The legendary hacker journal Phrack has turned forty, marking the occasion with its anniversary 72nd issue, published on August 19, 2025. Founded in the mid-1980s, this iconic publication is regarded as one of the...
Cybercriminal groups are building entire infrastructures to propagate infostealers—malicious programs designed to steal passwords, payment card details, and other sensitive information from infected devices. Analysts describe what they call the “Stealer Ecosystem,” where the...
The developers of the Python Package Index (PyPI) have announced the introduction of a new email domain verification mechanism aimed at curbing attacks that exploit expired domains and reducing the risk of package compromise....
The Noodlophile malware campaign has entered a new phase, steadily expanding its reach across more countries. Morphisec researcher Shmuel Uzan has reported that attackers have shifted to using phishing emails disguised as copyright infringement...
On a well-known data leak forum, a post has surfaced advertising the sale of a database allegedly containing 15.8 million PayPal accounts, complete with email addresses and plaintext passwords. The seller claims the information...
A serious incident was recently uncovered on Lenovo’s website involving its corporate chatbot, Lena, designed to assist customers. Cybernews researchers revealed that Lena was vulnerable to an XSS-based attack chain, enabling attackers—through nothing more...
At the beginning of 2025, Trellix specialists uncovered a sweeping cyber-espionage campaign targeting diplomatic missions in Seoul. Between March and July, at least nineteen phishing attacks were recorded, in which North Korean–linked actors impersonated...
TikTok has found itself at the center of a new scandal following an investigation by 404 Media: through TikTok Shop, vast numbers of GPS trackers and covert audio devices are being sold, brazenly advertised...
In the latest issue of the hacker magazine Phrack, a vast archive has been published detailing the operations of North Korean cybercriminal groups. The leak includes exploitation techniques, information on compromised systems, and a...
Cybercriminals have discovered a way to weaponize Cisco’s own security mechanisms against its users. Researchers at Raven have documented a credential theft campaign in which attackers learned to exploit Cisco’s Safe Links technology—a tool...
The U.S. Department of Justice has announced the seizure of more than $2.8 million in cryptocurrency from Yanis Alexandrovich Antroppenko, who stands accused of computer fraud and money laundering. Antroppenko is linked to the...
Researchers at Hunt.io have published an in-depth analysis of the Android banking trojan ERMAC 3.0, uncovering not only its enhanced capabilities but also severe flaws within its infrastructure. This iteration expands upon the functionality...
Experts at Censys have released their State of the Internet 2025 report, focusing on the infrastructure of cybercriminals—specifically Command-and-Control (C2) servers and other tools used to coordinate attacks and maintain access to compromised systems....
Groups of cybercriminals specializing in mobile phishing have discovered a new way to profit from stolen credentials. Whereas they once focused on transferring compromised cards into digital wallets and selling them for fraudulent transactions,...
A former moderator of the dark web forum XSS, known by the alias Rehub, has launched his own platform under the name Rehubcom. This move coincides with the arrest of the XSS administrator in...
The China-linked group UAT-7237 has become the subject of a new report from Cisco Talos. According to researchers, this team has been active since 2022, specializing in long-term persistence within victim infrastructure. In one...
