While credential abuse is a primary initial access vector, identity compromise plays a key role in most stages of a cyber attack. Here’s what you need to know — and how Tenable can help.Identity...

2025-05-20 • Europol • Europol • win.lumma Open article on Malpedia

2025-05-21 • Microsoft • Steven Masada • win.lumma Open article on Malpedia

2025-05-20 • European Council • Council of the European Union Open article on Malpedia

2025-05-21 • Bleeping Computer • Bill Toulas Open article on Malpedia

Google’s quiet rollout of its AI-powered Gemini chatbot to children under the age of 13 has sparked intense debate or I should say backlash, from privacy and child advocacy groups. Critics argue...

A new report from Forescout Technologies highlights a troubling surge in the frequency and impact of data breaches,... The post Healthcare sector bears brunt of 2024 data breaches driven by...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning of... The post Active LummaC2 malware campaigns targeting US critical...

NSA, NCSC and allies warn Western tech and logistics firms of Russian APT28 cyber-espionage threat

The Federal Trade Commission (FTC) has finalized an order requiring web hosting giant GoDaddy to secure its services to settle charges of data security failures that led to several data breaches...

UK businesses should start to plan for required changes to their cybersecurity programs ahead of the Cyber Security and Resilience Bill

Signal said today that it is updating its Windows app to prevent the system from capturing screenshots, thereby protecting the content that is on display. The company said that this new “screen...

Cary, North Carolina, 22nd May 2025, CyberNewsWire

A flaw has been discovered in OpenPGP.js, a widely used JavaScript library for OpenPGP encryption. Tracked as CVE-2025-47934, the vulnerability allows threat actors to spoof both signed and...

​Signal has updated its Windows app to protect users' privacy by blocking Microsoft's AI-powered Recall feature from taking screenshots of their conversations. [...]

The U.S. Department of Justice (DOJ) announced that it had obtained and acted on the two court-approved warrants authorizing the seizure of five internet domains linked to a global malware...

Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. [...]

Russia-aligned TAG-110 shifts to .dotm phishing lures in a 2025 campaign against Tajikistan’s public sector, advancing cyber-espionage in Central Asia.

Microsoft disrupts Lumma Stealer network, seizing 2,000 domains linked to 394,000 infections in global cybercrime crackdown with law enforcement partners.

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be...

Cellcom CEO Brighid Riordan said the company has been dealing with a “cyber incident” but they “simply don’t have a lot of facts.”

Threat actor 'ByteBreaker' claims to sell 1.2B Facebook records scraped via API abuse, but inconsistencies in data size and identity raise doubts.

Cover Your Tracks opened my eyes... and made me switch browsers ASAP.

Hanan Elatr Khashoggi has alleged that the spyware vendor played a role in the death of her husband. The post Appeals court rejects attempt by Khashoggi widow to renew suit against NSO Group...

Cybercriminals used the prolific malware to target individuals and businesses, including Fortune 500 companies, according to the FBI. The post Lumma infostealer infected about 10 million systems...

Cybercriminals used the prolific malware to target individuals and businesses, including Fortune 500 companies, according to the FBI. The post Lumma infostealer infected about 10 million systems...

On aggregate, the global ransomware industry accrued hundreds of millions of dollars in various cryptocurrencies in 2024 alone. But the story of that money doesn’t stop there.

Even after its refurbishing, Recall provides few ways to exclude specific apps.

Modern cloud ecosystems often place a single identity provider in charge of handling logins and tokens for a wide range of customers.

As the crypto market continues to mature, investors are looking for sophisticated financial instruments that allow them to…