Cybercriminals are leveraging LastPass's after-death account handover procedures to trick users into revealing their login credentials. The campaign, linked to the CryptoChameleon group, involves sending fake emails about legacy access requests that redirect victims to phishing sites.

The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

A large-scale intrusion campaign, tracked as REF3927, is exploiting misconfigured Microsoft IIS servers that reuse publicly exposed ASP.NET machine keys. Attackers are deploying malicious modules and webshells to gain control over affected systems.

A recent investigation revealed a critical loophole in Azure applications that allowed hackers to create malicious apps using reserved Microsoft names. This vulnerability enabled attackers to gain unauthorized access and escalate privileges within Microsoft 365 environments, posing significant risks to organizations.

The latest Microsoft Digital Defense Report reveals that over 52% of cyberattacks are motivated by extortion and ransomware, with a significant focus on data theft. The report emphasizes the need for proactive cybersecurity measures and modernization in defense strategies.

AI technology is increasingly integrated into workplaces, shaping the labor market and HR practices. Employers and employees must adapt to effectively manage generative AI and other AI-powered systems.

The Beamglea campaign has exploited 175 malicious npm packages to conduct phishing attacks, primarily targeting tech and energy firms across Europe and APAC. Researchers discovered that these packages, which have over 26,000 downloads, redirect users to phishing sites designed to steal credentials.