Cybercriminals are leveraging LastPass's after-death account handover procedures to trick users into revealing their login credentials. The campaign, linked to the CryptoChameleon group, involves sending fake emails about legacy access requests that redirect victims to phishing sites.

Scammers are now using fake voicemail notifications to trick users into revealing their credentials. These phishing emails often appear legitimate, leading victims to fake login pages or triggering malware downloads.

A new hacking group, Storm-2657, is targeting U.S. universities with sophisticated phishing attacks aimed at hijacking payroll payments. These 'pirate payroll' attacks exploit social engineering tactics to manipulate staff into providing sensitive login information.

OpenAI's new AI web browser, ChatGPT Atlas, has been found to be vulnerable to clipboard injection attacks. This vulnerability could allow malicious actors to manipulate the user's clipboard, potentially leading to security breaches.

Microsoft has released an out-of-band security update for a critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. This flaw allows remote code execution by unauthenticated threat actors, and a new patch is necessary to fully mitigate the issue as the initial patch was incomplete.

The SideWinder advanced persistent threat group has developed a sophisticated attack methodology utilizing ClickOnce applications to deploy StealerBot malware against diplomatic and governmental targets in South Asia. This campaign marks a significant evolution in their tactics, employing spear-phishing emails and advanced evasion techniques.

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a North Korean government-affiliated threat actor. This campaign, part of 'Operation DreamJob,' uses social engineering tactics to exfiltrate proprietary information.

Google's Threat Intelligence Group has uncovered a Vietnamese cybercriminal campaign that uses fake job postings to compromise digital marketing professionals. The campaign, tracked as UNC6229, employs social engineering and malware tactics to hijack corporate advertising accounts.

A recent analysis reveals that the Wagner Group has been utilizing military equipment from the Malian army, potentially violating the Arms Trade Treaty. This situation raises significant diplomatic concerns for Mali as it may face sanctions for diverting arms to unauthorized users.

Two teenagers have been charged with computer hacking offenses related to a cyber attack on Transport for London (TfL) that caused significant disruption last year. The attack, attributed to the cyber-criminal group Scattered Spider, resulted in £39 million in damages.

Toys “R” Us Canada has confirmed a data breach where customer records were leaked by threat actors. The company is notifying affected customers and has upgraded its security measures following the incident.

Salt Typhoon, a China-linked APT group, is leveraging zero-day exploits and DLL sideloading techniques to conduct sophisticated cyber espionage campaigns against critical infrastructure worldwide. Recent activities include targeting telecommunications and energy sectors, demonstrating advanced capabilities to compromise lawful intercept systems.

Medusa Ransomware has leaked a significant amount of data from Comcast, totaling 834 GB, after the company failed to meet a $1.2 million ransom demand. This incident highlights the ongoing threat posed by ransomware groups.

Google has removed over 3,000 YouTube videos that were spreading password-stealing malware disguised as cracked software and game cheats. The operation, dubbed the 'YouTube Ghost Network,' exploited legitimate accounts to lure viewers into downloading infostealers.

Caminho, a Brazilian Loader-as-a-Service (LaaS), uses Least Significant Bit (LSB) steganography to hide .NET payloads in images, allowing malware to bypass defenses. This threat targets businesses across South America, Africa, and Eastern Europe, utilizing spear-phishing tactics to deliver its payloads.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

The Russian state-sponsored APT known as Star Blizzard has transitioned to using a new backdoor, MaybeRobot, following the public disclosure of its LostKeys malware. This change comes as the group continues to employ sophisticated infection techniques to target civil society members in Russia.

GlassWorm malware is exploiting the OpenVSX marketplace to target developers, highlighting the risks associated with third-party software repositories. Developers are urged to exercise caution when downloading extensions.

Researchers have uncovered a large-scale phishing operation known as Smishing Triad, which utilizes text messages to deceive victims. The campaign involves thousands of malicious actors and has registered approximately 195,000 domains since January 2024, primarily targeting sensitive personal information.

Threat actors are exploiting X’s generative AI bot Grok to disseminate phishing links, according to ESET researchers. By tricking Grok into providing links in its responses, attackers are circumventing restrictions on promoted posts.