Google has released an update for its Chrome browser, addressing 13 security vulnerabilities, including four high-severity issues. One critical vulnerability, CVE-2025-13633, affects the Digital Credentials feature.

A new wave of cyberattacks is exploiting legitimate Remote Monitoring and Management (RMM) tools such as LogMeIn Resolve and PDQ Connect. Attackers trick users into installing these tools under false pretenses.

A widespread and industrial-scale scam campaign targeting Black Friday shoppers is exploiting malvertising and fake brand giveaways to harvest personal information and payment card data.

The phishing emails are crafted to resemble internal “Email Delivery Reports” and claim that due to a recent upgrade in the Secure Message system, some messages are pending delivery.

A phishing campaign is impersonating PayPal and Geek Squad to execute a tech support scam. Victims receive fake invoices via email, prompting them to call a fraudulent support number, leading to potential financial loss and system compromise.

SafePay ransomware claimed responsibility for a significant data breach at Conduent. The breach has exposed sensitive personal data of over half a million individuals across multiple states.

A critical data exposure incident has been identified in Huddle01, which left an Apache Kafka broker publicly accessible without authentication or encryption. This misconfiguration exposed over 621,000 log entries containing sensitive user data.

The campaign leverages compromised Discord accounts to send direct messages asking users to test a game. Victims are redirected to convincing fake game pages hosted on Blogspot subdomains or cloud services.

A phishing campaign is targeting cryptocurrency users by impersonating the Best Wallet app. The attackers aim to steal wallet credentials, private keys, and seed phrases by luring victims to a fake website that closely mimics the legitimate platform.

A recent spear-phishing campaign targeted a Malwarebytes employee with a convincing fake breach alert impersonating 1Password’s Watchtower service. The attackers aimed to steal the victim’s 1Password credentials.