Dec 19, 2025Ravie LakshmananCybersecurity / Cloud Security A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims’ Microsoft 365 credentials and conduct account takeover attacks.…
Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known as CountLoader. The campaign…
Every year, TechCrunch looks back at the cybersecurity horror shows of the past 12 months — from the biggest data breaches to hacks resulting in weeks of disruption — to see what we can learn.…
Dec 19, 2025Ravie LakshmananVulnerability / Network Security WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3),…
Dec 19, 2025Ravie LakshmananCybercrime / Law Enforcement Authorities in Nigeria have announced the arrest of three “high-profile internet fraud suspects” who are alleged to have been involved in phishing attacks targeting major corporations, including the…
Dec 19, 2025Ravie LakshmananFirmware Security / Vulnerability Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access (DMA)…
Dec 18, 2025Ravie LakshmananMalware / Cloud Security A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal…
DXS International, a U.K.-based company that provides healthcare tech for England’s National Health Service (NHS), disclosed a cyberattack in a statement on Thursday. In a filing with the London Stock Exchange, the company said it…
Dec 18, 2025Ravie LakshmananVulnerability / Enterprise Security Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the…
Dec 18, 2025Ravie LakshmananCybersecurity / Hacking News This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each…