Real-time Intelligence Feed for cybersecurity professionals.
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Try a different keyword, or switch the source filter back to “All sources”.
Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. [...]
The malware targets browser and cryptocurrency wallet data, along with system information and user files. The post Over 100 GitHub Repositories Distributing BoryptGrab Stealer appeared first on SecurityWeek.
Pentagon CTO Emil Michael said the military is developing procedures for enabling different levels of autonomy in warfare depending on the risk posed. The post Pentagon’s Chief Tech Officer Says He Clashed With AI Company Anthropic Over Autonomous Warfare appe…
The bureau is working to determine the scope and impact of the problem, according to a notification sent to members of Congress. The post FBI Investigating ‘Suspicious’ Cyber Activity on System Holding Sensitive Surveillance Information appeared first on Secur…
TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive information of over 3.4 million people. [...]
The company will accelerate platform development, expand go-to-market efforts, and invest in product innovation. The post ArmorCode Raises $16 Million for Exposure Management Platform appeared first on SecurityWeek.
CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]
Other noteworthy stories that might have slipped under the radar: Avira antivirus vulnerabilities, Transport for London data breach affects 10 million, Gaming cheat exposes North Korean hacker. The post In Other News: FBI Hacked, US Security Pro Killed in Iran…
A bank, an airport, a non-profit and the Israeli branch of a US software company were among the targets of this new MuddyWater campaign
EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite, with four new role-based AI certifications debuting alongside Certifi…
Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. [...]
Microsoft will soon begin rolling out a significant upgrade to Microsoft 365 Backup to speed up recovery by allowing administrators to restore individual files and folders. [...]
The nation-state-grade iOS exploit kit targets 23 vulnerabilities affecting iOS 13 to 17.2.1. The post CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List appeared first on SecurityWeek.
The vulnerability was disclosed and mitigated in 2021 but its in-the-wild exploitation has only now come to light. The post Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks appeared first on SecurityWeek.
Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances
Bishop replaces David McKeown, who will take on a role in the private sector after 40 years of government service. The post James ‘Aaron’ Bishop Tapped to Serve as New Pentagon CISO appeared first on SecurityWeek.
The attacks, observed since February, show that Iranian hackers already have a presence in the networks of US organizations. The post Iranian APT Hacked US Airport, Bank, Software Company appeared first on SecurityWeek.
A Ghanaian national pleaded guilty to his role in a massive fraud ring that stole over $100 million from victims across the United States through business email compromise attacks and romance scams. [...]
The company has raised a total of $46 million in funding for its developer-focused encryption and orchestration platform. The post Data Security Firm Evervault Raises $25 Million in Series B Funding appeared first on SecurityWeek.
The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants. [...]
A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices. [...]
Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing's AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware. [...]
The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. [...]
Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. [...]
A U.S. government contractor's son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin. [...]
Malicious insiders are using misusing AI for nefarious gain, while employees cutting corners also creates risk, warns Mimecast
Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. [...]
The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware's 2026 State of Browser Security Report shows 41% of employees used AI web tools while browser-based p…
Critical flaw "ContextCrush" in Context7 MCP Server could allow malicious instructions into AI tools
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 5, 2026 – Listen to the podcast In the latest episode of “CISO Confidential“, a series on the popular Cybercrime Magazine Podcast sponsored by Doppel, host Charlie Osbo…
Exploit kit "Coruna" targets iPhones running iOS 13.0 to 17.2.1, focusing on financial data theft
Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction
Two of the 48 Cisco vulnerabilities, affecting Secure Firewall Management Center, are maximum-severity flaws
A global operation has resulted in the takedown of popular cybercrime forum LeakBase
A coalition of seven Western nations has launched guidelines to help integrate security-by-design principles into future 6G standards
Law enforcers and industry partners have taken down notorious phishing-as-a-service platform Tycoon2FA
Increased attempts to compromise surveillance cameras linked to Iran during Middle East conflict
Malware campaign uses Ukrainian email service for credibility, deploying "BadPaw" to execute attacks
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 4, 2026 – Read the full story in Finextra It is estimated that one third to a half of North Korea’s budget comes from cyberfraud and extortion. Finextra reports that mo…
The OpenID Foundation warns that fragmented policies on posthumous digital accounts could open the door for fraudsters to exploit AI deepfakes
Espionage campaign exploits Israel-Iran conflict, distributing a trojanized Red Alert app via SMS
Cloudflare Threat Report warns that AI tools enable attackers who lacked required skills to generate effective attacks rapidly and at scale
Ariomex database reveals potential sanctions evasion and capital transfers tied to Iranian actors
Seemplicity finds US security leaders work 11 or more extra hours per week
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 3, 2026 – Listen to the podcast Ralph Echemendia is a world-renowned cybersecurity expert, known internationally by his alter ego “The Ethical Hacker.” In 2015, WIRED c…
Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches
Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS
John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more
Military strikes in the Middle East escalate cyber ops, raising spillover risks globally for firms
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 2, 2026 – Read the full story from Ox Security Cybersecurity Ventures predicted that global damage costs resulting from software supply chain attacks would reach $60 bi…
Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent
Chainalysis reveals a big surge in median ransomware payment size in 2025 despite overall drop in criminal revenue
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort"…
The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 27, 2026 – Watch the YouTube Short Cybercrime Magazine’s latest YouTube Short video, produced by Taylor Fox, looks back at a riveting privacy and surveillance story tha…
The UK government says its new Vulnerability Monitoring Service has cut unresolved security flaws by 75% and reduced cyber-attack fix times from nearly two months to just over a week
International law enforcement operation led by Europol targets network of teenagers and young adults involved in ransomware attacks, extortion and other crimes
New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts
2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 26, 2026 – Read the full story in BitGuardian The staggering prediction by Cybersecurity Ventures that global cybercrime damages would reach $10.5 trillion USD annually…
Datadog report reveals two-fifths of services are affected by exploitable bugs
The UK’s Information Commissioner's Office is about to ditch single-leader model for CEO and board in a major shake-up
UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation
The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation
IBM's 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 25, 2026 – Listen to the podcast “CISO Confidential” is a new series on the Cybercrime Magazine Podcast, brought to our listeners by Doppel, a cybersecurity company on…
Malicious NuGet package mimicking Stripe's library targeted developers
A former general manager of a US defense contractor has been sentenced after selling zero days to Russia
The UK’s ICO has fined Reddit over £14m for failing to use children’s personal information lawfully
DTEX claims insider incidents cost $19.5m in 2025, with employee negligence most expensive
Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information
Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks
ReliaQuest claims AI has reduced breakout and exfiltration time to under 10 minutes
Anthropic accused DeepSeek, Moonshot and MiniMax of illicitly using Claude to steal some of the AI model’s capabilities
CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers
Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 23, 2026 In 2024, Long Island Medium star Theresa Caputo slammed online scammers and begged fans not to send money to them. The reality star warned fans about many soci…
A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances
Advantest, a Japanese specialist in testing computer chips for major semiconductor manufacturers, has deployed incident response protocols following a cybersecurity incident
A new FBI Flash alert claims $20m was lost to ATM jackpotting attacks in 2025 alone
University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday