Cybersecurity experts have uncovered a sprawling scam operation involving more than 17,000 fabricated news websites, operating across some 50 countries. This criminal network—referred to as “BaitTrap”—specializes in luring unsuspecting individuals into investment fraud schemes, cleverly disguised behind the façade of legitimate news outlets like CNN, BBC, and CNBC. The scam begins with professional-looking fake news […]
Hackers have stepped up a new phishing method that uses malicious PDF attachments to impersonate well-known companies like Microsoft and DocuSign. These fake PDFs encourage recipients to call phone numbers controlled by the attackers, pretending to be customer support representatives. This technique, called callback phishing or Telephone-Oriented Attack Delivery (TOAD), is becoming increasingly common. During […]
Cybercriminals are using fake identities and websites to trick people in the cryptocurrency community into downloading harmful software. Disguising themselves as legitimate AI, gaming, and Web3 companies, these attackers have created an elaborate scam that targets both Windows and macOS users. Their goal is to steal valuable data and drain digital wallets. The operation begins […]
AMD has issued a warning about a newly discovered class of microarchitectural vulnerabilities, dubbed Transient Scheduler Attacks (TSA), that affect a broad range of its processors, including desktop, mobile, and server chips. These flaws arise from speculative scheduling behavior within the CPU, where timing differences during instruction execution can allow attackers to infer sensitive data […]
Taiwan’s National Security Bureau (NSB) has issued a warning regarding several popular Chinese-developed mobile applications, including RedNote (Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud. The NSB’s advisory highlights concerns over excessive data collection and the transmission of personal information to servers located in China, raising significant privacy and security issues for users. Following a comprehensive […]
A sophisticated cyberattack campaign is targeting Microsoft Exchange servers by quietly injecting malicious code into their login pages. By modifying the Outlook Web Access (OWA) interface, attackers can secretly log every keystroke users enter—including usernames and passwords—as they attempt to sign in. This method doesn’t rely on phishing emails or fake websites. Instead, it manipulates […]
A staggering 16 billion login credentials have been compiled and are now circulating online, representing one of the largest leaks of its kind. This isn’t the result of a single breach, but rather a massive collection of usernames and passwords stolen over the years through countless cyberattacks, phishing campaigns, and data dumps. The data spans […]
A team of cybersecurity researchers from AppOmni recently identified more than 20 configuration-related vulnerabilities in Salesforce Industry Cloud—Salesforce’s low-code platform for industries like healthcare, finance, and telecom. While these platforms streamline development, improper configurations can expose sensitive data and create serious security gaps The risks span key components such as FlexCards, Data Mappers, Integration Procedures […]
Adobe has released a new round of important security updates as part of its June Patch Tuesday. If you use programs like Acrobat, Adobe Commerce, InCopy, or Experience Manager, these updates are especially relevant. They fix a wide range of security issues, some of which could allow hackers to run malicious code, crash your system, […]
Between mid-2024 and early 2025, a China-linked cyber espionage group carried out a widespread campaign targeting more than 70 organizations across diverse industries, including manufacturing, finance, telecommunications, research, government, energy, food and agriculture, healthcare, and engineering. The intrusions involved a sequence of related operations beginning in July 2024 and continuing through March 2025. Initial reconnaissance […]