A sophisticated spyware campaign attributed to the North Korea-linked KONNI APT group has targeted individuals in South Korea using spear phishing, social engineering, and abuse of legitimate services.

A legacy Remote Access Trojan (RAT), DarkComet, originally developed in 2008 and later discontinued, has resurfaced in a new campaign targeting cryptocurrency users. The malware is being distributed through fake Bitcoin wallet applications.

A significant data exposure incident has compromised the personal information of over 7,000 individuals who applied for positions on Capitol Hill through the DomeWatch resume bank.

A new Android malware named HyperRat has emerged in the cybercrime ecosystem, being sold as a ready-made spyware tool under the Malware-as-a-Service (MaaS) model. HyperRat is distributed via a subscription-based model.

A new Android malware, Android.Backdoor.Baohuo.1.origin, is spreading via fake Telegram X apps, granting attackers full control over victims' Telegram accounts. Baohuo uses the Xposed framework to alter app behavior at runtime.

The Everest ransomware group claimed responsibility for breaching Dublin Airport and Air Arabia. The group alleges the theft of approximately 1.5 million passenger records from Dublin Airport and personal data of over 18,000 Air Arabia employees.

A newly discovered zero-click attack, dubbed Shadow Escape, exploits MCP used by AI assistants. This attack enables the silent exfiltration of sensitive data—including SSNs, financial records, and medical identifiers—without any user interaction.

The Medusa ransomware group has leaked a 186.36 GB compressed archive of data allegedly stolen from Comcast Corporation. The data was released after Comcast reportedly failed to meet a $1.2 million ransom demand.

A new report from cybersecurity research firm Sublime Security reveals yet another widespread credential phishing campaign where scammers try to get your login information, specifically by stealing victims’ Facebook login details.

A new malvertising campaign is taking advantage of the popularity of Perplexity’s recently released Comet browser, tricking users into downloading a malicious installer instead of the legitimate product.