Key Takeaways Malicious domain durge: Researchers identified over 1,700 suspicious and malicious domains registered between September and November 2025. Targeted keywords: Campaigns heavily leverage holiday-specific…
Key Takeaways Insider action: Cybersecurity firm CrowdStrike has terminated an employee who allegedly shared internal information with an external hacking group. Hacker group claims: Scattered…
Key Takeaways Vendor breach: Technology vendor SitusAMC, which serves the real estate lending industry, was hit by a cyberattack on November 12. Potential impact: JPMorgan…
Bill Overview: HB 4938 aims to restrict online sexual content but includes broad digital regulations. VPN Impact: Experts warn vague language could unintentionally limit VPN…
Key Notes Best balance of cost and quality: NordVPN is ideal for 2-year plans ($2.99/mo) with advanced security, global servers, and identity protection. Surfshark is…
Feature Rollout: X has started releasing a tool that warns when users appear to be on VPNs. Purpose: The feature aims to curb troll accounts…
This week brought a wide mix of cybersecurity developments, from new privacy rules and ransomware claims to outages, cyber espionage and regulatory reversals. Governments moved…
Key Takeaways Sentenced: A U.S. individual was sentenced to 10 years in federal prison for involvement with a CSAM forum. Offense details: He participated in…
Key Takeaways Sustained campaign: GTIG is tracking a three-year cyber espionage campaign conducted by APT24, a threat actor linked to the People's Republic of China…
Key Takeaways Breach claim: The Cl0p hacking group has asserted responsibility for breaching Japanese manufacturing giants Canon and Mazda. Attack vector: These cyberattacks are believed…
Key Takeaways Incident cause: Hackers exploited a third-party Salesforce integration via Gainsight-published applications, enabling unauthorized access to customer data. Attack vector: The incident was not…
Massive Malicious Extension Campaign: Attackers ran fake VPN/ad-block extensions with 9M installs, hijacking traffic and stealing browsing data. Advanced Stealth & Control Mechanisms: Extensions used…
Key Takeaways Vulnerability identified: The DeepSeek-R1 LLM is up to 50% more likely to produce insecure code when prompts contain certain politically sensitive trigger words.…
Key Takeaways New vulnerability: A recent Microsoft update places an active AI agent on the taskbar, creating a new, centralized point of failure for data…
Key Takeaways Operation scope: Almost 70 websites involved in digital piracy were identified, with an estimated combined traffic of over 11.8 million annual visitors. Cryptocurrency…
Key Takeaways International action: U.S., U.K, and Australia sanctioned Media Land LLC, a Russian bulletproof hosting provider, for its role in enabling global cybercrime. Entities…
Key Takeaways Automation lag: Over 70% of organizations lack automation for critical access governance processes like risk analysis and user provisioning. Insider threat reality: Nearly…
Key Takeaways Espionage alert: The UK's MI5 issued a warning about Chinese intelligence officers targeting UK parliamentary and government institutions. Method: Fake headhunters and online…
Key Takeaways New capabilities: The Sneaky2FA PhaaS toolkit has integrated BITB functionality to simulate legitimate authentication windows. Evasion techniques: The kit employs advanced evasion methods,…
Key Takeaways Incident timeline: A widespread Cloudflare service degradation began after 11 UTC, with most services restored by 14:40 UTC. Root cause: The cause remains…
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
