital Faces Multi-Day Shutdown as Pro-Ukraine Group Claims Cyberattack

UK National Health Service Suppliers Asked to Tackle ‘Endemic’ Ransomware Attacks

Broadcom Employee Data Stolen by Ransomware Crooks Following Hit on Payroll Provider

Printer Maker Procolored Offered Malware-Laced Drivers for Months

Ransomware Gangs Increasingly Use Skitnet Post-Exploitation Malware

Dynamic DNS Emerges as Go-to Cyberattack Facilitator

New ‘Defendnot’ Tool Tricks Windows Into Disabling Microsoft Defender

New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors

CISA Tags Recently Patched Chrome Bug as Actively Exploited

Hackers Exploit VMware ESXi, Microsoft SharePoint Zero-Days at Pwn2Own

ChatGPT Rolls Out Codex, an AI Tool for Software Programming

5/15/2025

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

UAE to Build Biggest AI Campus Outside U.S. in Trump Deal, Bypassing Past China Worries

Lawmakers Push for Reauthorization of Cyber Information Sharing Bill as Deadline Looms

House GOP Move to Block State AI Laws Sounds Cyber Alarms

FBI Warns of AI Voice Messages Impersonating Top U.S. Officials

Meet the Team Paid to Break Into Top-Secret Bases

Krebs: Breachforums Boss to Pay $700k in Healthcare Breach

UnitedHealth’s String of Setbacks, From Exec Murder to Cyber Attack

Cybersecurity Firm Proofpoint to Buy European Rival Hornetsecurity for Over $1 Billion as It Eyes IPO

Socket Buys Coana to Tell You Which Security Alerts You Can Ignore

Meta Is Delaying the Rollout of Its Flagship AI Model
Attack Claimed by Pro-Ukraine Hackers Reportedly Erases a Third of Russian Court Case Archive

Leading Crypto Firm Coinbase Faces up to $400M Hit From Cyber Attack

Coinbase Says ‘Rogue’ Support Agents Helped Steal Customer Data

Coinbase Offers $20m Bounty to Take Down Cybercrime Ring Behind Hack

PowerShell-Based Loader Deploys Remcos RAT in New Fileless Attack

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

Windows 11 and Red Hat Linux Hacked on First Day of Pwn2Own

Leak Confirms OpenAI’s ChatGPT Will Integrate MCP

ChatGPT Will Soon Record, Transcribe, and Summarize Your Meetings

New Tor Oniux Tool Anonymizes Any Linux App’s Network Traffic

5/14/2025

Russian Internet Shutdown That Disrupted Essential Services Condemned by Rights Groups

Australian Human Rights Commission Leaks Docs to Search Engines

New Leadership Picks for Cyber Command, NSA Coming Soon Amid Broader Decision on Structure

CISA Reverses Decision on Cybersecurity Advisory Changes

Google Chrome to Block Admin-Level Browser Launches for Better Security

89 Million Steam Accounts Allegedly Compromised in a Data Breach. Our Advice: Change Your Password Now

Xinbi Guarantee: The Internet’s Biggest-Ever Black Market Just Shut down Amid a Telegram Purge

European Police Bust €3m Investment Fraud Ring

CFPB Quietly Kills Rule to Shield Americans From Data Brokers

Meta’s Still Violating GDPR Rules With Latest Plan to Train AI on EU User Data, Says NOYB

British Retailer M&S Reportedly Set to Claim £100 Million From Insurers After Cyberattack
Russian Military Cadet Reportedly Arrested for Selling Hacking Tool to FSB Agent

Nova Scotia Power Says Customer Banking Details May Have Been Stolen by Hackers

Steel Giant Nucor Corporation Facing Disruptions After Cyberattack

Fashion Giant Dior Discloses Cyberattack, Warns of Data Breach

Google Says Hackers That Hit UK Retailers Now Targeting American Stores

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

New ‘Chihuahua’ Infostealer Targets Browser Data and Crypto Wallet Extensions

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Krebs: Patch Tuesday, May 2025 Edition

5/13/2025

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

DPRK-Backed TA406 Targets Ukraine With Malware Campaigns

South Korean Researchers Uncover Another APT37 Cyber-Espionage Campaign From the North

CISA Shifts Alert Distribution Strategy to Email, Social Media

European Vulnerability Database Launches Amid U.S. CVE Chaos

Google Introduces Advanced Protection Mode for Its Most At-Risk Android Users

Microsoft Will Update Office Apps on Windows 10 Until 2028

An $8.4 Billion Chinese Hub for Crypto Crime Is Incorporated in Colorado

States Push WeChat for Answers Over Money Laundering Allegations

U.S. Extradites Kosovo National Charged in Operating Illegal Online Marketplace
Chinese-Speaking Hackers Disrupt Drone Supply Chains in Taiwan, Researchers Say

