Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign
A SecAlliance report reveals Chinese smishing syndicates compromised 115M US payment cards by bypassing MFA to exploit Apple Pay and Google Wallet.
Cyber Attack
Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT
North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new Python-based remote access trojan (RAT) dubbed PyLangGhost. This malware rep…
Threat Actors Use GenAI to Launch Phishing Attacks Mimicking Government Websites
Threat actors are increasingly leveraging generative AI (GenAI) tools to craft highly convincing phishing websites that impersonate legitimate government portals. As highlighted by Zscaler ThreatLabz in their recent reports and blogs, the dual nature o…
CAPTCHAgeddon: Fake CAPTCHA Used in New ClickFix Attack to Deploy Malware Payload
ClickFix, which began as a red-team simulation tool in September 2024, has quickly developed into a widespread malware delivery system that outcompetes its predecessors, such as the ClearFake phony browser update fraud. Initially demonstrated by securi…
KLM Confirms Customer Data Breach Linked to Third-Party System
KLM confirms a data breach exposing customer info via a third-party system, affecting names, contact details and Flying Blue membership data.
Pandora Jewellery Hit by Cyberattack, Customer Data Compromised
Pandora, the world-renowned Danish jewelry retailer, recently suffered a major cybersecurity incident involving unauthorized access to customer information through a third-party vendor platform. The company confirmed the cyberattack was promptly identi…
Akira Ransomware Hits SonicWall VPNs, Deploys Drivers to Bypass Security
GuidePoint Security uncovers a new Akira ransomware tactic targeting SonicWall VPNs. The group’s use of drivers to disable defenses is a significant threat to businesses.
Over 10,000 Malicious TikTok Shop Domains Target Users with Malware and Credential Theft
Cybersecurity firm CTM360 has uncovered an ongoing malicious operation dubbed “ClickTok,” specifically targeting TikTok Shop users worldwide through a dual-pronged strategy of phishing and malware deployment. This campaign leverages decepti…
Surge in Cyber Attacks Targeting AI Infrastructure as Critical Vulnerabilities Emerge
Security researchers discovered 28 distinct zero-day vulnerabilities, seven of which were expressly directed at artificial intelligence infrastructure, in a startling discovery made during the 2025 Pwn2Own Berlin event, which was organized by Trend Mic…
Pandora Cyber Attack Exposes Customer Data Via Third-Party Vendor
Pandora cyber attack exposes customer data via third-party breach. No passwords or payment info leaked, but phishing risks remain.