Bitwarden adds support for passkey login on Windows 11
Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager's vault, enabling phishing-resistant authentication. [...]
Intelligence Feed
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Items
135
Last update
Mar 4, 2026, 10:49 PM (UTC)
No matching results
Try a different keyword, or switch the source filter back to “All sources”.
Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication. [...]
Windows 10 KB5075039 update fixes broken Recovery Environment
Microsoft has released the KB5075039 Windows Recovery Environment update for Windows 10 to fix a long-standing issue that prevented some users from accessing the Recovery environment. [...]
Fake LastPass support email threads try to steal vault passwords
Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts. [...]
Cisco warns of max severity Secure FMC flaws giving root access
Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. [...]
Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. [...]
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond. [...]
Tycoon 2FA Phishing Platform Dismantled in Global Takedown
The phishing-as-a-service platform was used to send fraudulent emails to over 500,000 organizations every month. The post Tycoon 2FA Phishing Platform Dismantled in Global Takedown appeared first on SecurityWeek.
FBI seizes LeakBase cybercrime forum, data of 142,000 members
The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data. [...]
New LexisNexis Data Breach Confirmed After Hackers Leak Files
The hackers claim to have stolen 2GB of files, including 400,000 personal information records. The post New LexisNexis Data Breach Confirmed After Hackers Leak Files appeared first on SecurityWeek.
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion. "The hacktivist threat in the Middle East is highly lopsided, with t…
Europol-coordinated action disrupts Tycoon2FA phishing platform
An international law enforcement operation coordinated by Europol has disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform linked to tens of millions of phishing messages each month. [...]
Coalition of Western Countries Launches 6G Cybersecurity Guidelines
A coalition of seven Western nations has launched guidelines to help integrate security-by-design principles into future 6G standards
Global Takedown Neutralizes Tycoon2FA Phishing Service
Law enforcers and industry partners have taken down notorious phishing-as-a-service platform Tycoon2FA
Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance
The deal awaits final shareholder and regulatory approvals and is expected to be completed in the second half of 2026. The post Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance appeared first on SecurityWeek.
Mississippi medical center reopens clinics hit by ransomware attack
The University of Mississippi Medical Center (UMMC) says it has resumed normal operations, nine days after a ransomware attack blocked access to electronic medical records and took down many of its IT systems. [...]
How a Brute Force Attack Unmasked a Ransomware Infrastructure Network
A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ransomware-as-a-service ecosystem tied to initial access brokers. [...]
Hacker Conversations: Inti De Ceukelaire, Raging Against the Machine Creatively
A Belgian national, De Ceukelaire’ did not set out to be a hacker. Like many hackers he was born with the potential to become one and only gradually realized he is one. The post Hacker Conversations: Inti De Ceukelaire, Raging Against the Machine Creatively ap…
Surge in Attacks on Surveillance Cameras Linked to Iranian Hackers
Increased attempts to compromise surveillance cameras linked to Iran during Middle East conflict
Multi-Stage "BadPaw" Malware Campaign Targets Ukraine
Malware campaign uses Ukrainian email service for credibility, deploying "BadPaw" to execute attacks
Examining North Korea’s Cybercrime Economy
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 4, 2026 – Read the full story in Finextra It is estimated that one third to a half of North Korea’s budget comes from cyberfraud and extortion. Finextra reports that mo…
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Thr…
How Pirated Software Turns Helpful Employees Into Malware Delivery Agents
Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to ransomware. The post How Pirated Software Turns Helpful Employees Into Malware Delivery A…
AI Security Firm JetStream Launches With $34 Million in Seed Funding
The startup aims to provide organizations with visibility into how AI operates across their environment. The post AI Security Firm JetStream Launches With $34 Million in Seed Funding appeared first on SecurityWeek.
LastPass Warns of New Phishing Campaign
The attackers are sending out fake alerts claiming unauthorized access or master password changes. The post LastPass Warns of New Phishing Campaign appeared first on SecurityWeek.
Webinar Today: Designing an OT SOC for Safety, Reliability, and Business Continuity
Join the webinar as we explore a blueprint for an OT SOC leveraging an integrated OT Security Platform to safeguard operations and maintain business continuity. The post Webinar Today: Designing an OT SOC for Safety, Reliability, and Business Continuity appear…
Google Plans Two-Week Release Schedule for Chrome
Starting September 2026, new Chrome iterations will be released twice as fast, part of a two-week cycle. The post Google Plans Two-Week Release Schedule for Chrome appeared first on SecurityWeek.
