Key TakeawaysVishing Tactic: Sophisticated voice-based social engineering attacks combined with real-time phishing kits to target employees and steal Okta SSO credentials.MFA Bypass: Custom phishing platforms…

Key TakeawaysUK VPN consultation: Government launches review as Lords vote to ban VPNs for under-18s.House of Lords decision: Peers back VPN restrictions and social media…

Key TakeawaysSurfshark Android support update: Ends app updates for Android 5; Android 6+ devices remain fully supported.Reason for change: Older Android versions lack security patches,…

Key TakeawaysOpportunistic Threats: An increase in Venezuela-related domain registrations indicates that actors aim to exploit geopolitical uncertainty for financial fraud and PII harvesting.Operational Tactics: These…

Key TakeawaysUrgency Tactic: Attackers are impersonating LastPass in emails, falsely claiming imminent maintenance to pressure users into "backing up" their vaults within 24 hours.Credential Theft:…

Key TakeawaysIncident Type: The security event affecting Spanish retailer PcComponentes was a credential stuffing attack, not a direct breach of the company's internal systems.Data Source:…

Key TakeawaysMobile Impersonation: Greek authorities have dismantled a criminal operation that used a fake mobile base station hidden in a car to send mass phishing…

Key TakeawaysGrowing Gap: Almost 70% of organizations cite tool sprawl and visibility gaps impeding cloud security, widening the disconnect between cloud velocity and security capabilities.Confidence…

Key TakeawaysDeceptive Tactics: Mobile-optimized phishing sites impersonate PNB MetLife to steal policyholder data and facilitate fraudulent transactions.Data Exfiltration: The malicious pages use Telegram bots to…

Key TakeawaysSupply Chain Vulnerability: Reports indicate a critical escalation in cyber risks targeting the wholesale and retail sectors through third-party vendors.Ransomware Persistence: Ransomware remains a…

Key TakeawaysTargeted Campaign: A cyber campaign, dubbed Operation Nomad Leopard, is actively targeting Afghan government employees with spear-phishing emails.Deceptive Lures: Decoy documents disguised as official…

Key TakeawaysVulnerability Identified: A misconfigured GraphQL endpoint on the UStrive mentorship platform allowed authenticated users to access the private data of other users.Scope of Exposure:…

Key TakeawaysTargeted Attack: The Evelyn Stealer campaign specifically targets software developers by distributing malware through malicious Visual Studio Code (VSC) extensions.Multi-Stage Payload: The attack utilizes…

Key TakeawaysMassive Exposure: A data breach involving the French Pass'Sport program has exposed approximately 6.4 million email addresses and sensitive personal information.Source Confirmation: While initially…

Key TakeawaysPrompt Injection Flaw: A significant vulnerability was discovered in Google Gemini that enabled prompt injection attacks via malicious Google Calendar invites.Data Exposure Risk: The…

Key TakeawaysCommunications Disrupted: Protests that began in Tehran in late December escalated into a nationwide crisis affecting Iran’s communications infrastructure.State Response: Authorities responded with widespread…

Key TakeawaysBroadcast Interruption: Several Iranian state television channels carried on the Badr satellite were hacked on Sunday.Protest Content Aired: The unauthorized broadcast replaced state programming…

Key TakeawaysSurfshark post-quantum protection: Launched on WireGuard to protect user data from future quantum computing threats.Future-ready VPN security: Uses quantum-resistant algorithms to strengthen encryption beyond…

Key TakeawaysRemote Access Dominance: Remote access compromise has emerged as the leading entry point for ransomware, exploiting stolen VPN credentials and OAuth tokens.Human-Targeted Tactics: Phishing…

Key TakeawaysNew Details: The individual who pleaded guilty to hacking into the U.S. Supreme Court's electronic filing system and other federal agencies leaked data on…