M&S Confirms Customer Data Stolen in Cyber-Attack

Over 100K Impacted by Andy Frain Breach

Twilio Denies Breach Following Leak of Alleged Steam 2FA Codes

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Intel’s Data-Leaking Spectre Defenses Scared off Yet Again

Ivanti Warns of Critical Neurons for ITSM Auth Bypass Flaw

Ivanti Fixes EPMM Zero-Days Chained in Code Execution Attacks

Fortinet Fixes Critical Zero-Day Exploited in FortiVoice Attacks

SAP Patches Second Zero-Day Flaw Exploited in Recent Attacks

Microsoft May 2025 Patch Tuesday Fixes 5 Exploited Zero-Days, 72 Flaws

5/12/2025

Hacktivist Attacks on India Overstated Amid APT36 Espionage Threat

Inside the Misinformation Tsunami Around India-Pakistan Cyber Threats

South African Influencers-For-Hire Target Ukraine’s President in Influence Campaign, Researchers Say

Poland to Shut Russian Consulate After Blaming Kremlin Spies for Arson Attack on Warsaw Mall

Russia’s ‘Outsourced’ Bulgarian Spy Ring Sentenced to More Than 50 Years in UK

Moldova Arrests Suspect Linked to DoppelPaymer Ransomware Attacks

Theom, a Data-Security Startup, Nabs $20 Million

You Can File a Claim for Part of 23andMe’s $30 Million Data Breach Settlement Right Now
Airline Carrying out Deportation Flights Confirms Cyberattack to SEC

Fears ‘Hackers Still in the System’ Leave Co-op Shelves Running Empty Across UK

Alabama Investigating Cybersecurity ‘Event’ on State Network

Hackers Now Testing ClickFix Attacks Against Linux Targets

Deepfakes, Scams, and the Age of Paranoia

Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals

Output Messenger Flaw Exploited as Zero-Day in Espionage Attacks

ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files

EU Launches Free Entry-Level Cyber Training Program

5/9-11/2025

Celebrating 5 years of The Cyber Beat!

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

The Myth of the Genius Hacker

FBI Sounds Alarm on Rogue Cybercrime Services Targeting Obsolete Routers

U.S. Federal Agencies Alert on “Unsophisticated” Operational Technology (OT) Cyber-Threats

BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

UN Launches New Cyber-Attack Assessment Framework

Captain of Ship That Damaged Baltic Sea Cable Arrested and Jailed in Hong Kong

U.S. Customs and Border Protection Plans to Photograph Everyone Exiting the U.S. by Car

U.S. Surveillance Watchdog Says Expanded Use of Facial Recognition at Airports Should Be Voluntary

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection

ChatGPT is Finally Adding Download as PDF for Deep Research
DOGE Software Engineer’s Computer Infected by Malware, Stolen Data Leaked Online

Hackers Hijack Japanese Financial Accounts to Conduct Nearly $2 Billion in Trades

Ascension Says Recent Data Breach Affects Over 430,000 Patients

Iowa County (WI) Computer Network Outage Caused by Ransomware

Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

Fake AI Video Generators Drop New Noodlophile Infostealer Malware

iClicker Site Hack Targeted Students with Malware via Fake CAPTCHA

Google Deploys On-Device AI to Thwart Scams on Chrome and Android

Bluetooth 6.1 Enhances Privacy with Randomized RPA Timing

Microsoft Teams Will Soon Block Screen Capture During Meetings

5/8/2025

MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware

Japan Orgs Targeted by CoGUI Phishing Kit Impersonating Amazon, Rakuten

Hack Exposed Data in Catholic Church Sex-Abuse Cases

LockBit Ransomware Hacked, Insider Secrets Exposed

UK Launches New Cybersecurity Assessment Initiatives to Drive Secure by Design

Life Without CVEs? It’s Time to Act

Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage

The Company Behind the Signal Clone Mike Waltz Used Has Direct Access to User Chats

Krebs: Pakistani Firm Shipped Fentanyl Analogs, Scams to U.S.
Education Giant Pearson Hit by Cyberattack Exposing Customer Data

VC Giant Insight Partners Confirms Investor Data Stolen in Breach

Toronto School District Says Data Not Deleted After Ransom Was Paid to Hacker

38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

Kickidler Employee Monitoring Software Abused in Ransomware Attacks

Supply Chain Attack Hits npm Package With 45,000 Weekly Downloads

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

5/7/2025

Poland Accuses Russia of ‘Unprecedented’ Interference Ahead of Presidential Election

Google Identifies New Malware LOSTKEYS Linked to Russia-Based Hacking Group Cold River

UK Spies See ‘Direct Connection’ Between Russian Cyberattacks and Sabotage Plots

Britain Warns That China Is Becoming a ‘Cyber Superpower’

“Nationally Significant” Cyber-Attacks Have Doubled, UK’s NCSC Reports

CISA Warns of Hackers Targeting Critical Oil Infrastructure

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

Companies Want the Government to Go After Hackers. Washington Might be Willing.

