Cryptocurrency bridges remain the most enticing targets for cyberattacks. These digital conduits transfer assets between blockchains. They often represent the most vulnerable link in the ecosystem. The recent breach of the Taiko network perfectly...
Cryptocurrency scam schemes rarely rest on people alone. They need infrastructure to receive, move, and disguise money. Now the U.S. Department of Justice says it has seized a cloud account that served the Huione...
A city transit system rarely sits at the center of a criminal trial. Yet the attack on Transport for London (TfL) caused months of disruption, hit millions of passengers, and ended in guilty pleas...
The Windows 11 anniversary has officially arrived, marking five years since its turbulent debut. However, this milestone serves primarily as an occasion to reflect upon why the operating system perpetually irritated its user base...
Threat actors have initiated attempts to exploit the CVE-2026-20230 vulnerability within Cisco Unified servers used for corporate telephony. This critical error allows an unauthenticated, remote attacker to force file creation within the operating system....
A recent ransomware investigation by Microsoft yielded an astonishing revelation. Two entirely distinct and unassociated hacking syndicates were operating concurrently within the victim organization’s network. The primary group entrenched itself within the infrastructure, meticulously...
Attackers infected more than 140 packages from the Mastra AI ecosystem through npm. The malicious code ran right after npm install or npm update. So the infection could reach developer workstations and build servers,...
A bad driver, a broken program, or an error after a Windows update can now be rolled back, along with apps, settings, and local files. Microsoft has released the optional preview update KB5095093 for...
Target/Victims: Klue, LastPass, and others. Delivery Vector: Compromised integration service credentials from 2022. Key Capabilities: Unauthorized Salesforce CRM access via stolen OAuth tokens. Threat Actor: Icarus ransomware group (Suspected). Source: Klue, LastPass, and affected...
FortiBleed began as mass password guessing. Then it grew into an attack chain, where hijacked firewalls gathered fresh credentials for the next breach. A new timeline shows that the published FortiGate password database was...
A critical flaw within the File Transfer Protocol (FTP) implementation an antiquated mechanism for transmitting data between computers has resided in the Squid proxy server for nearly 29 years. This severe defect enables unauthorized...
A single corrupted video file can sometimes be dangerous even before execution. The new PixelSmash vulnerability in FFmpeg vividly demonstrates this severe threat. Routine video processing can easily cascade into a complete server crash...
AI assistants have become a normal tool for debugging lately. Yet even an ordinary crash report can turn into a command that runs someone else’s code on your machine. Tenet Threat Labs has shown...
Attackers injected malicious JavaScript into Okendo Reviews, a product review widget used by more than 18,000 brands. The compromised script loaded on store pages. After a few checks, it could show visitors a fake...
Trust in a familiar sender keeps turning into a weak point. A new campaign against WhatsApp users builds on exactly that bet. The attackers send malicious files from already-hijacked accounts. They disguise the attachments...
