The ClickFix attack, a sophisticated social engineering threat, has seen a 517% surge in usage. It involves fake ChatGPT Atlas browser installers that trick users into running password-stealing software.

A newly discovered architectural flaw in Microsoft Teams B2B Guest Access exposes users to malware, phishing, and data exfiltration attacks. Attackers are exploiting a systemic gap that bypasses Microsoft Defender for Office 365 protections.

Under Armour has allegedly been targeted by the Everest ransomware group, which claims to have stolen 343GB of data containing sensitive customer and internal records. The attackers have made sample records available

A major data breach at Chinese cybersecurity firm Knownsec has reportedly exposed over 12,000 files revealing its alleged involvement in developing and deploying state-linked cyber-espionage tools.

A sophisticated spyware campaign attributed to the North Korea-linked KONNI APT group has targeted individuals in South Korea using spear phishing, social engineering, and abuse of legitimate services.

A legacy Remote Access Trojan (RAT), DarkComet, originally developed in 2008 and later discontinued, has resurfaced in a new campaign targeting cryptocurrency users. The malware is being distributed through fake Bitcoin wallet applications.

A significant data exposure incident has compromised the personal information of over 7,000 individuals who applied for positions on Capitol Hill through the DomeWatch resume bank.

A new Android malware named HyperRat has emerged in the cybercrime ecosystem, being sold as a ready-made spyware tool under the Malware-as-a-Service (MaaS) model. HyperRat is distributed via a subscription-based model.

A new Android malware, Android.Backdoor.Baohuo.1.origin, is spreading via fake Telegram X apps, granting attackers full control over victims' Telegram accounts. Baohuo uses the Xposed framework to alter app behavior at runtime.

The Everest ransomware group claimed responsibility for breaching Dublin Airport and Air Arabia. The group alleges the theft of approximately 1.5 million passenger records from Dublin Airport and personal data of over 18,000 Air Arabia employees.