Cybersecurity
General cybersecurity news and analysis

Bloody Wolf: Exclusive Dangerous Java RAT Hits Central Asia
Think your monitoring keeps you safe? Bloody Wolf has been quietly delivering NetSupport RAT across Kyrgyzstan and Uzbekistan via a Java-based loader and DLL sideloading — a stealthy, modular campaign that evades signature scanners and forces defenders to rely on behavioral monitoring and active threat hunting.

Microsoft Exclusive: Critical Entra ID Script Block 2026
Microsoft is tightening the Content Security Policy for Entra ID so login.microsoftonline.com will only run JavaScript from Microsoft-owned domains — a strong move to block unauthorized script injection that helps protect tokens and credentials. Rolling out in about a year, it’s a heads-up for admins: tighter security, but likely compatibility pain for third‑party integrations.

Asahi Exclusive: Alarming Cyberattack Hits 1.5M
Up to 1.5 million Asahi customers are asking, Were my records exposed? after a September ransomware attack that disrupted deliveries and may have accessed customer databases. Investigators and law enforcement are still probing what was taken as the company grapples with a growing privacy and trust crisis.

OpenAI Warns: Exclusive Critical Mixpanel Breach
OpenAI is urging users to rotate keys and audit integrations after a Mixpanel breach that may have exposed leaked API keys and telemetry — a wake‑up call that third‑party analytics can become an attack vector overnight.

OpenAI Exclusive: Critical Mixpanel Breach Hits API Users
A critical Mixpanel breach has put API users data at risk. Read our exclusive breakdown of what happened, whos affected, and simple steps you can take now to protect your apps.

Lapsus$ Hunters Pose Dangerous, Exclusive Threat to Zendesk
Patchable missteps meet crowd‑powered coercion: Scattered Lapsus$ Hunters are resurfacing with new phishing domains and social‑engineering tricks aimed at support tools like Zendesk. Compromised help‑desk credentials can give attackers an exclusive backdoor into customer and corporate data—so small lapses can have big consequences.

UK Cyber Resilience Bill: Exclusive Critical Provisions
Take an exclusive look at the UK Cyber Resilience Bill’s critical provisions. From privacy-by-design and data limits to distributed trust and independent oversight, Parliament’s choices will decide whether our digital infrastructure becomes truly resilient or merely shifts risk around.

UK Report: Stunning liability rules could be costly
What if the software that runs hospitals, banks and supply chains could be held legally liable for every flaw? A new UK report urges clearer legal liability to force better security and faster fixes — but warns those protections could be costly, reshape markets and squeeze smaller vendors.

FBI Exclusive: Stunning $262M Costly Account Takeovers
Imagine waking to find your bank account emptied by someone who cloned your bank’s site — the FBI says over $262M has been lost to account takeover scams since January 2025. Learn how phishing, credential stuffing and fake reporting pages let criminals turn stolen logins into instant cash — and what you can do to stop them.

Gainsight Cyber-Attack Exclusive: Critical Salesforce Hit
A Gainsight cyber attack has critically hit Salesforce—here’s what happened and the immediate steps you need to protect your data and your org.

Chrome Extension Exclusive: Malicious Raydium Solana Fees
Think your trading extension has your back? Researchers uncovered Crypto Copilot — a Chrome add-on that stealthily skimmed tiny fees off Raydium Solana swaps to an attacker-controlled wallet, a stark reminder to vet permissions before installing extensions.

HashJack Exclusive: Dangerous Injection Weaponizes Websites
Meet HashJack — a new technique that turns everyday websites into traps for AI‑enabled browsers and automated agents, tricking them into leaking session tokens and secrets with a convincing prompt. What feels like a harmless CAPTCHA or verification dialog can quietly hand attackers the keys to your account until those tokens are revoked.

London Councils Hit by Serious Exclusive Cyber Incidents
At least three London boroughs are battling a serious cyber incident that’s disrupted services and shown how ageing council IT can turn targeted attacks into city-wide crises. As teams scramble to contain the breach and keep vital functions running, this episode highlights a worrying UK trend: fewer incidents, but far greater damage.

FBI Reveals Stunning Rise in Costly AI Phishing Scams
Imagine a voicemail that sounds exactly like your daughter begging for help — only its a scam. The FBI warns cheap AI tools are fueling a surge of hyper‑personalized phishing scams that have already cost victims hundreds of millions and can fool individuals, businesses, and banks alike.

JackFix Exclusive Alert: Dangerous Fake Windows Updates
Heads up — don’t paste that “Windows fix” command: a slick new scam uses fake CAPTCHAs and cloned sites to trick users into running malware that gives attackers persistent access to otherwise patched PCs.

FlexibleFerret Exclusive: Dangerous macOS Go Backdoor
Think a harmless Mac script cant hurt? FlexibleFerret proves otherwise — a modular, multistage campaign that uses staged shell/AppleScript and a Go-based backdoor to quietly harvest credentials and maintain stealthy, long-term access across macOS systems.

3 SOC Challenges Exclusive: Best Solutions by 2026
By 2026, AI will be attackers’ force multiplier — and Security Operations Centers must urgently tackle opaque automation, people-and-process shortfalls, and brittle third‑party dependencies. The solution is practical: insist on explainability and provenance, use human‑in‑the‑loop staged automation, and require adversarial‑resilience testing before any autonomous actions go live.

Hackers Hijack Blender Assets: Exclusive StealC V2 Threat
Beware: malicious .blend files on popular asset marketplaces are silently deploying StealC V2 to steal credentials and tokens the moment you open them. Artists and studios should vet downloads, update tools, and treat free assets with caution.

AI Deepfake Stunning Surge: Identity Fraud Worsens
Identity fraud has entered a new era: generative AI churns out eerily lifelike voices and videos that let scammers impersonate bosses, loved ones and officials with uncanny accuracy. As these deepfake-enabled schemes become cheaper and harder to spot, individuals and businesses must rethink how they verify trust.

CISA: Exclusive Critical Spyware Threat to Signal, WhatsApp
CISA warns that commercial spyware and remote‑access trojans are being used to compromise Signal and WhatsApp—often via social engineering and sideloaded apps—turning everyday messaging into a gateway for stolen messages, media and device data.

IACR Stuns: Nullifies Election After Costly Key Loss
A missing trustee and a lost cryptographic key turned a routine online ballot into a null election overnight — now the IACR faces the blunt question: who still holds the key to our trust?

Fluent Bit Critical Flaws Reveal Stunning Security Risks
Imagine the tool that watches your systems being used to hide intruders—that’s the risk exposed by critical flaws in Fluent Bit, which researchers say can let unauthenticated attackers corrupt, intercept, or take over telemetry pipelines. If you run Fluent Bit in clouds, containers, or edge devices, now’s the time to hunt, patch, and harden those deployments before attackers turn your logs into cover.

Russian-linked Malware: Dangerous, Stunning Blender Threat
Think twice before opening that .blend—Morphisec found Russian-linked StealC V2 hidden inside Blender project files, so importing a shared 3D asset can trigger a stealthy multi-stage stealer. Artists and studios should start treating downloaded .blend files like potential executables until vetting becomes routine.

CISA Warns: Must-Fix Critical Oracle OIM Flaw
CISA added a critical Oracle Identity Manager flaw to its Known Exploited Vulnerabilities list, meaning attackers are already targeting it. If you handle identity systems, prioritize patching or mitigations now—an unpatched OIM bug can hand intruders the keys to your environment.