A new FileFix-based social engineering campaign is actively delivering the StealC infostealer malware by exploiting user trust and abusing the File Explorer address bar. This attack impersonates Meta support and uses steganography to evade detection.

A large-scale mobile ad fraud operation dubbed SlopAds exploited 224 Android apps, amassing over 38 million downloads across 228 countries. The campaign generated up to 2.3 billion ad bid requests daily by leveraging hidden WebViews and steganography

Fraud prevention and AML compliance firm SEON today announced raising $80 million in Series C funding, which brings the total raised by the company to $187 million. The new investment round was led by Sixth Street Growth.

A sophisticated SEO poisoning campaign has been uncovered targeting Chinese-speaking Microsoft Windows users. The attackers manipulated search engine results to promote fraudulent websites mimicking legitimate software providers.

An insider data breach at FinWise Bank has compromised the personal information of approximately 689,000 customers of American First Finance (AFF). The breach occurred when a former employee accessed sensitive data after their employment had ended.

Academic researchers have developed a new Rowhammer-based attack, dubbed Phoenix, that bypasses DDR5 memory protections, including Target Row Refresh (TRR). The Phoenix attack was able to flip bits on all 15 DDR5 memory chips tested.

A threat actor group known as Scattered Lapsus$ Hunters has claimed unauthorized access to Google’s Law Enforcement Request System (LERS) and the FBI’s eCheck background check system.

A data breach has compromised the personal information of millions of customers from luxury fashion brands Gucci, Balenciaga, and Alexander McQueen. The breach was attributed to the cybercriminal group Shiny Hunters

The phishing campaign involved emails impersonating a South Korean defense-related institution, claiming to manage ID issuance for military personnel. These emails contained malicious attachments.

Vietnam’s National Credit Information Center suffered a cyberattack by the ShinyHunters group, exploiting an n-day vulnerability in unsupported software. The attackers accessed and leaked personal data, which was listed for sale on the dark web.