Proofpoint Inc., a major player in the cybersecurity sector, has agreed to acquire Hornetsecurity, a European cloud security firm based in Germany, in a deal valued at more than $1 billion. The acquisition is expected to close later this year, pending regulatory approvals and customary closing conditions. Hornetsecurity specializes in safeguarding companies from cloud-based threats, […]
Law enforcement agencies from five European nations, with coordination from Europol and Eurojust, have dismantled a cross-border cybercrime operation responsible for defrauding over 100 victims through fraudulent investment schemes, according to Infosecurity Magazine. The transnational syndicate is accused of orchestrating sophisticated scams that generated illicit profits exceeding 3 million euros. Authorities say the group lured […]
A cyberattack attributed to a pro-Ukrainian hacking group has reportedly wiped out approximately one-third of the archived case files from Pravosudiye, Russia’s national electronic court filing system, according to auditors. The breach, previously disclosed, targeted the digital infrastructure that supports the country’s judiciary, disrupting access to legal documents and court records. The attackers claimed responsibility […]
OpenAI’s ChatGPT is preparing to integrate support for the Model Context Protocol (MCP), according to a newly surfaced leak. The protocol will enable the AI chatbot to connect with third-party services, allowing it to draw on external data sources as contextual input during interactions. This capability marks a significant expansion in how ChatGPT can operate, […]
A malicious package published to the Node Package Manager (NPM) repository has been found using Unicode-based steganography to conceal its true functionality, evading detection by traditional security tools. The package hides harmful code by embedding invisible Unicode characters within its script, a technique that obscures malicious instructions from both human reviewers and automated scanners. In […]
A Russian state-linked hacking group has exploited a zero-day vulnerability in MDaemon webmail software as part of a broader cyber espionage campaign targeting government email servers, according to new research from cybersecurity firm ESET. Dubbed Operation RoundPress, the activity began in 2023 and focused on exploiting cross-site scripting (XSS) flaws in multiple webmail platforms, including […]
Hackers linked to the Kremlin have targeted webmail servers used by government agencies across Eastern Europe, according to cybersecurity researchers. The group, identified as APT28, focused primarily on entities in Ukraine, Bulgaria and Romania. However, the campaign extended beyond the region, with government networks in Africa, South America and other parts of Europe also affected. […]
A widening cyberattack targeting Europe’s largest software maker has revealed hundreds of global victims, drawing comparisons to previous state-sponsored campaigns such as Salt Typhoon and Volt Typhoon. The assault, which exploited a zero-day vulnerability, has impacted organizations across multiple sectors, though specific industries and affected regions have not been disclosed. Security experts note the scale […]
Hackers earned a total of $260,000 in cash prizes on the first day of Pwn2Own Berlin 2025, a high-profile security competition that rewards researchers for identifying and exploiting software vulnerabilities. Participants demonstrated successful exploits targeting a range of platforms, including Red Hat, Microsoft Windows, Oracle VirtualBox, Docker Desktop, and artificial intelligence technologies. The competition, known […]
A recent Windows 10 update, labeled KB5058379, is triggering unexpected BitLocker recovery prompts on some devices following installation and a system reboot. The cumulative update, pushed as part of Microsoft’s regular release cycle, appears to inadvertently activate the recovery process for BitLocker, the operating system’s built-in encryption feature. Users who applied the update have reported […]
A newly discovered malicious package in the NPM ecosystem is leveraging Google Calendar as a covert communication channel, allowing attackers to evade traditional detection mechanisms. The malware uses the calendar service as a “middleman” to receive commands and exfiltrate data, masking its activity behind legitimate infrastructure. In addition to this novel approach, the package employs […]
Nova Scotia Power confirmed that hackers accessed and stole sensitive customer data in a cybersecurity breach discovered last month. The utility provider, which supplies electricity across the Canadian province, disclosed that the incident involved unauthorized access to its systems by threat actors who exfiltrated confidential customer information. The company did not specify the exact nature […]