2025-06-18 • PRODAFT • PRODAFT • apk.antidot Open article on Malpedia

2025-06-19 • cocomelonc • cocomelonc Open article on Malpedia

A prominent expert on Russian information operations was targeted by a sophisticated spear phishing attack likely coming from Russian hackers

2025-06-18 • Cisco Talos • Vanja Svajcer • py.pylangghost Open article on Malpedia

The U.K.’s thriving £13.2 billion (about US$17.7 billion) cybersecurity sector is set to expand further under the government’s... The post UK Cyber Growth Action Plan set to invest £16 million to...

Cyber-physical systems (CPS) protection company Claroty announced this week new investments in the U.S. public sector to enhance... The post Claroty expands public sector offerings to protect...

Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns. "Operated by the financially...

Banana Squad hid data-stealing malware in fake GitHub repos posing as Python tools, tricking users and targeting sensitive info like browser and wallet data.

The U.S. Department of Justice has filed a civil forfeiture complaint to seize more than $225.3 million in cryptocurrency that the government alleges was obtained through crypto scams. The DoJ...

News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials...

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them...

DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces...

A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. [...]

A civil forfeiture complaint was filed in U.S. District Court for the District of Columbia this week, where investigators from the FBI and U.S. Secret Service said they used blockchain analysis to...

Banana Squad exploited GitHub to distribute malicious Python code disguised as legitimate tools

Cybercriminals are injecting fake support phone numbers onto official sites like Bank of America and Netflix. Learn how 'search parameter injection' scams work and protect yourself now.

June has been a challenging month for cybersecurity teams, with a wave of high-impact vulnerabilities disrupting the threat landscape. After the disclosure of a newly patched XSS zero-day in...

Most cyberattacks today don’t start with loud alarms or broken firewalls. They start quietly—inside tools and websites your business already trusts. It’s called “Living Off Trusted Sites”...

Python RAT PylangGhost, linked to Famous Chollima, targeted crypto professionals via fake job sites

Doughnut maker Krispy Kreme has revealed that sensitive financial and personal data of over 160,000 individuals has been impacted following a November 2024 cyber incident

A practical roadmap to early wins, long-term value and stakeholder buy-in

If you've ever forgotten your Facebook password, you know how difficult it can be to regain access to your account. That struggle may soon be a thing of the past.

A 33-year-old man arrested in Ukraine will face charges in the U.S. of working for the Ryuk cybercrime operation, known for high-profile targets and large ransom demands.

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social...

We read NIST’s new guidance on “Implementing a Zero-Trust Architecture” so that you don’t have to. Read this to get the key points on the newly-released NIST Special Publication 1800-35.

Banking giant UBS revealed it had suffered a data breach following a cyber-attack on procurement service provider Chain IQ

Cybercriminals no longer need zero-days to breach your systems—these days, they just log in. Join BleepingComputer, SC Media, and Specops Software's Darren Siegel on July 9 at 2:00 PM ET for a...

Charles M. Schmaltz, 28, of Pensacola, Florida, has pleaded guilty to cyberstalking and sending obscene materials to minor females. The announcement was made by John P. Heekin, United States...

Mocha Manakin, believed to have ties to Interlock ransomware operations, has been observed using the paste-and-run phishing technique for initial access since at least January 2025. Adversaries...

ChatGPT's next big upgrade, or the new foundational model "GPT-5," is still being prepared for a release in the summer, but OpenAI won't share the specifics. [...]