Cyber News & Articles

Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data.
“Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack,” Positive Technologies security researcher

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems.
The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum.
“macOS users are served a

Over Easter, retail giant Marks & Spencer (M&S) discovered that it had suffered a highly damaging ransomware attack that left some shop shelves empty, shut down online ordering, some staff unable to clock in and out, and caused some of its major suppliers to resort to pen and paper.

In a gloating abuse-filled email to M&S CEO Stuart Machin, the DragonForce hacker group claimed responsibility for the attack.

Read more in my article on the Hot for Security blog.

When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in

India’s Central Bureau of Investigation (CBI) has revealed that it has arrested four individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens.
The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of

How would you like to earn yourself millions of dollars?

Well, it may just be possible – if you have information which could help expose the identities of cybercriminals involved with the notorious RedLine information-stealing malware.

Read more in my article on the Tripwire State of Security blog.

Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attacker’s mindset.
This is where AEV comes in.
AEV (Adversarial Exposure Validation) is an advanced

A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos.
“The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of America’s largest Internet service providers (ISPs).

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.

“Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response