Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception
Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets
Information Security Magazine
BTMOB Android RAT Spreads Through No-Code Builder Tooling
15 hours 58 minutes ago
BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures
India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws
19 hours 28 minutes ago
CERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelines
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign
20 hours 48 minutes ago
Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning
FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens
1 day 20 hours ago
The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI
Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans
1 day 20 hours ago
From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how
Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
4 days 18 hours ago
The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets
Apple Blocked $2.2bn in App Store Fraud in the Last Year
4 days 19 hours ago
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn
Cybercriminal VPN Dismantled in Europol Crackdown
5 days 14 hours ago
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
5 days 15 hours ago
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
Three-Quarters of Firms Knowingly Ship Vulnerable Code
5 days 16 hours ago
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
5 days 17 hours ago
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally
Grafana Labs Says Code Breach Stemmed from TanStack Attack
5 days 21 hours ago
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
6 days 14 hours ago
Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
6 days 14 hours ago
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
6 days 18 hours ago
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
6 days 19 hours ago
The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories
Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
6 days 19 hours ago
Barracuda reveals new CypherLoc scareware has featured in nearly three million attacks
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
6 days 21 hours ago
Verizon DBIR finds 31% of data breaches began with software flaws last year
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
1 week ago
Microsoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat group
Checked
58 minutes 21 seconds ago