Tag: emerging threats
3159 articles
BSI Warns Exclusive: Dire AI Governance Crisis Looms
The BSI warns business leaders are sleepwalking into an AI governance crisis that could hobble economies and hand malicious actors the upper hand. Treat AI risk with urgency—close the policy, oversight and training gaps now so benefits aren’t concentrated while harms spiral out of control.
Exchange servers Stunning: 9 in 10 on Outdated Software
With 9 in 10 Exchange servers still running out-of-support software, organizations face a stark choice—accept short-term disruption to upgrade now or leave a wide-open path for attackers to seize entire networks.
TEE.Fail: Stunning DDR5 Enclave Attack Poses Dangerous Risk
Meet TEE.Fail: a startling side‑channel that lets a host‑level attacker coax secrets from Intel SGX, TDX and AMD SEV by nudging privileged metadata and watching tiny side effects—proving hardware islands of trust can leak everything theyre supposed to hide.
Investment Scams: Exclusive Asia Report on Alarming Spread
Our exclusive Asia report exposes the alarming spread of investment scams across the region—read on to spot the red flags and protect your money.
GhostCall Exclusive: Critical BlueNoroff Malware Reveal
Meet GhostCall — a stealthy campaign tied to BlueNoroff that weaponizes low‑profile backdoors and traffic‑manipulation to quietly harvest credentials and hijack Web3 sessions. As blockchain projects scale, GhostCall and its sibling GhostHire show how openness can be turned into an espionage-and-theft platform that technologists, policy makers and users can’t afford to ignore.
Chrome Zero-Day Exclusive: Dangerous Mem3nt0 mori Attacks
A fresh Chrome zero-day is powering dangerous Mem3nt0 mori attacks. Learn how they work and what quick steps you can take to stay safe.
Google Exclusive: Gmail Breach Claims Overblown
Headlines claiming 183 million Gmail accounts were hacked sparked panic, but Google says the scare is overblown. Security experts say the list is mostly recycled, aggregated credentials from older leaks—still risky for reused passwords, but not proof of a fresh Gmail-wide breach.
Actively Exploited WSUS Bug: Exclusive Critical KEV Alert
CISA has added the WSUS bug CVE‑2025‑59287 to its KEV Catalog and ordered immediate remediation — federal agencies must patch by Nov 14. If you manage updates, treat this like a flashing red light and fix it now before attackers turn your update server into a backdoor.
Chatbots Stunningly Echo Dangerous Putin Propaganda
Surprisingly, about one in five chatbot answers about the war leans on state-affiliated Russian media — meaning our friendly AI helpers may be unwittingly echoing Moscow’s talking points and amplifying propaganda.
WSUS Exclusive: Critical Attacks Hit Multiple Orgs
A critical out‑of‑cycle patch for Windows Server Update Services (CVE-2025-59287) is already being exploited in the wild — forcing admins to choose between urgent remediation and risking production outages. If your network uses WSUS, patch immediately, verify recovery behavior, and repeat until systems are secure.
Weekly Recap: Exclusive Critical WSUS, LockBit, F5 Warnings
Still clicking “remind me later”? This week’s wake‑up call: LockBit 5.0 is back—and meaner—striking Windows, Linux and ESXi while WSUS and critical F5 flaws are being exploited, so harden hypervisors, broaden detection, and treat backups as sacred.
X Critical Alert: Exclusive Security Key Lockout Warning
Don’t get locked out of X — re-enroll your hardware security keys and passkeys (think YubiKey) by November 10, 2025, or risk losing access; it’s usually a quick tap to register but essential if a key is your only 2FA.
Qilin Ransomware Exclusive: Alarming 40+ Cases Monthly
Qilin ransomware is surging — over 40 incidents monthly — using double‑extortion leak sites that weaponize stolen files into lasting reputational damage. Is your organization prepared to respond beyond just restoring backups?
Europol Exclusive: Alarming Rise in Caller ID Spoofing
Europol’s recent takedown ripped the curtain back on how caller ID spoofing and SIM farms let criminals rent anonymity at scale — a win that still reads like a warning. With fraudsters shifting to SIMless virtual numbers and VoIP farms, the phone number we trust as ID has become a commodity for scams.
Breach: Stunning, Damaging Student Data Leak at Iran Lab
A stunning student data leak at Iran’s Ravin Academy has exposed names and personal details of trainees and affiliates. Beyond putting people at risk, the breach raises troubling questions about the security and credibility of the state-run cyber programs meant to project power online.
LinkedIn AI Exclusive: One-Week Opt-Out or Risk
Heads up: LinkedIn is giving users in Europe, Canada and Hong Kong just seven days to opt out. If you don’t act, your public posts could be used to train Microsoft’s AI.
X Exclusive: Stunning passkey reset kills Twitter
Xs sudden passkey reset—re-enroll by Nov. 10 or face lockout—left millions scrambling and sparked alarm after a delayed clarification. The scramble exposed how opaque security moves can quickly erode trust in platforms people depend on for work, reputation and civic voice.
Tata Consultancy Services Exclusive Denies Critical M&S Loss
Tata Consultancy Services says: follow the timeline — its service‑desk contract with Marks & Spencer ended before the cyber intrusion, so the two events shouldn’t be conflated. That timing could dramatically shift the legal, regulatory and reputational fallout.
UK Fraud Cases: Exclusive Insight as 17% Surge Alarms
Don’t assume a message from your bank is safe — APP fraud is surging, with UK incidents up 17% in H1 2025 as scammers turn everyday payments into a growing national risk.
Critical WordPress Plugin Bugs Cause Stunning Damage
Three critical WordPress plugin vulnerabilities disclosed in 2024 are already being weaponized in the wild, forcing site owners to weigh immediate patching (and potential downtime) against the very real risk of rapid, widespread compromise. If your site uses plugins, now’s not the time to procrastinate—automated scanners and exploit kits can turn one unpatched flaw into a mass breach within hours.
UN Cybercrime Treaty: Stunning Gains, Sparks Criticism
The UN Cybercrime Treaty—now signed by 72 countries—promises to turbocharge cross-border digital investigations, but technologists and rights groups warn it could trade faster justice for expanded surveillance and weakened encryption.
Sneaky Mermaid attack: Exclusive Copilot data breach alert
A clever Sneaky Mermaid indirect prompt injection showed how hidden instructions buried in files could trick Microsoft 365 Copilot into leaking tenant data. Microsoft says it patched this specific flaw, but security teams warn the broader risk of stealthy, embedded prompt attacks is far from over.
Iran’s MuddyWater: Stunning, damaging 100+ network breach
A single hijacked government mailbox became MuddyWater’s battering ram, letting Tehran-linked operators quietly harvest credentials and pivot into 100+ networks across the Middle East and North Africa. It’s a stark reminder that low-cost social engineering and trusted infrastructure can give attackers exponential reach without a single zero-day.
Cyber exec Exclusive: Damning spy charges, lavish life
How did a senior manager at L3Harris’s secretive Trenchant unit allegedly trade zero-day vulnerabilities and exploit code to a Russian buyer for about $1.3 million—reportedly fueling a lavish lifestyle while putting U.S. national security at risk?