A sophisticated cyberattack campaign is targeting Microsoft Exchange servers by quietly injecting malicious code into their login pages. By modifying the Outlook Web Access (OWA) interface, attackers can secretly log every keystroke users enter—including usernames and passwords—as they attempt to sign in. This method doesn’t rely on phishing emails or fake websites. Instead, it manipulates […]
A staggering 16 billion login credentials have been compiled and are now circulating online, representing one of the largest leaks of its kind. This isn’t the result of a single breach, but rather a massive collection of usernames and passwords stolen over the years through countless cyberattacks, phishing campaigns, and data dumps. The data spans […]
A team of cybersecurity researchers from AppOmni recently identified more than 20 configuration-related vulnerabilities in Salesforce Industry Cloud—Salesforce’s low-code platform for industries like healthcare, finance, and telecom. While these platforms streamline development, improper configurations can expose sensitive data and create serious security gaps The risks span key components such as FlexCards, Data Mappers, Integration Procedures […]
Adobe has released a new round of important security updates as part of its June Patch Tuesday. If you use programs like Acrobat, Adobe Commerce, InCopy, or Experience Manager, these updates are especially relevant. They fix a wide range of security issues, some of which could allow hackers to run malicious code, crash your system, […]
Between mid-2024 and early 2025, a China-linked cyber espionage group carried out a widespread campaign targeting more than 70 organizations across diverse industries, including manufacturing, finance, telecommunications, research, government, energy, food and agriculture, healthcare, and engineering. The intrusions involved a sequence of related operations beginning in July 2024 and continuing through March 2025. Initial reconnaissance […]
In a coordinated international operation, the U.S. Department of Justice (DoJ) has seized four domains linked to cybercriminal services that helped threat actors evade detection by antivirus software. Announced on May 27, 2025, the operation—conducted in partnership with law enforcement agencies from the Netherlands, Finland, France, Germany, Denmark, Portugal, and Ukraine—targeted websites that provided crypting […]
OpenAI has recently banned several ChatGPT accounts associated with state-sponsored hacking groups from Russia and China. These accounts were reportedly used to assist in malware development, social media automation, and research related to U.S. satellite communications technologies. The Russian-linked actor utilized ChatGPT to refine Windows malware, debug code across multiple languages, and set up command-and-control […]
A major security problem has been found in a popular WordPress plugin called TI WooCommerce Wishlist, which is used by over 100,000 websites. This plugin helps online shoppers save their favorite products and share their wishlists on social media—but now it may be putting those sites in danger. Cybersecurity experts say that the plugin has […]
A recent malware campaign is targeting macOS users by using a social engineering trick called ClickFix. This method tricks users into downloading a variant of the Atomic macOS Stealer (AMOS), a type of malware designed to steal sensitive information. The attackers use fake websites that look like a well-known U.S.-based telecom provider to lure victims. […]
A significant security vulnerability has been discovered in a widely used cloud storage tool, potentially allowing unauthorized access to user files. The flaw centers on a file picker feature that, when used by third-party applications, may inadvertently grant access to the user’s entire cloud drive—even if access was intended for only a single file. The […]