A newly uncovered phishing campaign has seen Microsoft Teams hijacked by cybercriminals using the platform’s native guest-invite feature to deploy malicious content under the guise of trusted Microsoft services. Attackers create fake teams with alarming financial references and invite victims via legitimate Teams email addresses, bypassing standard security checks like SPF, DKIM, and DMARC. One […]
Microsoft released a critical security update after attackers exploited a zero-day vulnerability in its Office suite. The flaw, tracked as CVE-2026-21509, allows adversaries to bypass essential security defenses, prompting Microsoft to act swiftly. With this update, Microsoft patches Office against an actively used exploit that poses a real-world risk to users. Security researchers identified the […]
The European Commission has opened a formal inquiry as the EU probes X over its deployment of the Grok artificial intelligence tool, which has been linked to the production of sexually explicit images. Regulators are examining whether the company adequately assessed potential risks before releasing the AI system to users. According to officials, the investigation […]
OpenAI is rolling out promotional content directly within its ChatGPT platform, and investors are watching closely. The move highlights how OpenAI’s ChatGPT ads cost nearly three times more than Meta’s, despite relying on far less user data. The decision raises questions about targeting precision and value, as ChatGPT gathers minimal personal information compared to social […]
Europol warns that criminal organizations are rapidly changing their methods to smuggle cocaine into Europe through maritime routes, according to a report released Thursday. The analysis, titled “Diversification in Maritime Cocaine Trafficking Modi Operandi,” outlines how organised crime networks adapt their tactics to bypass detection and exploit weaknesses in port security across Europe. The report […]
A newly discovered cybercrime tool known as the “Stanley” toolkit fakes Chrome browser URLs and is being sold for $6,000 on Russian-speaking hacking forums. Researchers say the toolkit disguises phishing domains by manipulating how URLs appear in Google Chrome, making it difficult for users to detect fraudulent sites. The “Stanley” toolkit operates by exploiting Chrome’s […]
A newly disclosed server-side instagram flaw gave attackers the ability to access private posts and captions without authentication, security researcher Jatin Banga revealed this week. The issue exploited Instagram’s mobile web infrastructure using manipulated HTTP headers and bypassed standard privacy safeguards. By crafting a GET request with mobile user-agent headers, attackers triggered a JSON response […]
A recent phishing campaign, active from November 2025 to January 2026, has seen Vercel hosting abused to distribute a remote access tool under the guise of legitimate online services. Threat actors behind the operation crafted emails with financial lures like overdue invoices and shipping documents, prompting users to click embedded links. These links led to […]
ESET ties a DynoWiper attack on Poland’s power grid in December 2025 to Sandworm, a Russia-aligned advanced persistent threat group. Security researchers at the cybersecurity firm said the destructive malware targeted critical infrastructure, disrupting power systems in the region. ESET linked the activity to Sandworm based on malware forensics and operational tactics resembling past campaigns […]
MITRE unveils a new cybersecurity framework aimed at safeguarding embedded systems powering U.S. critical infrastructure and defense technology. Developed with the Air Force’s Cyber Resiliency Office for Weapon Systems, the Embedded Systems Threat Matrix (ESTM) bridges a gap in protecting mission-critical platforms from sophisticated cyber threats. ESTM equips researchers, vendors, and security professionals with actionable […]
A critical vulnerability in HPE Alletra and Nimble Storage platforms could allow remote attackers to gain full administrative access, exposing enterprise networks to serious risks. Known as CVE-2026-23594, the HPE Alletra Nimble flaw affects specific versions of Alletra 6000, 5000, and Nimble Storage Hybrid and All Flash systems. It enables privilege escalation over the network […]
Global sportswear giant Nike was hit by an alleged ransomware attack claimed by WorldLeaks, a cybercriminal group focused on data extortion. The group listed Nike on its darknet leak site on Jan. 22, threatening to release stolen data by Jan. 25, 2026, at 6 p.m. GMT. The post drew more than 400 views within hours. […]