Tag: emerging threats
3101 articles
Turkey Unveils Neşter Precision Munition with Bladed Design
Meet Neşter, a game-changing precision munition that's redefining surgical strikes with its unique bladed design, allowing for pinpoint accuracy and controlled neutralization of targets with minimal collateral damage. This Turkish innovation is set to revolutionize the defense industry with its cutting-edge technology.
Apache HTTP Server Flaw Enables DoS and Potential RCE Attacks
A critical flaw in the Apache HTTP Server, known as CVE-2026-23918, can be exploited to launch devastating denial-of-service (DoS) and potential remote code execution (RCE) attacks, putting your online security at risk. This high-severity bug has been patched in Apache HTTP Server version 2.4.67, so updating is crucial to prevent attacks.
Latvian Hacker Sentenced for Role in Former Conti Leaders' Ransomware Extortion Scheme
A Latvian hacker has been sentenced to 8.5 years in federal prison for his role in a massive ransomware extortion scheme that targeted over 54 companies, causing hundreds of millions of dollars in losses. Deniss Zolotarjovs, 35, helped former Conti leaders extort payments from victims over a two-year period.
Army Hosts Hackathons to Integrate Dozens of Military Systems
The Army is shaking things up with a series of hackathons called "Right to Integrate," where vendors will gather for a one-day brainstorming session to make their software and systems more compatible, with the goal of integrating dozens of military systems for seamless communication and data sharing. This move aims to give the Army a game-changing edge on the battlefield by enabling its systems, weapons, and sensors to talk to each other like never before.
Microsoft Uncovers Large-Scale Phishing Campaign Using Fake Compliance Emails
In just 48 hours, a massive phishing campaign targeted over 35,000 users across 13,000 organizations in 26 countries, using convincing fake compliance emails to steal login credentials. The sophisticated attack, detected by Microsoft's Defender Research team, hit US firms hard, but its global reach was widespread.
China-Linked UAT-8302 Exploits Shared Malware to Target Global Governments
Meet UAT-8302, a sophisticated China-linked threat group that's been secretly targeting governments worldwide, deploying custom malware to infiltrate and gather intel. Its recent attacks have hit government entities in South America and southeastern Europe, raising global cybersecurity concerns.
Stalkerware Breach Exposes Risks for Executives
A shocking stalkerware breach has exposed a treasure trove of sensitive information, including 86,859 images - seemingly screenshots from a single victim's device - used to secretly stalk a high-profile European entrepreneur and media personality. The alarming leak highlights the very real risks executives face in the digital age.
ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering
Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.
CISA Warns of Active Exploits of Linux 'CopyFail' Flaw
A newly disclosed Linux kernel vulnerability, dubbed "CopyFail," is being actively exploited, allowing low-privilege users to gain full root control on unpatched systems with a single, unmodified exploit binary. This alarming flaw, tracked as CVE-2026-31431, has sparked emergency patching efforts to prevent widespread attacks.
FTC Bars Kochava from Selling Location Data Without Consent
The Federal Trade Commission is taking a stand against Kochava, proposing an order that would require the company to obtain explicit consent from Americans before selling their precise location data, and only use it for services they directly requested. This move aims to put an end to the sale of sensitive location information without users' knowledge or consent.
CVE Feeds Overlook End-of-Life Software Vulnerabilities
The blind spot in CVE feeds is leaving end-of-life software vulnerabilities flying under the radar, with a staggering 167,286 false negatives identified in 2025 alone. This oversight can have serious consequences, as outdated software can still be exploited, even if it's no longer receiving patches.
Cushman & Wakefield Discloses Vishing Incident Amid Dual Ransomware Threats
Cushman & Wakefield recently fell victim to a vishing incident, but swift action was taken to contain the breach and protect its systems. The company has confirmed that its operations remain normal and it's working closely with experts to investigate and respond to the incident.
