A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page. [...]

New Android malware campaigns use Microsoft's cross-platform framework.NET MAUI while disguising as legitimate services to evade detection. [...]

A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. [...]

Ukrzaliznytsia, Ukraine's national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website. [...]

A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. [...]

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. [...]

Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. [...]

A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. [...]

Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware. [...]

Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review process. [...]

The UK's National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035. [...]

Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. [...]

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. [...]

A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. [...]

Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces. [...]

A newly discovered information-stealing malware called Arcane is stealing extensive user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. [...]

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. [...]

Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. [...]

Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time. [...]

OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. [...]

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. [...]

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. [...]

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. [...]

Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free. [...]

The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs. [...]