Google has issued an emergency security update for Chrome to resolve a zero-day vulnerability actively exploited in the wild. This latest release brings the total number of such flaws patched in 2025 to four. Google patches fourth Chrome zero-day this year amid growing concerns over browser-based attacks. The company moved quickly to roll out the […]
Europol dismantled a major cryptocurrency fraud ring that stole €460 million ($540 million) from more than 5,000 victims worldwide. The international crackdown, known as Operation Borrelli, was led by Spain’s Guardia Civil with support from law enforcement agencies in Estonia, France, and the United States. Europol busts €460 million crypto scam networks like this as […]
A critical security flaw in Django applications allows attackers to achieve remote code execution by chaining directory traversal with a CSV parsing weakness. The Django CSV flaw lets hackers exploit file upload endpoints that use the pandas library, enabling them to overwrite server files and run arbitrary Python code. The vulnerability was publicly disclosed on […]
Qantas has disclosed a significant data breach that compromised the personal information of nearly six million frequent flyer members. Qantas says data theft occurred after unauthorized access to a third-party platform used to manage its loyalty program. The airline confirmed that sensitive details, including names, dates of birth, and travel details, were among the data […]
North Korean hackers expand their remote IT worker scam beyond U.S. companies, according to cybersecurity researchers tracking recent activity. Previously, these threat actors focused on applying for outsourced IT support roles at American firms, often gaining access through falsified identities and credentials. Now, security experts report that the campaign has widened to include businesses operating […]
A new DragonForce variant linked to the emerging DEVMAN threat actor has raised concerns among cybersecurity analysts due to unusual behavior in its code. Researchers discovered that the ransomware sample encrypts its own ransom note, a rare trait that complicates both analysis and victim response. The anomaly suggests a possible attempt to evade detection or […]
AT&T unveils Wireless Lock, a new feature designed to shield customers from SIM swapping attacks by blocking unauthorized changes to account information and number porting. The safeguard aims to prevent criminals from taking control of a user’s phone number to access sensitive data, including banking and authentication codes. Once activated, Wireless Lock restricts any modifications […]
Johnson Controls reveals victims of a 2023 ransomware attack as it begins notifying individuals impacted by the breach. The multinational manufacturer of automation systems confirmed the incident but has not disclosed what type of data was compromised. The breach, which occurred last year, follows a growing trend of cyberattacks targeting industrial and infrastructure firms. The […]
Cloudflare has introduced a new feature that lets website owners control access to their data by artificial intelligence systems. The company announced Tuesday that Cloudflare lets sites charge or block web crawlers used by AI companies to scrape online content. This move targets the growing demand for publicly available data to train large language models, […]
The U.S. Treasury Department on Monday imposed sanctions on the Russia-based Aeza Group, accusing the company of providing infrastructure for cybercriminal operations. The move, part of a broader effort to disrupt global cybercrime networks, comes as US sanctions Aeza Hosting for allegedly supporting ransomware and infostealer campaigns. Authorities say Aeza Group offered “bulletproof hosting” services […]
Kelly & Associates Insurance Group, operating as Kelly Benefits, has disclosed a data breach that compromised the personal information of approximately 550,000 individuals. The Kelly Benefits data breach, which occurred earlier in 2024, has prompted the company to begin notifying affected customers about the exposure of their sensitive data. The company has not specified the […]
A newly identified vulnerability in popular integrated development environments, including Visual Studio Code, has exposed a significant security gap in how these platforms verify third-party extensions. Researchers found that flawed verification mechanisms allow malicious publishers to bypass trusted status checks and embed harmful code in what appear to be legitimate extensions. The flaw affects several […]