This week’s cybersecurity roundup brings a mix of arrests, warnings, and active threats. Intel chips face a newly discovered vulnerability affecting years of hardware. Dior is dealing with a customer data breach, and Nucor’s operations took a hit from an attack. Meanwhile, a messaging app flaw is being used in espionage campaigns across the Middle East. Here’s the full breakdown.(more…)
This week, attackers found a clever way to slip ransomware past SentinelOne’s defenses using its own update process. A serious Apache Parquet flaw just got easier to exploit thanks to a new public tool. The U.S. government is warning energy sector operators about ongoing cyber threats that use alarmingly basic tactics, and medical tech enterprise Masimo is dealing with production delays after a network breach. Plus, the Darcula phishing service is abusing iMessage and RCS. Full breakdowns below!
This week’s updates are packed with real-time threats and adversarial attacks. Nowadays, even Apple devices are open to silent attacks without users even tapping a button. A few software flaws are now confirmed to be under real attack, and there’s a fresh warning about ransomware-as-a-service being marketed with brand-friendly options. And if your developers forget to hide Git files, there’s a growing number of attackers ready to pounce. Here’s what happened recently and what details you should know of.
This week, we will explore how malware disguised as security tools is stealing credit card information and how hackers are initiating customer support scams. From supermarket delays to SIM data leaks, it’s been anything but quiet on the cyber front. We will also examine Microsoft’s internal misstep, which resulted in the locking out of thousands. Here’s what you need to know before you click, tap, or swipe again.
Tycoon2FA Bypasses Microsoft, European Espionage Campaign, ResolverRAT Global Threat – Cybersecurity News [April 14, 2025]
by DuoCircle
This week’s cybersecurity news roundup isn’t just another string of breaches and exploits but a blueprint of how far threat actors have come and how swiftly they are advancing and increasing their attack surface. From phishing kits outsmarting MFA to malware operating entirely in memory, attackers are sharpening their tools and aiming at high-value Sharks and industry giants, even preying upon global healthcare providers and diplomatic channels. Let’s dig into what happened and how we can leverage our defenses and stay safe online!
From crypto-mining malware hiding in Office tools to ransomware attacks shaking up ports and pension funds, this week’s cybersecurity bulletin has it all. Whether you use WhatsApp on Windows or manage your retirement savings online, these incidents are a reminder of how quickly threats evolve—and how easy it is to become a target.
Cyber threats are evolving, and this week has been no exception. From a dangerous CrushFTP vulnerability under active attack to a sophisticated phishing platform preying on mobile users, cyber criminals are refining their tactics. Hackers are also exploiting WordPress features to stay hidden, while a new Android malware is after crypto wallets. With attackers moving fast, staying informed is more critical than ever—here’s everything you need to know.
From hackers targeting Hyper-V servers to fake file converters spreading malware, there’s plenty to watch out for. There’s also news of Counter-Strike 2 players being tricked into handing over their Steam accounts, and a new ransomware strain is hitting multiple operating systems at once. Even npm packages aren’t safe, with attackers sneaking in backdoors through open-source libraries. Stay ahead of these risks with our latest cybersecurity bulletin—because knowing what’s out there is the first step to staying secure.
The internet never sleeps and halts, and neither do cyber threats and its malicious actors. This week, sneaky apps tricked millions, hackers pulled off a clever email scam, and a big ransomware attack hit critical systems. Meanwhile, Google is making a massive security move, and Telegram’s CEO is caught up in legal trouble. Here’s everything you need to know about the latest in cybersecurity!(more…)
This week’s bulletin highlights some serious incidents that could impact individuals and businesses alike. From hackers spreading malware through NPM packages to cryptocurrency-stealing schemes, cybercriminals are finding new ways to trick people and exploit vulnerabilities. You can stay informed, stay cautious, and take action to protect yourself from these threats with our detailed coverage.
Your wait is over as we’re back with cybersecurity’s latest this week! We’ll discuss about a data breach impacting policyholders of a significant insurance organization, a notorious malware spam host resurfacing under a new provider, a new scam targeting US executives using deceptive postal mail; experts recently uncovered a new botnet that is infecting thousands and a concerning discovery of sensitive API keys within AI training datasets. Let’s not wait further and dive in!
