Hackers are exploiting fake Social Security Administration (SSA) emails to hijack PCs by abusing the ScreenConnect tool. This attack does not rely on new viruses but rather on hijacking existing tools and weakening system defenses.

The phishing campaign began in December 2025, initially targeting 504 organizations primarily in the financial services and consulting sectors as part of a testing phase.

The Prometei botnet, a Russian-linked threat active since 2016, has been identified in a UK construction firm's Windows Server. Known for mining Monero cryptocurrency, it also excels at stealing passwords and maintaining remote control over systems.

A recent cloud breach highlights the dangers of exposed AWS credentials and AI-assisted attacks. An attacker gained full admin access to a company's cloud environment in just eight minutes.

A sophisticated phishing campaign is targeting business users by exploiting clean emails, PDF attachments, and cloud storage to steal Dropbox credentials. This attack uses trusted services to bypass security filters and get sensitive information.

Operation Bizarre Bazaar is a significant cyberattack campaign targeting AI systems to steal compute power and resell access. The campaign, led by a hacker known as Hecker, involves exploiting unprotected AI models, particularly those using MCP.

The GoTo Resolve tool, a legitimate remote administration software, has been identified as a potential security risk due to its ability to be exploited for activities similar to ransomware tactics.

The ShinyHunters hacking group has allegedly leaked millions of user records from SoundCloud, Crunchbase, and Betterment. This breach follows failed extortion attempts and raises concerns about potential links to an Okta vishing campaign.

The Everest ransomware group has claimed responsibility for a significant data breach involving McDonald's India. The group alleges to have exfiltrated 861 GB of sensitive data, including customer information and internal company documents.

A vulnerability in Google Gemini AI allows attackers to exploit calendar invites to extract private data. This attack uses Indirect Prompt Injection, embedding commands in meeting invites that instruct Gemini to leak information.