New ClickFix Attack Uses Node.js Malware via Tor to Steal Crypto
Netskope Threat Labs report a new ClickFix attack using fake CAPTCHAs to deploy Tor-backed NodeJS malware and drain crypto wallets on Windows.
U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs
U.S. agencies warn Iran-linked threat actors are targeting internet-exposed PLCs used in critical infrastructure networks. U.S. agencies, including the FBI and CISA, warn that Iran-linked hackers are targeting internet-exposed Rockwell/Allen-Bradley PLCs used in critical infrastructure. The agencies published a joint advisory involving multiple federal organizations. “Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity […]
Men Are Buying Hacking Tools to Use Against Their Wives and Friends
In Telegram groups, men are sharing thousands of nonconsensual images of women and girls, buying spyware, and engaging in doxing and sexual abuse.
Trump Declares Genocide Plan for Iran
“A whole civilization will die tonight, never to be brought back again” is Trump’s statement of intent. Under the 1948 Genocide Convention, genocide means acts committed with intent to destroy, in whole or in part, a national, ethnica…
Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution
Attackers are exploiting a critical Flowise flaw, tracked as CVE-2025-59528 (CVSS score of 10), that lets them run malicious code and access systems due to poor validation of user-supplied JavaScript. Attackers are actively exploiting a critical vulnerability in Flowise, tracked as CVE-2025-59528, that allows remote code execution and file system access. The flaw stems from improper validation […]
Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure
As Trump threatens Iranian infrastructure, the US government warns that Iran has carried out its own digital attacks against US critical infrastructure.
Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything
The AI lab’s Project Glasswing will bring together Apple, Google, and more than 45 other organizations. They’ll use the new Claude Mythos Preview model to test advancing AI cybersecurity capabilities.
Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware
REF1695 hackers spread Monero mining malware via fake non-profit installers, using stealth tactics to evade detection and hijack systems for profit.
GrafanaGhost Vulnerability Allows Silent Data Theft via AI Injection
GrafanaGhost is a critical vulnerability in Grafana’s AI components that uses indirect prompt injection and protocol-relative URL bypasses to exfiltrate data.
Major outage cripples Russian banking apps and metro payments nationwide
A major outage hit Russian banking apps and payments, blocking card use, cash withdrawals, and mobile access for hours. A widespread outage disrupted banking apps and payment systems across Russia, leaving customers unable to pay by card, withdraw cash, or access mobile banking for hours. According to The Record Media, the incident affected major banks, […]