Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover (DTO) attacks.
“Herodotus is designed to perform device takeover while making first attempts to mimic human behaviour and bypass behaviour biometrics detection,” ThreatFabric said in a report shared with
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire.
According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called BlueNoroff, which is also known as APT38,
In episode 74 of The AI Fix, we meet Amazon’s AI-powered delivery glasses, an AI TV presenter who doesn’t exist, and an Ohio lawmaker who wants to stop people from marrying their chatbot.
Also, we learn how Geoffrey Hinton and Steve Wozniak have teamed up with the unlikely coupling of will.i.am and Steve Bannon to pull the brakes on “super-intelligence.”
Meanwhile, Graham wonders if you should really trust an AI browser with your passwords, or your credit card, or, frankly, anything at all, and Mark reveals what AGI really means – and how close we are to reaching it.
It’s an episode packed with deepfaked sidebars, brain-rotted AIs, and humans who still can’t take selfies properly.
All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.
In cybersecurity, speed isn’t just a win — it’s a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more confidently your business keeps scaling. Early threat detection isn’t about preventing a breach someday: it’s about protecting the revenue you’re supposed to earn every day.
Companies that treat cybersecurity as a
The New Reality for Lean Security Teams
If you’re the first security or IT hire at a fast-growing startup, you’ve likely inherited a mandate that’s both simple and maddeningly complex: secure the business without slowing it down.
Most organizations using Google Workspace start with an environment built for collaboration, not resilience. Shared drives, permissive settings, and constant
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.
The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as having come under
A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025.
The activity “reveals a notable evolution in SideWinder’s TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in
Social media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure continued access to the service.
To that end, users are being asked to complete the re-enrollment, either using their existing security key or enrolling a new one, by November 10, 2025.
“After November 10, if you
Cybersecurity researchers have discovered a new vulnerability in OpenAI’s ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant’s memory and run arbitrary code.
“This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware,” LayerX
Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior.
Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert.
Here’s how that false sense of security