Cybercriminals are leveraging LastPass's after-death account handover procedures to trick users into revealing their login credentials. The campaign, linked to the CryptoChameleon group, involves sending fake emails about legacy access requests that redirect victims to phishing sites.

A significant data breach at Dublin and Cork Airports has potentially exposed millions of passengers' travel information. The breach is linked to a third-party supplier, Collins Aerospace, and has raised concerns about the security of sensitive data in the aviation sector.

Scammers are now using fake voicemail notifications to trick users into revealing their credentials. These phishing emails often appear legitimate, leading victims to fake login pages or triggering malware downloads.

A new hacking group, Storm-2657, is targeting U.S. universities with sophisticated phishing attacks aimed at hijacking payroll payments. These 'pirate payroll' attacks exploit social engineering tactics to manipulate staff into providing sensitive login information.

Microsoft has released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is currently under active exploitation. The flaw allows unauthorized attackers to execute code over a network, necessitating immediate patching for affected Windows Server versions.

The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

A sophisticated text message phishing campaign, attributed to the Smishing Triad, is targeting users globally, affecting over 121 countries. The operation utilizes advanced social engineering tactics and operates through a Phishing-as-a-Service ecosystem.

OpenAI's new AI web browser, ChatGPT Atlas, has been found to be vulnerable to clipboard injection attacks. This vulnerability could allow malicious actors to manipulate the user's clipboard, potentially leading to security breaches.

CISA has issued an urgent alert regarding a critical flaw in Motex Lanscope Endpoint Manager, tracked as CVE-2025-61932. This vulnerability, rated 9.8 on the CVSS scale, allows attackers to bypass authentication mechanisms, leading to potential unauthorized access and data compromise.

Microsoft has released an emergency security patch for a critical vulnerability in Windows Server Update Services (WSUS) that is being actively exploited. The vulnerability, tracked as CVE-2025-59287, allows remote code execution and carries a severity score of 9.8 out of 10.

Microsoft has released an out-of-band security update for a critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. This flaw allows remote code execution by unauthenticated threat actors, and a new patch is necessary to fully mitigate the issue as the initial patch was incomplete.

The OYO Las Vegas Hotel & Casino experienced a ransomware attack in January, exposing personal and financial information of approximately 4,700 individuals. The incident is now central to a legal dispute between OYO and its former management company, Highgate Hotels.

Everest Ransomware has reportedly breached AT&T Careers, compromising 576,000 records. This incident highlights the ongoing threat of ransomware attacks targeting large organizations.

The UK government has introduced new anti-ransomware guidance aimed at addressing supply chain vulnerabilities that have led to significant cyber incidents. Developed in collaboration with Singapore, the guidance outlines practical steps for organizations to enhance their supply chain security and prevent exploitation by cyber criminals.

Researchers have identified a new wave of cybersecurity attacks against European drone makers by the Lazarus Group, a North Korean government-affiliated threat actor. This campaign, part of 'Operation DreamJob,' uses social engineering tactics to exfiltrate proprietary information.

Google's Threat Intelligence Group has uncovered a Vietnamese cybercriminal campaign that uses fake job postings to compromise digital marketing professionals. The campaign, tracked as UNC6229, employs social engineering and malware tactics to hijack corporate advertising accounts.

A recent analysis reveals that the Wagner Group has been utilizing military equipment from the Malian army, potentially violating the Arms Trade Treaty. This situation raises significant diplomatic concerns for Mali as it may face sanctions for diverting arms to unauthorized users.

Comcast Corporation has had 186.36 GB of compressed data, totaling 834 GB of stolen information, exposed by the Medusa ransomware gang after refusing to pay a $1.2 million ransom. The data includes sensitive Excel files and scripts related to auto premium analysis.

Two teenagers have been charged with computer hacking offenses related to a cyber attack on Transport for London (TfL) that caused significant disruption last year. The attack, attributed to the cyber-criminal group Scattered Spider, resulted in £39 million in damages.

Toys “R” Us Canada has confirmed a data breach where customer records were leaked by threat actors. The company is notifying affected customers and has upgraded its security measures following the incident.