Security researchers have discovered that hackers are taking advantage of a flaw in Microsoft Windows, identified as CVE-2025-29824, to secretly install malware on victims’ computers. The malware, called PipeMagic, has been linked to ransomware attacks known as RansomExx, which can lock people out of their files until a ransom is paid. The attackers tricked users […]
A new wave of Android malware is targeting banking customers, starting in Brazil, with a malicious app called PhantomCard. The app is disguised as a card protection tool and is promoted through fake Google Play pages that even include phony positive reviews to make it appear trustworthy. Once installed, the app asks users to place […]
Cybersecurity experts have uncovered a dangerous new prompt injection method known as PromptFix, designed to fool AI-powered browsers into executing malicious actions—without the user realizing it. By embedding hidden harmful instructions within a fake CAPTCHA on a webpage, PromptFix manipulates AI browsers like Perplexity’s Comet—tools intended to streamline tasks such as online shopping or email […]
In August 2025, the United Kingdom backed away from a controversial demand that Apple weaken its encryption to give government agencies access to protected user data. The request, made under the Investigatory Powers Act of 2016, called for Apple to build a hidden “backdoor” into iCloud. Such a move would have allowed authorities to bypass […]
Cybersecurity researchers have uncovered a dangerous scam where hackers are pretending to be well-known companies in order to steal people’s information and take over their Microsoft 365 accounts. These hackers are using fake apps that look like legitimate Microsoft apps, tricking users into giving them access to their accounts. The scam works by sending fake […]
Cybersecurity researchers have uncovered a widespread scam targeting TikTok Shop users worldwide. The campaign, which aims to steal personal credentials and distribute malicious apps, is using a combination of phishing and malware attacks. The campaign, named FraudOnTok, was detailed by CTM360, a cybersecurity company based in Bahrain. The attack targets users by creating fake versions […]
Microsoft has announced a serious security flaw in its on-premise Exchange Server that could let attackers gain unauthorized access to cloud systems without leaving obvious signs of their actions. The flaw, known as CVE-2025-53786, has a severity rating of 8.0 out of 10. It was reported by Dirk-jan Mollema from Outsider Security. In hybrid environments […]
SonicWall has announced that recent attacks targeting its firewalls, which protect networks and allow remote work through VPNs, are due to an old security flaw that has already been fixed. These attacks are not caused by a new, unknown vulnerability. The company explained that the attacks are related to a security issue called CVE-2024-40766, which […]
The U.S. National Nuclear Security Administration (NNSA), the agency responsible for maintaining and designing the nation’s nuclear weapons, was among the organizations affected by a recent cyberattack exploiting a vulnerability in Microsoft’s SharePoint document management software. The breach was reported on July 22, 2025, citing anonymous sources familiar with the matter. While the NNSA has […]
Security experts have uncovered a new wave of malware targeting Apple Mac users, delivered through a clever trick involving fake CAPTCHA pop-ups. When someone visits a compromised website, they’re greeted with a seemingly harmless “I’m not a robot” checkbox. But clicking it secretly copies a dangerous command into their clipboard and prompts them to open […]