Meta Awarded $167.25 Million Over Pegasus Spyware Attack

Open Source Project Curl Is Sick of Users Submitting “AI Slop” Vulnerabilities

DDoS-for-Hire Network Dismantled in International Operation

Delta Air Lines Class Action Cleared for Takeoff Over CrowdStrike Chaos
Russians Face Massive Mobile Internet Restrictions Ahead of Victory Day Parade

PowerSchool Paid Ransom to Hackers After Breach

PowerSchool Hacker Now Extorting Individual School Districts

M&S, Co-op Cyberattackers Duped IT Help Desks Into Resetting Passwords, Says Report

South African Airways Says Cyberattack Disrupted Operational Systems

Medical Device Maker Masimo Warns of Cyberattack, Manufacturing Delays

Oettinger Brewery Gets Hit by Ransomware Attack

Inferno Drainer Returns, Stealing Millions from Crypto Wallets

CoGUI Phishing Platform Sent 580 million Emails to Steal Credentials

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

5/6/2025

Peru Denies It Was Hit by Ransomware Attack Following Rhysida Claims

New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims

Smishing Triad Upgrades Tools and Tactics for Global Attacks

New “Bring Your Own Installer” EDR Bypass Used in Ransomware Attack

U.S. Border Agents Are Asking for Help Taking Photos of Everyone Entering the Country by Car

OpenAI Abandons Planned For-Profit Conversion

Pentagon Declares War on ‘Outdated’ Software Buying

NSA to Cut Up to 2,000 Civilian Roles as Part of Intel Community Downsizing

California Fines Clothing Retailer, Orders Changes in Privacy Business Practices

How to Prevent AI Agents From Becoming the Bad Guys

Addressing the Top Cyber-Risks in Higher Education
UK Legal Aid Agency Investigates Cybersecurity Incident

Alvin Independent School District (TX) Notifies Over 47,000 People of Major Data Breach

West Lothian Schools Hit by Ransomware Cyberattack

Archdiocese of New Orleans Says Cyberattack Might Have Compromised Sex Abuse Survivors’ Data

Multiple iHeartRadio Stations Breached in December

Luna Moth Extortion Hackers Pose as IT Help Desks to Breach U.S. Firms

Linux Wiper Malware Hidden in Malicious Go Modules on GitHub

Apache Parquet Exploit Tool Detect Servers Vulnerable to Critical Flaw

Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet

Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence

Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

5/5/2025

Russian Hackers Target Romanian State Websites on Election Day

Security Researchers Warn a Widely Used Open Source Tool Easyjson Poses a ‘Persistent’ Risk to the U.S.

Beware Phony IT Calls After Co-op and M&S Hacks, Says UK cyber Centre

Myanmar Militia Leader Sanctioned by U.S. Over Cyber Scam Connections

Ukraine Detains Alleged FSB Agent Recruited via TikTok for Spying on Military

The Modified Signal App Used by Mike Waltz Was Reportedly Hacked

Trump Promises Protection for TikTok, for Which He Has a ‘Warm Spot in My Heart’

Cybersecurity Companies Want to Go Public. The Market Isn’t Letting Them.
Azerbaijan Blames Russian State Hackers for Cyberattacks on Local Media

Hackers Launch ‘Serious’ Attacks Against Georgia School District, New Mexico University

UK Shares Security Tips After Major Retail Cyberattacks

Data Breach Hits Online Ticket Resale Platform Ticket to Cash

Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data

Darcula PhaaS Steals 884,000 Credit Cards via Phishing Texts

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed

Microsoft Finds Default Kubernetes Helm Charts Can Expose Data

5/2-4/2025

White House Warns China of Cyber Retaliation Over Infrastructure Hacks

Mike Waltz Out as National Security Adviser, but Trump Says He’ll Be Ambassador to U.N.