New RFP Template for AI Usage Control and AI Governance
As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but th…
Global Coalition Publishes 6G Security and Resilience Principles
The principles cover security, resilience against attacks and disasters, AI, and openness and interoperability. The post Global Coalition Publishes 6G Security and Resilience Principles appeared first on SecurityWeek.
Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows
The OpenID Foundation warns that fragmented policies on posthumous digital accounts could open the door for fraudsters to exploit AI deepfakes
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems. The names of the packages ar…
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial a…
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild. The hig…
CISA flags VMware Aria Operations RCE flaw as exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. [...]
Paint maker giant AkzoNobel confirms cyberattack on U.S. site
The multinational Dutch paint company AkzoNobel has confirmed to BleepingComputer that hackers breached the network of one of its U.S. sites. [...]
Facebook accounts unavailable in worldwide outage
Social media giant Facebook is currently experiencing a massive worldwide outage, preventing users from accessing their accounts. [...]
Microsoft: Hackers abuse OAuth error flows to spread malware
Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. [...]
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Hu…
Israel: RedAlert Spyware Campaign Exploits Wartime Panic With Trojanized App
Espionage campaign exploits Israel-Iran conflict, distributing a trojanized Red Alert app via SMS
AI and Deepfakes Supercharge Sophisticated Cyber-Attacks, Says Cloudflare
Cloudflare Threat Report warns that AI tools enable attackers who lacked required skills to generate effective attacks rapidly and at scale
Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also t…
Leaked Database Sheds Light on Iranian Crypto Sanctions Evasion
Ariomex database reveals potential sanctions evasion and capital transfers tied to Iranian actors
Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings co…
Half of US CISOs Work the Equivalent of a Six-Day Week
Seemplicity finds US security leaders work 11 or more extra hours per week
Hollywood’s Ethical Hacker On The Cybercrime Magazine Podcast
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 3, 2026 – Listen to the podcast Ralph Echemendia is a world-renowned cybersecurity expert, known internationally by his alter ego “The Ethical Hacker.” In 2015, WIRED c…
AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrie…
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It's advertised as a cybercrime platform by a threat group calling itself Ji…
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks
Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches
Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign
Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector o…
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graph…
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and…
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8…
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditiona…
Chrome Unveils Plan For Quantum-Safe HTTPS Certificates
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS
Expect Iran to Launch Cyber-Attacks Globally, Warns Google Head of Threat Intel
John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more
Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity
Military strikes in the Middle East escalate cyber ops, raising spillover risks globally for firms
Software Supply Chain Risk: The Growing Threat Landscape
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 2, 2026 – Read the full story from Ox Security Cybersecurity Ventures predicted that global damage costs resulting from software supply chain attacks would reach $60 bi…
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry poi…
How to Protect Your SaaS from Bot Attacks with SafeLine WAF
Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, bu…
ClawJacked Bug Enables Covert AI Agent Hijacking
Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent
Ransomware Payments Decline 8% as Attacks Surge 50%
Chainalysis reveals a big surge in median ransomware payment size in 2025 despite overall drop in criminal revenue
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-s…
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but conta…
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. "Our vulnerability lives in the core system itse…
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort"…
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovere…
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute
Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a "supply chain risk." "This action follows months of negotiations that reached an impasse over two excepti…
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for…
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S…
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legiti…
North Korea's APT37 Expands Toolkit to Breach Air-Gapped Networks
The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group
WebcamGate 2009: A High School’s Laptop Initiative Turned Into A National Spying Scandal
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 27, 2026 – Watch the YouTube Short Cybercrime Magazine’s latest YouTube Short video, produced by Taylor Fox, looks back at a riveting privacy and surveillance story tha…
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay com…
UK Vulnerability Monitoring Service Cuts Unresolved Security Flaws by 75%
The UK government says its new Vulnerability Monitoring Service has cut unresolved security flaws by 75% and reduced cyber-attack fix times from nearly two months to just over a week
‘Project Compass’ Cracks Down on ‘The Com’: 30 Members of Notorious Cybercrime Gang Arrested
International law enforcement operation led by Europol targets network of teenagers and young adults involved in ransomware attacks, extortion and other crimes
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downloader staged a portable Java runtime and executed a maliciou…
Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams
Meta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effort, the advertisers' methods of payment have been suspended,…
Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown
Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. "Instead of relying on traditional servers or domains for…