Phishing Campaign Exploits Signed RMM Software to Plant Persistent Backdoors
A long-running phishing campaign has compromised over 80 US organizations by using legitimately signed remote monitoring software to install silent, persistent backdoors, according to Securonix research. The attack begins with a clever email impersonating the US Social Security Administration, tricking victims into downloading malicious payloads.
MetInfo CMS Flaw Exploited for Remote Code Execution Attacks
A critical flaw in the MetInfo content management system, CVE-2026-29014, allows remote attackers to execute arbitrary code with a CVSS score of 9.8, putting your site at risk of full takeover. This unauthenticated PHP code-injection vulnerability affects versions 7.9, 8.0, and 8.1, and can be exploited with crafted requests containing malicious PHP code.
Vimeo Breach Exposes 119,000 in Data Heist by ShinyHunters Gang
A recent data breach at Vimeo exposed the email addresses and names of over 119,000 users, thanks to a hack by the notorious ShinyHunters extortion gang, which gained access through a vulnerability at data anomaly detection company Anodot. The breach highlights the importance of securing third-party integrations to protect sensitive user data.
Vimeo Breach Exposes 119,000 Email Addresses
A data breach at Vimeo has compromised the email addresses of over 119,000 users, with hackers also accessing some metadata and technical data from a third-party analytics vendor. Fortunately, no video content, login credentials, or payment card information was stolen.
OAuth Grants Expose Hidden Attack Vector in Enterprise Workspaces
Unmanaged OAuth grants are a ticking time bomb in enterprise workspaces, with 80% of security leaders recognizing them as a critical or significant risk. A recent attack by threat actor UNC6395 exploited valid OAuth refresh tokens to breach Salesforce environments of over 700 organizations, highlighting the devastating consequences of neglecting OAuth security.
Romance Scammers Rake in £102M Through Emotional Manipulation
Romance scammers exploited the trust of unsuspecting victims to pocket a staggering £102 million in 2025, with the average person losing around £9,500 in these emotionally manipulative scams. This heart-wrenching trend saw a 29% surge in reported cases, with £280,000 lost daily.
Google Boosts Bounty Payouts for Elusive Android Exploits
Google just supercharged its bounty program, offering up to $1.5 million for the most elusive Android exploits that require top-notch technical skills to pull off. The biggest prizes go to zero-click, full-chain exploits with persistence, highlighting Google's focus on tackling the toughest security challenges.
AI Infrastructure Exposes Widespread Security Gaps
A staggering 2 million hosts and 1 million exposed services were uncovered through a simple scan of certificate transparency logs, revealing alarming security gaps in AI infrastructure. The findings painted a concerning picture: most AI projects lack even basic authentication, leaving them vulnerable to exploitation.
AI Adoption Outpaces Security Policies, Heightens Cyber Risk
Most organizations are already using AI tools, with 90% of digital trust professionals confirming employees are leveraging them, yet only 38% have a comprehensive policy in place to manage the risks. This disconnect leaves a staggering 25% of organizations with no AI policy at all, heightening cyber risk.
CloudZ Malware Exploits Microsoft Phone Link to Harvest SMS and OTPs
Beware: CloudZ malware is exploiting Microsoft's Phone Link feature to intercept SMS and OTPs, putting your sensitive info at risk. This sneaky attack uses a plugin called Pheno to tap into your Phone Link activity and steal your private messages.
NCSC Warns of Impending AI-Driven Patch Surge
Get ready for a surge of software updates, warns the National Cyber Security Centre's CTO, as AI-driven patching is set to uncover and fix long-standing vulnerabilities across your tech stack. Prioritise your external attack surfaces and prepare for a "patch wave" to stay ahead of the threat.
Karakurt Ransomware Operative Sentenced for Extortion Role
Meet Deniss Zolotarjovs, a Latvian national who helped his ransomware gang extort dozens of companies - and even a government entity with a crippled 911 system - by leveraging stolen sensitive data, including children's health information. He's now facing 8.5 years in prison for his role in the Karakurt extortion operation.