Tag: emerging threats
3144 articles
Iberia Airlines Exclusive: Critical Supply Chain Breach
When Iberia alerts customers that a supplier was compromised, it’s a reminder that a single supply‑chain breach can ripple into delays, data exposure and broader operational headaches across modern travel. If you got the email, here’s what it means for your trip and what to look out for next.
Cybercriminals Exploit Push Notifications: Stunning Risks
Think your browsers push alerts are harmless? Cybercriminals are hijacking browser push notifications and fake verification prompts to deliver stealthy malware and persistent backdoors, turning everyday web conveniences into covert attack channels.
Grafana Critical Patch Fixes Stunning CVSS 10.0 SCIM Flaw
Grafana released urgent patches for a CVSS 10.0 SCIM vulnerability that could let authenticated attackers escalate privileges or impersonate users—apply the update now and review your SCIM configs and logs.
Gainsight Exclusive: Critical Hack Risks Salesforce Clients
Urgent heads-up: a critical Gainsight hack could expose Salesforce clients’ data—here’s what happened and how to protect your systems.
SEC Stunning Move Drops SolarWinds Case, Costly Fallout
The SEC’s abrupt request to dismiss its high‑profile lawsuit over the 2020 SolarWinds supply‑chain breach has left investors, technologists and policymakers wondering what it signals about enforcement, deterrence and the limits of cyber regulation. After years of litigation that promised to redefine how securities law treats cybersecurity, the surprising reversal raises urgent questions about accountability and how companies should disclose cyber risk.
ShadowRay 2.0 Exclusive: Dangerous GPU Botnet Threat
Think your idle GPUs are harmless? ShadowRay 2.0 quietly turns misconfigured Ray clusters into a self‑replicating crypto‑mining botnet—using automated scans, scripted Docker deployments, and TOR to stay hidden—proving default or unauthenticated management interfaces are an invitation to sustained criminal profit.
CISA Exclusive: Critical Bulletproof Hosting Threat Alert
Bulletproof hosting—the shadow infrastructure that shelters botnets, ransomware and fraud—has long let bad actors dodge takedowns. CISA’s new practical guide gives ISPs and hosts straightforward, actionable steps to detect, disrupt and remediate those services so defenders can finally keep pace.
ThreatsDay Exclusive: Critical Cyber Threats Unveiled
Think clicking a browser add-on or plugging in a smart camera is harmless? This ThreatsDay roundup exposes how weaponized everyday tools — from extensions and smart gadgets to satellite feeds and SMS — turn convenience into a covert battleground of surveillance, social engineering, and supply‑chain attacks.
CTM360 Exclusive: Alarming WhatsApp Hijack Campaign Exposed
CTM360 exposes HackOnChat, a clever and dangerous campaign that clones WhatsApp Web to trick users into revealing authentication codes and handing over their accounts. With thousands of malicious URLs and coordinated fronts, this WhatsApp account hijacking operation is alarmingly scalable and hard to takedown.
Gartner Warns: Stunning Shadow AI Risk to 40% of Firms
Turns out the handy AI tools employees love could be your companys hidden threat: Gartner warns that by 2030, 40% of firms will face security or compliance incidents from shadow AI—unsanctioned consumer or third‑party models that can leak PII, payment data and trade secrets. Convenience is great until it becomes a costly regulatory and financial headache.
UK, US and Australia Sanction Media Land – Stunning Blow
When protected at all costs becomes a shield for criminals, the UK, US and Australia moved in — jointly sanctioning a bulletproof hosting provider and four executives to choke off the infrastructure behind ransomware, scams and other cybercrime.
7-Zip Critical RCE: Exclusive Warning as Hackers Exploit
Imagine your go‑to file extractor becoming an attacker’s backdoor—7‑Zip’s RCE (CVE‑2025‑11001) is being actively exploited. Update to 7‑Zip 25.00 now, check for signs of compromise, and treat any unpatched machines as high risk.
Europol Operation: Stunning, Devastating $55M Crypto Bust
Europes Cyber‑Patrol Week used blockchain forensics and cross‑border raids to disrupt crypto services moving roughly $55 million, delivering a stunning, devastating blow to criminal money‑movement rails. The takedown shows how improved tracing and private‑sector cooperation can unmask operators — even as some legitimate users lose a layer of convenience.
Python-Based WhatsApp Worm Exclusive: Dangerous Stealer
What would you do if your WhatsApp started messaging your friends without you? Researchers warn the Delphi-based Eternidade Stealer is hijacking accounts and weaponizing contact lists—using social engineering and IMAP-resolved C2 to spread quickly and dodge static defenses.
Eternidade Stealer Trojan Exclusive Severe Cybercrime Surge
Eternidade Stealer is a new banking trojan that weaponizes Brazil’s favorite app, WhatsApp, turning ordinary messages into a fast-moving credential theft campaign. Researchers warn one click can unleash downloaders that harvest browser-stored credentials and cookies, making everyday chats unexpectedly risky for users and businesses.
PlushDaemon Exclusive: Dangerous New Spy Malware
Exclusive: PlushDaemon malware is a stealthy new spy quietly siphoning personal data — learn how it works, whos at risk, and easy steps you can take to protect yourself.
China-Linked WrtHug Exclusive: Dangerous ASUS Router Hijack
Imagine the little black box under your desk as a secret backdoor — SecurityScorecard has exposed WrtHug, a China-linked campaign hijacking thousands of ASUS routers to intercept traffic, steal credentials and quietly persist in homes and small businesses. It shows how exposed management interfaces and unpatched firmware can turn everyday routers into powerful spying and staging platforms.
Half of Ransomware Access: Exclusive Critical VPN Threat
Think your VPN keeps the bad guys out? Q3 data show compromised VPN credentials were the top initial access vector for ransomware, so it’s time to rethink perimeter defenses, identity hygiene, and incident response.
Fortinet Exclusive: Critical FortiWeb CVE-2025-58034
Exclusive: A critical FortiWeb vulnerability (CVE-2025-58034) has been disclosed — find out what it means for your environment and the quick steps to keep your systems protected.
2FA Phishing Kit: Exclusive Alert on Dangerous BitB Pop-ups
Think your 2FA push is safe? Browser-in-the-Browser phishing kits like Sneaky 2FA now mimic real browser dialogs to trick users into approving account takeovers, making powerful relay attacks cheap and easy to rent.
CISA 2015 Extension: Exclusive, Welcome Short-Term Relief
Good news: the Cybersecurity Information Sharing Act’s short‑term extension buys defenders breathing room and keeps automated threat‑sharing pipelines running. But it’s only a temporary patch, leaving legal uncertainty, oversight concerns, and the need for a durable, modern solution unresolved.
New npm Malware Campaign Exclusive: Severe Crypto Redirects
When the libraries you trust become trapdoors, developers are in for a rude awakening: a new npm malware campaign by dino_reborn hides in seven packages and uses cloaking and fake CAPTCHAs to selectively redirect victims to cryptocurrency phishing flows. This supply‑chain‑style attack evades scanners by activating only under certain conditions, turning convenience into a costly risk.
AI-Enhanced Tuoni Framework: Exclusive Affordable Win
A single crafted message—leveraging AI‑enhanced Tuoni C2, steganography and in‑memory execution—slipped past defenses at scale, showing attackers are getting smarter and stealthier. Its a wake‑up call: rapid detection, cross‑team coordination and tougher verification are now essential.
DoorDash Confirms Data Breach: Exclusive Alarming Details
DoorDash data breach confirmed — get our exclusive, alarming details on what was exposed, who’s at risk, and the quick steps you can take right now to protect your information.