State-sponsored hacktivism is on the rise. Script kiddies use pre-existing scripts while others employ highly sophisticated tactics using diverse tools and resources. Attackers are scouring GitHub for sensitive information on GitHub and trying to steal critical information from repositories. Security breaches happen when they gain unauthorized access to the source code. This week, we’re reviewing a series of the latest cybersecurity incidents by closely analyzing their attack trends and threat vectors. We’ll also discuss how a significant cryptocurrency exchange organization was the victim of a massive crypto attack and explore how the FatalRAT malware targeted organizations across APAC. Below is a summary of the latest findings.
Cybersecurity threats are rapidly evolving at an unprecedented rate, making cybersecurity more critical than ever. This week, we uncovered a new malware targeting macOS users through fake browser updates and a stealthy cyberattack exploiting Windows utilities to evade detection. We will also explore how hackers deploy payment skimmers using hidden image tags, as well as discover how the latest cyber espionage campaigns target big industries and international corporations. Lastly, we will cover the news highlighting recent data breaches affecting thousands of individuals and organizations across the globe.
Massive Cyber Attack, ClickFix Deploys RAT, Hacker Group Attacks – Cybersecurity News [February 10, 2025]
by DuoCircle
Cybercriminals nowadays are getting smarter and adapting social engineering and ransomware techniques to attack their targets. This week, we’re covering a series of critical attacks that smartly leveraged the use of BotNet, affecting around 2.8 million devices. Also, we will uncover how social engineering attacks were executed to run unintended malicious PowerShell commands.
Zip Flaw Exploited, Meta Confirms Spyware, ENGlobal Ransomware Outage – Cybersecurity News [February 03, 2025]
by DuoCircle
Cyber threats are becoming more sophisticated with each day passing by, attacking individuals and businesses unpredictably. This week’s security news covers news pieces directly curated from authentic sources. We will discuss how a new exploit in 7-Zip allowed attackers to bypass Windows security and how Meta identified a spyware attack on 90 journalists and activists.
DeepSeek AI Cyberattacks, Health Provider Breached, Telecom Data Impact – Cybersecurity News [January 27, 2025]
by DuoCircle
This week we are back with recent cybersecurity news pieces that highlight an exponential surge in cybersecurity threats proving to redefine the digital realm. Ranging from a leading AI platform limiting signups after a series of targeted cyberattacks, to a healthcare data breach that exposed millions of sensitive information.
This week, in our ongoing coverage of cybersecurity news, we take a closer look at recent cybersecurity news, threats, and innovative solutions impacting the virtual landscape. We tried covering everything ranging from coordinated cyberattacks on municipalities and banks to growing national security fears as we examined the vulnerabilities that threaten critical sectors. We’ll also cover why ransomware is such a growing threat to critical infrastructure and how co-opetition is becoming a major theme in cybersecurity. We will conclude with a highlight of the strategic alliance between Cognizant and CrowdStrike that enhances enterprise defense against emerging cyber threats.
Cybercriminals are enhancing their capabilities, as evidenced by the latest PhishPWP phishing threat. Similarly, this week’s cybersecurity bulletin highlights the latest ransomware attack on AWS servers, making recovery impossible without the attacker’s key. We also look at how cybercriminals use popular social media channels like Telegram. Zero-day attacks are the most dangerous of all, as they emerge from practically nowhere. This week’s news highlights one such attack on Fortinet FortiGate firewall users. Finally, we round off a reputed university shutting off classes, fearing a cyber-attack on its network.
Microsoft Alerts Millions, War Expands Globally, Salt Typhoon Surge – Cybersecurity News [January 06, 2025]
by DuoCircle
Ensuring proper cybersecurity is at the top of every organization’s agenda this year. That explains why Microsoft cautions its Windows 10 users and asks them to upgrade their PC’s OS before the 14 October 2025 deadline. However, even the most robust cybersecurity strategies might seem inadequate, especially as three more telecoms become victims of the Salt Typhoon.
The New Year is the time for resolutions. Individuals and organizations must focus on cybersecurity and resolve to take proactive steps to prevent cybercrime. Data breaches have become increasingly frequent. With people increasingly using smartphones to access the internet, securing these instruments should be paramount. In the face of rising cyber threats, ensuring robust email security on your devices, such as conducting security checks on Android and iPhones, is a vital step to safeguarding your personal and organizational data from breaches and attacks.