Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials

2025-03-25 • SpyCloud • James • win.ghostsocks Open article on Malpedia

A new cybercrime platform named 'Atlantis AIO' provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. [...]

A newly discovered malware campaign uses malicious npm packages to deploy reverse shells, compromising development environments

Keep your logins locked down with our favorite password management apps for PC, Mac, Android, iPhone, and web browsers.

Kaspersky attributed the hacks to an espionage campaign targeting journalists and employees at educational institutions.

Rising Cyber Threats in Healthcare – Discover the latest cybersecurity risks targeting healthcare organizations, from ransomware to third-party threats. Key Findings from the 2025 Trustwave Risk...

Posted by Christiaan Brand, Group Product ManagerWe’re excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe...

Heads-up for Kubernetes admins! A batch of five critical vulnerabilities called “IngressNightmare” (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974) affecting...

The Office of the Director of National Intelligence (ODNI) identified in its 2025 Annual Threat Assessment of the... The post ODNI 2025 Threat Assessment notes threats from Russia, China, Iran,...

RMC Global, a provider of risk management and industrial cybersecurity solutions for critical infrastructure and critical missions, announced... The post RMC Global acquires Shearer and...

Online networks of teenage boys “dedicated to inflicting harm and committing a range of criminality” are among the most significant concerns for British law enforcement, officials announced this week.

Claude could be getting a ChatGPT-like Deep Research feature called Compass. You can tell Claude's Compass what you need, and the AI agent will take care of everything. [...]

Incorrect Authorization vulnerability (CVE-2025-1542) has been found in Infonet Projekt SA OXARI ServiceDesk software.

Standards body ETSI has defined a scheme for key encapsulation mechanisms with access control (KEMAC), enabling quantum-secure encryption

230M stolen passwords met complexity requirements—and were still compromised. Passwords aren't going away for now, but there are new technologies that may increasingly replace them. Learn more...

Commonly called the 'soap opera effect,' motion smoothing works well for gaming and live sports but can be distracting elsewhere. Here's how to disable it.

Veer Chetal, known online as "Wiz" and one of the key suspects in the massive $243 million cryptocurrency heist, has been apprehended by U.S. Marshals.

Microsoft has fixed a known issue causing some USB printers to start printing random text after installing Windows updates released since late January 2025. [...]

EU security agency ENISA has released a new report outlining the threats and potential mitigations for the space sector

An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued an out-of-band security update for iOS: Around the same time on...

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting...

Investigation under way after around 9,000 documents – including sensitive affidavits – exposedFollow our Australia news live blog for latest updatesGet our breaking news email, free app or daily...

A threat actor named 'RedCurl,' known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. [...]

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability...

The U.K. National Cyber Security Centre (NCSC) has introduced a comprehensive set of eight principles for privileged access... The post UK NCSC introduces eight principles to enhance cyber...

Ontinue identifies that ransomware attacks rose 132 percent, despite a 35 percent drop in payments, signaling a shift... The post Ontinue reports 132% surge in ransomware attacks, with AiTM and...

The UK government’s new fraud minister will today announce plans for a newly expanded fraud strategy

Google has rolled out a new security update for Chrome users, following the discovery of a vulnerability, CVE-2025-2783, affecting the Windows version of the browser. The update was made available...

The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability — and that AI developer services are plagued by risky permissions...