Over the past two years, Kaspersky Lab researchers have been tracking a little-known espionage campaign dubbed PassiveNeuron. Initial server compromises of government organizations were observed as early as 2024, yet for a long time...
A multi-stage phishing campaign known as Tykit has been targeting Microsoft 365 corporate users, actively employed to steal login credentials. Researchers at ANY.RUN have observed a surge in its activity since May 2025, reaching...
Hackers have begun actively exploiting a critical vulnerability in Adobe Commerce and Magento Open Source platforms, despite the issue having been officially patched last month. Over the past 24 hours, more than 250 attack...
A novel vulnerability was discovered in Microsoft 365 Copilot that permitted covert exfiltration of user data via an innocuous-looking Mermaid flowchart. The flaw lay in Copilot’s handling of a specially crafted document: the assistant...
In one of Vilnius’s districts, Lithuanian police carried out a large-scale operation to dismantle a bot farm operating on a network of so-called SIM boxes. The seized equipment indicates that the resources were used...
Jaguar Land Rover continues to grapple with the aftermath of a devastating cyberattack that paralyzed production, disrupted its dealer network, and jeopardized supply chains. Although manufacturing resumed earlier this month, the work of IT...
Several U.S. states reported cyber incidents this week that paralyzed municipal operations and disrupted local administrative systems. One of the hardest-hit areas was Kaufman County, Texas, located near Dallas and home to nearly 200,000...
A major security breach has struck the Typus Finance platform, resulting in the theft of approximately $3.44 million worth of digital assets. The incident targeted the TLP liquidity pool and stemmed from a vulnerability...
The U.S. Immigration and Customs Enforcement (ICE) has been using WhatsApp as a tool for surveillance. According to a recently declassified court order, the Homeland Security Investigations (HSI) division obtained authorization to track the...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered flaw in the Windows SMB component to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-33073, stems from an...
The Paragon investigation continues to gain momentum, as prosecutors in Rome and Naples intensify their questioning of officials from Italy’s intelligence services in an effort to reconstruct the chain of events that led to...
The American electronics distributor Avnet has confirmed a data breach, but stated that the stolen information cannot be read without the company’s proprietary internal tools. In a statement to BleepingComputer, an Avnet representative reported...
