Skip to main content
← All Tags

Cybersecurity

624 articles in this category (Page 18 of 26)

AI NewsCybersecurityMalware

Kimsuky Spreads DocSwap Android Malware via QR Phishing

North Korean group Kimsuky leverages QR code phishing sites disguised as CJ Logistics to distribute DocSwap Android malware, enabling remote access and data theft.

Read more
AI NewsCybersecurityThreat Intelligence

North Korean Hackers Steal $2.02 Billion in Crypto in 2025

Chainalysis reports North Korea-linked hackers stole $2.02 billion in cryptocurrency during 2025, representing a 51% year-over-year increase.

Read more
AI NewsCybersecuritySaaS

The Case for Dynamic AI-SaaS Security as Copilots Scale

AI agent proliferation in SaaS creates dynamic data pathways, necessitating continuous monitoring and OAuth visibility to prevent potential security breaches.

Read more
AI NewsCybersecurityThreat Intelligence

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

This week's ThreatsDay Bulletin highlights a surge in threat actor adaptability, with a WhatsApp hijack campaign exploiting legitimate features and 1,000 exposed MCP servers leaking sensitive data.

Read more
AI NewsCybersecurityThreat Intelligence

APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

APT28 sustained a phishing campaign for 10 months, from June 2024 to April 2025, exploiting UKR.net users to harvest credentials and 2FA codes.

Read more
AI NewsCybersecurityThreat Intelligence

Fix SOC Blind Spots: See Threats to Your Industry & Country in Real Time

Proactive SOCs leverage threat intelligence and contextual visibility to reduce alert noise and anticipate real threats, improving incident response times.

Read more
AI NewsCybersecurityBrowser Security

GhostPoster Malware Campaign Compromises 17 Firefox Add-ons

GhostPoster malware infiltrated 17 Firefox add-ons downloaded 50,000+ times, injecting malicious code for link hijacking and ad fraud.

Read more
AI NewsCybersecurityIoT

Kimwolf Botnet Compromises 1.8 Million Android TVs for Massive DDoS Attacks

The Kimwolf botnet infected 1.8 million Android TV devices and launched 1.7 billion DDoS commands, utilizing ENS to evade takedown efforts.

Read more
AI NewsCybersecurityThreat Intelligence

ForumTroll Phishing Campaign Targets Russian Scholars with eLibrary Lures

Kaspersky details ForumTroll attacks targeting Russian academics with personalized phishing emails disguised as eLibrary notifications, delivering Windows malware.

Read more
AI NewsCybersecurityVulnerability Management

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall addressed CVE-2025-40602, an actively exploited vulnerability enabling privilege escalation and potential root access on SMA 100 appliances.

Read more
AI NewsCybersecurityThreat Intelligence

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

Amazon details a 2021–2025 GRU-linked campaign (APT44) targeting critical infrastructure via misconfigured network devices, highlighting a shift from exploit-driven attacks.

Read more
AI NewsCloud SecurityCybersecurity

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

Amazon reports a new AWS crypto mining campaign abusing IAM credentials, ECS, EC2, and termination protection for persistence.

Read more
AI NewsCybersecurityData Privacy

Google to Shut Down Dark Web Monitoring Tool in February 2026

Google will discontinue its Dark Web Report on February 16, 2026, impacting users who relied on breach scans.

Read more
AI NewsCybersecurityVulnerability

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

React2Shell vulnerability CVE-2025-55182 is actively exploited to deploy Linux malware, resulting in the compromise of over 59,000 servers.

Read more
AI NewsCybersecuritySoftware Supply Chain

Rogue NuGet Package Mimics Tracer.Fody, Steals Crypto Wallet Data

A malicious NuGet package disguised as Tracer.Fody remained undetected for six years, stealing Stratis wallet files and passwords from over 2,000 downloads.

Read more
AI NewsCybersecurityData Privacy

Data security and privacy need to start in code to address rising AI and data risks

HoundDog.ai detects and prevents sensitive data and AI privacy risks in source code, offering a proactive solution to a growing problem.

Read more
AI NewsCybersecuritySoftware Vulnerability

FreePBX Vulnerabilities Allow RCE via SQL Injection, File Upload, and Auth Bypass

FreePBX patched 2025 flaws allowing SQL injection, file upload attacks, and an auth bypass, potentially leading to remote code execution.

Read more
AI NewsCybersecurityMalware

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

The VolkLocker ransomware, used by the CyberVolk hacktivist group, has a critical flaw: a hard-coded master key enabling free decryption of encrypted files.

Read more
AI NewsCybersecuritySoftware Vulnerabilities

Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More

From million-dollar privacy fines to active attacks on everyday software. Catch up on the top cybersecurity threats of the week and how to fix them.

Read more
AI NewsCybersecuritySoftware Updates

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Apple patched two actively exploited WebKit vulnerabilities (CVE-2025-43529 and CVE-2025-14174) across its platforms.

Read more
AI NewsCybersecurityIoT Security

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

CISA warns of active exploitation of Sierra Wireless router flaw allowing remote code execution via unrestricted file upload.

Read more
AI NewsCybersecurityVulnerability Management

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

CISA added CVE-2025-58360, an actively exploited XXE flaw in GeoServer, to its KEV catalog, mandating fixes by January 1, 2026 for FCEB agencies.

Read more
AI NewsCybersecurityPhishing

New AI-Powered Phishing Kits Bypass MFA and Target Major Services

Researchers reveal four new phishing kits – BlackForce, GhostFrame, InboxPrime AI, and Spiderman – capable of stealing credentials, bypassing MFA, and scaling attacks.

Read more
AI NewsCybersecurityVulnerability

React2Shell Exploitation Escalates into Large-Scale Global Attacks

CISA urgently warns of widespread exploitation of the React2Shell CVE-2025-55182 flaw, impacting over 137,200 internet-exposed systems.

Read more