The U.S. National Nuclear Security Administration (NNSA), the agency responsible for maintaining and designing the nation’s nuclear weapons, was among the organizations affected by a recent cyberattack exploiting a vulnerability in Microsoft’s SharePoint document management software. The breach was reported on July 22, 2025, citing anonymous sources familiar with the matter. While the NNSA has […]
Security experts have uncovered a new wave of malware targeting Apple Mac users, delivered through a clever trick involving fake CAPTCHA pop-ups. When someone visits a compromised website, they’re greeted with a seemingly harmless “I’m not a robot” checkbox. But clicking it secretly copies a dangerous command into their clipboard and prompts them to open […]
Google has recently identified a dangerous security flaw in its Chrome browser that hackers are actively using to attack unsuspecting users. This type of flaw is known as a “zero-day vulnerability,” meaning it was discovered by bad actors before the company had a chance to fix it. The specific weakness lies in Chrome’s Visuals component, […]
On July 22, 2025, the U.S. government issued an urgent warning after discovering that foreign hackers had found a way to break into Microsoft SharePoint, a popular tool used by many businesses and government agencies to share documents and collaborate online. The Cybersecurity and Infrastructure Security Agency (CISA), which helps protect the country from cyberattacks, […]
Cybersecurity experts have uncovered a sprawling scam operation involving more than 17,000 fabricated news websites, operating across some 50 countries. This criminal network—referred to as “BaitTrap”—specializes in luring unsuspecting individuals into investment fraud schemes, cleverly disguised behind the façade of legitimate news outlets like CNN, BBC, and CNBC. The scam begins with professional-looking fake news […]
Hackers have stepped up a new phishing method that uses malicious PDF attachments to impersonate well-known companies like Microsoft and DocuSign. These fake PDFs encourage recipients to call phone numbers controlled by the attackers, pretending to be customer support representatives. This technique, called callback phishing or Telephone-Oriented Attack Delivery (TOAD), is becoming increasingly common. During […]
Cybercriminals are using fake identities and websites to trick people in the cryptocurrency community into downloading harmful software. Disguising themselves as legitimate AI, gaming, and Web3 companies, these attackers have created an elaborate scam that targets both Windows and macOS users. Their goal is to steal valuable data and drain digital wallets. The operation begins […]
AMD has issued a warning about a newly discovered class of microarchitectural vulnerabilities, dubbed Transient Scheduler Attacks (TSA), that affect a broad range of its processors, including desktop, mobile, and server chips. These flaws arise from speculative scheduling behavior within the CPU, where timing differences during instruction execution can allow attackers to infer sensitive data […]
Taiwan’s National Security Bureau (NSB) has issued a warning regarding several popular Chinese-developed mobile applications, including RedNote (Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud. The NSB’s advisory highlights concerns over excessive data collection and the transmission of personal information to servers located in China, raising significant privacy and security issues for users. Following a comprehensive […]
A sophisticated cyberattack campaign is targeting Microsoft Exchange servers by quietly injecting malicious code into their login pages. By modifying the Outlook Web Access (OWA) interface, attackers can secretly log every keystroke users enter—including usernames and passwords—as they attempt to sign in. This method doesn’t rely on phishing emails or fake websites. Instead, it manipulates […]