The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. [...]

A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. [...]

Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. [...]

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet. [...]

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts. [...]

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. [...]

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. [...]

Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. [...]

Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product. [...]

American pharmaceutical company Inotiv has disclosed that some of its systems and data have been encrypted in a ransomware attack, impacting the company's business operations. [...]

A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. [...]

The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator's infrastructure. [...]

A 26-year old in the UK who claimed to have hacked thousands of websites was sentenced to 20 months in prison after pleading guilty earlier this year. [...]

A recent ruling from Germany's Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyright, raising fears about a potential ban of the tools in the country. [...]

The U.S. Department of Justice (DoJ) announced the seizure of over $2,800,000 in cryptocurrency from alleged ransomware operator Ianis Aleksandrovich Antropenko. [...]

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. [...]

UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online and Voice API platforms. [...]

Cisco is warning about a critical remote code execution (RCE) vulnerability in the RADIUS subsystem of its Secure Firewall Management Center (FMC) software. [...]

More than $300 million worth of cryptocurrency linked to cybercrime and fraud schemes has been frozen due to two separate initiatives involving law enforcement and private companies. [...]