A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. [...]
A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor. [...]
Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty Extended Threat …
An employee of the adult site could be responsible. Analytics vendor Mixpanel says it is not the source of data stolen from Pornhub and says the info was last accessed by an employee of the adult site.... [...]
More than 8 million people have installed extensions that eavesdrop on chatbot interactions Ad blockers and VPNs are supposed to protect your privacy, but four popular browser extensions have been doing just the opposite. According to research from Koi Security, these pernicious plug-ins have been harvesting the text of …
The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers' cloud infrastructure. [...]
All I want for Christmas... is all of your data A new, modular infostealer called SantaStealer, advertised on Telegram with a basic tier priced at $175 per month, promises to make criminals' Christmas dreams come true. It boasts that it can run "fully undetected" even on systems with the …
The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users' data by secretly recording what they watch using Automated Content Recognition (ACR) technology. [...]
Your security program is robust. Your audits are clean. But are you ready for a real-world attack? A tenacious human adversary can create a critical blind spot for security leaders: A program can be compliant, but not resilient. Bridging this gap requires more than just going through the red-teaming …
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. [...]
Petróleos de Venezuela (PDVSA), Venezuela's state-owned oil company, was hit by a cyberattack over the weekend that disrupted its export operations. [...]
Ransomware groups are targeting hypervisors to maximize impact, allowing a single breach to encrypt dozens of virtual machines at once. Drawing on real-world incident data, Huntress explains how attackers exploit visibility gaps at the hypervisor layer and outlines steps orgs can take to harden virtualization infrastructure. [...]
Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired or dormant domain names, or common misspellings of popular websites — are now configured to redirect …
Adult site, streaming platform, and Japanese retailer expose user info, but not credentials Three very different companies have now confirmed data breaches affecting millions of users – each insisting the damage stopped well short of passwords and payment details.... [...]
New report: “ The Party’s AI: How China’s New AI Systems are Reshaping Human Rights.” From a summary article : China is already the world’s largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed in China are also not likely to simply stay there …
New spy boss says officers must master code alongside tradecraft as agency navigates 'space between peace and war' New MI6 chief Blaise Metreweli outlined her vision for technology-augmented intelligence gathering in her first public speech on December 15, warning that the UK operates "in a space between peace and …
European law enforcement authorities dismantled a fraud network operating call centers in Ukraine that scammed victims across Europe out of more than 10 million euros. [...]
While on Project Zero, we aim for our research to be leading-edge, our blog design was... not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of …
Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post (about escaping from the VM to the VirtualBox host userspace process with CVE-2017-3558 ), but I never got around to writing the …
This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFO issue #13 as well as in the second volume of the printed version. In honor of our new blog we’re republishing it on …
PwC supports clients across the full cyber lifecycle Sponsored Post Managing cybersecurity risk has never been simple, but in today's threat landscape it can also become a source of strength. PwC believes that AI is now central to that transformation, helping organizations not just react faster to attacks, but …
Bum note for 20 percent of users whose data leaked Music hosting and streaming service SoundCloud has admitted it suffered a cyberattack.... [...]
Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database containing user information. [...]
'Sustained focus on Western critical infrastructure' Russia's Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin's snoops persistent access to sensitive networks, according to Amazon's security boss.... [...]
Google is discontinuing its "dark web report" security tool, stating that it wants to focus on other tools it believes are more helpful. [...]
Japanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. [...]
A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. [...]
Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. [...]
Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in …
AWS incident response operates around the clock to protect our customers, the AWS Cloud, and the AWS global infrastructure. Through that work, we learn from a variety of issues and spot unique trends. Over the past few months, high-profile software supply chain threat campaigns involving third party software repositories …
As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a tactical pivot where what appear to be misconfigured customer network edge devices became the primary initial access vector, while vulnerability exploitation activity declined …
Users accessing the SoundCloud audio streaming platform through a virtual private network (VPN) connection are denied access to the service and see a 403 'forbidden' error. [...]
Who hasn't exploited this max-severity flaw? At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking React2Shell, a maximum-severity flaw in the widely used React JavaScript library, according to Google.... [...]
700Credit, a U.S.-based financial services and fintech company, will start notifying more than 5.8 million people that their personal information has been exposed in a data breach incident. [...]
Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing trends and what security teams must know as identity-based attacks continue to evolve in 2026. [...]
Watchdog links schedule change to replanning of UK payments system overhaul The European Central Bank's (ECB) decision to delay its move to a new messaging standard in 2022 ended up costing the Bank of England £23 million as it was forced to adjust migration to a new settlement system …
Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. [...]
Automaker admits raid that crippled its factories in August led to the theft of sensitive info Jaguar Land Rover (JLR) has reportedly told staff the cyber raid that crippled its operations in August didn't just bring production to a screeching halt – it also walked off with the personal payroll …
Cast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill. Amidst the many seismic provisions, Senator Ted Cruz dropped a ticking time bomb of tech policy: a ten-year moratorium on the ability of states to regulate artificial intelligence …
The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers. [...]
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse Apple and Google have both issued emergency patches after zero-day bugs were caught being actively exploited in what the companies describe as "sophisticated" real-world attacks.... [...]
Minister insists 'modest' bill is not an assault on privacy-preserving tech The Danish government wants the public to weigh in on its proposed laws restricting use of VPNs to access certain corners of the internet.... [...]
I'm dreaming of a white hat mass Opinion It was 40 years ago that four young British hackers set about changing the law, although they didn't know it at the time. It was a cross-platform attack including a ZX Spectrum, a BBC Micro, and a Tatung Einstein slamming British …
PLUS: Drugs found in ink cartridges; Censorship fighters criticize Vultr; Coupang CEO resigns; And more! Asia In Brief A SpaceX executive has claimed that a Chinese satellite launch came within 200 meters of hitting a Starlink satellite.... [...]
PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA's top 25 vulns for 2025; And more Infosec In Brief The UK's National Cyber Security Centre (NCSC) has found that cyber-deception tactics such as honeypots and decoy accounts designed to fool attackers can be useful if implemented …
This is a current list of where and when I am scheduled to speak: I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, at 6:00 PM CT on February 5, 2026. Details to come. I’m speaking at Capricon 44 in Chicago …
An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. [...]
The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free. [...]
Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an "extremely sophisticated attack" targeting specific individuals. [...]
Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release …