Aeternum Botnet Shifts Command Control to Polygon Blockchain
New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027…
Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks Intensify
2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities
The Cascading Economic Ripple Effects Of Cybercrime
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 26, 2026 – Read the full story in BitGuardian The staggering prediction by Cybersecurity Ventures that global cybercrime damages would reach $10.5 trillion USD annually…
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is establis…
Exploitable Vulnerabilities Present in 87% of Organizations
Datadog report reveals two-fifths of services are affected by exploitable bugs
UK's Data Watchdog Gets a Makeover to Match Growing Demands
The UK’s Information Commissioner's Office is about to ditch single-leader model for CEO and board in a major shake-up
Google Disrupts ‘Prolific’ and ‘Elusive’ China-Linked Global Hacking Campaign
UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation
Expert Recommends: Prepare for PQC Right Now
Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extort…
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. "The activity aligns w…
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempt…
Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day
The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vuln…
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries
Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has…
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities explo…
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks,…
Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It
Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up…
44% Surge in App Exploits as AI Speeds Up Cyber-Attacks, IBM Finds
IBM's 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws
CISO Confidential Launches On The Cybercrime Magazine Podcast
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 25, 2026 – Listen to the podcast “CISO Confidential” is a new series on the Cybercrime Magazine Podcast, brought to our listeners by Doppel, a cybersecurity company on…
Malicious NuGet Package Targets Stripe Developers
Malicious NuGet package mimicking Stripe's library targeted developers
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role…
Manual Processes Are Putting National Security at Risk
Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This sh…
Former Defense Contractor Boss Gets 7+ Years for Selling Zero Days
A former general manager of a US defense contractor has been sentenced after selling zero days to Russia
ICO’s £14m Reddit Fine Highlights Age Check Privacy Concerns
The UK’s ICO has fined Reddit over £14m for failing to use children’s personal information lawfully
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of…
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below…
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026…
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by…
Cost of Insider Incidents Surges 20% to Nearly $20m
DTEX claims insider incidents cost $19.5m in 2025, with employee negligence most expensive
Multifaceted Phishing Scheme Deceives Bitpanda Customers
Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information
North Korean Lazarus Group Expands Ransomware Activity With Medusa
Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting bey…
AI Accelerates Attacker Breakout Time to Just Four Minutes
ReliaQuest claims AI has reduced breakout and exfiltration time to under 10 minutes
Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, ident…
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom…
Chinese AI Firms Hit Claude with Distillation Attacks, Anthropic Warns
Anthropic accused DeepSeek, Moonshot and MiniMax of illicitly using Claude to steal some of the AI model’s capabilities
AI-powered Cyber-Attacks Up Significantly in the Last Year, Warns CrowdStrike
CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct…
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers
Fraud Investigation Reveals Sophisticated Python Malware
Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure
Long Island Medium Star Theresa Caputo Meets Cybercrime Magazine – Live!
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 23, 2026 In 2024, Long Island Medium star Theresa Caputo slammed online scammers and begged fans not to send money to them. The reality star warned fans about many soci…
Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls
A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances
Leading Semiconductor Supplier Advantest Hit by Ransomware Attack
Advantest, a Japanese specialist in testing computer chips for major semiconductor manufacturers, has deployed incident response protocols following a cybersecurity incident
Jackpotting Surge Costs Banks Over $20m, Warns FBI
A new FBI Flash alert claims $20m was lost to ATM jackpotting attacks in 2025 alone
University of Mississippi Medical Center Still Offline After Ransomware Attack
University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sideste…
Cybercrime Magazine Releases Its First YouTube Short, More On The Way
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 20, 2026 –Watch the YouTube video The award-winning Cybercrime Magazine YouTube Channel released its first Short last month and the video has more than 720,000 Views. I…
Dramatic Escalation in Frequency and Power of DDoS Attacks
DDoS attack frequency has risen to ‘alarming levels,’ warns Radware report
Android Malware Hijacks Google Gemini to Stay Hidden
A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET
Remcos RAT Expands Real-Time Surveillance Capabilities
New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Fraud campaign exploiting Indonesia’s Coretax resulted in $1.5m to $2m in losses via malicious apps
Why Small Businesses Can’t Afford To Ignore Cyberinsurance
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 19, 2026 –Read the full story in Charter Capital Three out of five small-to-midsized businesses (SMBs) permanently shuttered their doors within six months of being hit…
Industrial Control System Vulnerabilities Hit Record Highs
Forescout paper reveals ICS advisories hit a record 508 in 2025
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal
Flaws in Popular Software Development App Extensions Allow Data Exfiltration
Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched
Researchers Reveal Six New OpenClaw Vulnerabilities
Endor Labs has published details of six new vulnerabilities in popular AI assistant OpenClaw
Page 1 of 1 0 results