Cybercriminals are leveraging LastPass's after-death account handover procedures to trick users into revealing their login credentials. The campaign, linked to the CryptoChameleon group, involves sending fake emails about legacy access requests that redirect victims to phishing sites.
A significant data breach at Dublin and Cork Airports has potentially exposed millions of passengers' travel information. The breach is linked to a third-party supplier, Collins Aerospace, and has raised concerns about the security of sensitive data in the aviation sector.
Scammers are now using fake voicemail notifications to trick users into revealing their credentials. These phishing emails often appear legitimate, leading victims to fake login pages or triggering malware downloads.
A new hacking group, Storm-2657, is targeting U.S. universities with sophisticated phishing attacks aimed at hijacking payroll payments. These 'pirate payroll' attacks exploit social engineering tactics to manipulate staff into providing sensitive login information.
Microsoft has released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is currently under active exploitation. The flaw allows unauthorized attackers to execute code over a network, necessitating immediate patching for affected Windows Server versions.
The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.
A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.
OpenAI's new AI web browser, ChatGPT Atlas, has been found to be vulnerable to clipboard injection attacks. This vulnerability could allow malicious actors to manipulate the user's clipboard, potentially leading to security breaches.
CISA has issued an urgent alert regarding a critical flaw in Motex Lanscope Endpoint Manager, tracked as CVE-2025-61932. This vulnerability, rated 9.8 on the CVSS scale, allows attackers to bypass authentication mechanisms, leading to potential unauthorized access and data compromise.
Microsoft has released an emergency security patch for a critical vulnerability in Windows Server Update Services (WSUS) that is being actively exploited. The vulnerability, tracked as CVE-2025-59287, allows remote code execution and carries a severity score of 9.8 out of 10.
Microsoft has released an out-of-band security update for a critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. This flaw allows remote code execution by unauthenticated threat actors, and a new patch is necessary to fully mitigate the issue as the initial patch was incomplete.
The OYO Las Vegas Hotel & Casino experienced a ransomware attack in January, exposing personal and financial information of approximately 4,700 individuals. The incident is now central to a legal dispute between OYO and its former management company, Highgate Hotels.
The SideWinder advanced persistent threat group has developed a sophisticated attack methodology utilizing ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets in South Asia. This campaign marks a significant evolution in their tactics, employing spear-phishing emails and advanced evasion techniques.
Everest Ransomware has reportedly breached AT&T Careers, compromising 576,000 records. This incident highlights the ongoing threat of ransomware attacks targeting large organizations.
The UK government has introduced new anti-ransomware guidance aimed at addressing supply chain vulnerabilities that have led to significant cyber incidents. Developed in collaboration with Singapore, the guidance outlines practical steps for organizations to enhance their supply chain security and prevent exploitation by cyber criminals.
