Pavel Durov, the founder of Telegram, has issued a warning about a new wave of extortion emerging within the platform. The scheme involves fraudsters demanding that users surrender valuable digital assets—rare Telegram gifts, premium...
The China-linked cyber-espionage group APT41 has launched a new surveillance campaign targeting government IT services in Africa—an unexpected turn for a region previously considered an unlikely target. Researchers at Kaspersky Lab uncovered the operation...
Cybersecurity specialists at cside have uncovered a vast and covert cryptocurrency mining campaign that has compromised over 3,500 websites—marking the largest incident of its kind in recent years and signaling the resurgence of tactics...
Turkish cybersecurity experts at Malwation have uncovered a large-scale phishing campaign targeting enterprises in the defense and aerospace sectors. Threat actors are disguising malicious attachments as official documents purportedly issued by TUSAŞ, Turkey’s state-owned...
Cyber espionage in Asia is intensifying: researchers at Seqrite Labs have unveiled new insights into the operations of the group UNG0002, also known as Unknown Group 0002. This obscure yet technically adept entity is...
AI-powered programming tools are rapidly gaining popularity, and one of the most prominent—Cursor—has introduced a new YOLO mode (short for “you only live once”) that enables its agent to execute complex sequences of actions...
Following a wave of criticism sparked by a recent ProPublica report alleging that Microsoft had engaged engineers based in China to support cloud systems tied to the U.S. Department of Defense, the company has...
Amid escalating tensions between Iran and Israel, cybersecurity experts at Lookout have uncovered a new Android-based spyware known as DCHSpy, which has been linked to Iran’s Ministry of Intelligence and Security (MOIS). This malicious...
A few days ago, we reported on the critical zero-day vulnerability CVE-2025-53770 in Microsoft SharePoint Server, an enhanced iteration of the previously identified flaw CVE-2025-49706. At the time, it was known that the issue...
The CrushFTP service has encountered a newly discovered critical vulnerability, already being exploited in active attacks. Designated CVE-2025-54309 and assigned a CVSS severity score of 9.0, the flaw stems from improper handling of AS2...
The hacking collective known as EncryptHub—also tracked as LARVA-208 and Water Gamayun—has launched a new wave of attacks specifically targeting developers within the Web3 ecosystem. Their aim: to infect victims with data-stealing malware capable...
Cybercriminals affiliated with the group PoisonSeed have devised a method to circumvent FIDO2 protection—not by breaching the technology itself, but by cleverly exploiting one of its legitimate features: cross-device authentication. Through this technique, attackers...
