Latest News: Cybersecurity

A ransomware attack targeting newspaper giant Lee Enterprises has disrupted its ability to process payments for its hired freelancers and contractors, leaving many without compensation. The cyberattack, which began on February 3, 2025, has caused ongoing operational issues, affecting print

An emerging ClickFix phishing scam is exploiting Microsoft SharePoint to lure victims into running PowerShell commands that install the Havoc post-exploitation framework. Uncovered by Fortinet’s FortiGuard Labs, the attack uses fraudulent OneDrive errors to deceive users into executing malicious

A new cybercrime campaign is preying on Web3 job seekers by using fake job interviews to spread "GrassCall" malware. The Russian-speaking cybercriminal group Crazy Evil orchestrated the scam by posting deceptive job listings and luring applicants into downloading a phony video conferencing app.

The breach notification service Have I Been Pwned (HIBP) has added 284 million compromised email accounts to its database after discovering them in a 1.5TB collection of stolen credentials named ALIEN TXTBASE. The data was shared on a Telegram channel and included passwords and email addresses

Cybercriminals are exploiting PayPal’s address confirmation emails to trick users into believing their accounts were hacked. By sending legitimate-looking notifications about an unauthorized purchase and addition of a new address, scammers create panic and lure victims into calling a fake support

Microsoft has uncovered a new variant of the XCSSET macOS malware, which is targeting users' sensitive data, including cryptocurrency wallets and information stored in the Notes app. Active for at least five years, this malware spreads through compromised Xcode projects. The latest attacks used its

A game listed on the Steam store was discovered to contain password-stealing malware, leading to its removal from the platform. The game, PirateFi, appeared to be a survival game but was actually designed to install the Vidar infostealer, a type of malware that can steal passwords, session cookies,

A Chinese state-backed hacking group known as Salt Typhoon has continued targeting telecommunications providers worldwide, despite recent US sanctions and cybersecurity warnings. According to a report from cybersecurity firm Recorded Future, the group has successfully breached multiple telecom

Thousands of GFI KerioControl firewall devices have remained vulnerable to a critical remote code execution (RCE) flaw, CVE-2024-52875, despite security patches being made available since December 2024. The flaw allows attackers to exploit improper input sanitization in the firewall’s web

Apple has been instructed by UK authorities to create a backdoor in its iCloud encryption, as announced by the Washington Post. The directive, issued under the Investigatory Powers Act, would grant the government access to encrypted user data, affecting iCloud users not just in the UK, but