Krebs: xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

Third of Online Users Hit by Account Hacks Due to Weak Passwords

Microsoft Makes All New Accounts Passwordless by Default

IT Warning After Hackers Close 160-Year-Old Firm Knights of Old in 2023

Beyond Real ID Deadline Panic, National Identity Document Plan Raises New Privacy Questions

TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China

U.S. Wants to Cut Off Key Player in Southeast Asian Cybercrime Industry: Huione Group

Three Brits Charged Over ‘Active Shooter Threats’ Swattings in U.S., Canada

U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems

Hacker ‘NullBulge’ Pleads Guilty to Stealing Disney’s Slack Data

Generative AI Makes Fraud Fluent – From Phishing Lures to Fake Lovers

OpenAI Document Explains When to Use Each ChatGPT Model
Blackouts In Europe Continue to Raise Cyber Alarms

Co-Op Confirms Data Theft After DragonForce Ransomware Claims Attack

UK NCSC: Cyberattacks Impacting UK Retailers Are a Wake-up Call

Magento Supply Chain Attack Compromises Hundreds of E-Stores

Dating App Raw Exposed Users’ Location Data and Personal Information

Patients Left in the Dark Months After Cybercriminals Leak Synnovis Testing Lab Data

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

Cobb County (GA) Confirms Data Breach Was Ransom Attack

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

StealC Malware Enhanced With Stealth Upgrades and Data Theft Tools

Microsoft Fixes Exchange Online Bug Flagging Gmail Emails as Spam

Microsoft Ends Authenticator Password Autofill, Moves Users to Edge

Cut CISA and Everyone Pays for It

5/1/2025

DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics

Your Favorite New Coworker Is an AI-Enhanced Operative From North Korea

Claude Chatbot Used for Automated Political Messaging

Think Twice Before Creating That ChatGPT Action Figure

UK and Canadian Regulators Demand Robust Data Protection Amid 23andMe Bankruptcy

Krebs: Alleged ‘Scattered Spider’ Member Extradited to U.S.

Ukrainian Extradited to U.S. for Nefilim Ransomware Attacks
Pro-Russia Hacktivists Bombard Dutch Public Orgs With DDoS Attacks

Poland’s State Registry Temporarily Blocked by Cyber Incident

Harrods the Next UK Retailer Targeted in a Cyberattack

Texas Health Agency Data Breach Now Impacts 94,000

Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach

Mystery Box Scams Deployed to Steal Credit Card Data

Malicious PyPI Packages Abuse Gmail, Websockets to Hijack Systems

4/30/2025

Chinese Hackers TheWizards Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool

Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks

Apple Notifies New Victims of Spyware Attacks Across the World

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code

SolarWinds Security Chief Tim Brown Hopes the SEC Will Dismiss Charges

Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations

Leaders of Global Online Extortion and Exploitation Group 764 Charged

Maryland Man Pleads Guilty to Outsourcing U.S. Gov’t Work to North Korean Dev in China
UK Retailer Co-op Confirms Hack, Reports “Small Impact” to Its Systems

Ascension Discloses New Data Breach After Third-Party Hacking Incident

Commvault Says Recent Breach Didn’t Impact Customer Backup Data

Japanese Global Logistics Company Kintetsu World Express Confirms Ransomware Attack

FBI Shares Massive List of 42,000 LabHost Phishing Domains

DarkWatchman Cybercrime Malware Returns on Russian Networks

RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control

Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense

SonicWall: SMA100 VPN Vulnerabilities Now Exploited in Attacks

4/29/2025

France Accuses Russian Intelligence of Repeated Cyber Attacks Since 2021

France Ties Russian APT28 Hackers to 12 Cyberattacks on French Orgs

SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients

China Now America’s Number One Cyber Threat – U.S. Must Get Up to Speed

UK Officials Warn Lawmakers of ‘Turbulence’ at U.S. Cyber Agencies, but Say Partnership Will Prevail

U.S. Critical Infrastructure Still Struggles With OT Security

Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products

AirPlay Security Flaws Could Help Hackers Spread Malware on Your Network

WhatsApp Is Walking a Tightrope Between AI Features and Privacy

Risks of Using AI Models Developed by Competing Nations

Grinex Exchange Suspected Rebrand of Sanctioned Garantex Crypto Firm
Ukraine’s Largest Home Improvement Retailer Epicentr Disrupted by Cyberattack

Nova Scotia Energy Provider Takes Some Servers Offline Following Cyber Incident

SK Telecom Cyberattack: Free SIM Replacements for 25 Million Customers

Britain’s M&S Says Cyber Attack Has Hit Food Availability in Some Stores

Ransomware Attack Forces Shutdown of DuPage County Sheriff’s Office, Courthouse Computer Systems

Phorpiex Botnet Delivers LockBit Ransomware with Automated Tactics

New Gremlin Infostealer Distributed on Telegram

New WordPress Malware Masquerades as Plugin

Hackers Ramp up Scans for Leaked Git Tokens and Secrets

CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database

Microsoft: Windows Server Hotpatching to Require Subscription