A new social engineering technique called FileFix has emerged as a variant of the ClickFix attack, leveraging the Windows File Explorer address bar to stealthily execute malicious PowerShell commands.

CoinMarketCap identified a supply chain vulnerability that allowed attackers to inject a malicious wallet drainer script into its homepage. The attack exploited a third-party API used to load a doodle image.

BitoPro, a Taiwanese cryptocurrency exchange, suffered a cyberattack on May 8, 2025, resulting in the theft of approximately $11 million in digital assets. The attack has been attributed to the North Korean state-sponsored Lazarus Group.

A new campaign by the North Korean APT group BlueNoroff (also known as TA444 or Sapphire Sleet) leverages deepfake videos of company executives during Zoom calls to distribute custom macOS malware.

Erie Insurance and its management company, Erie Indemnity Company, have confirmed a cyberattack that caused significant business disruptions and service outages beginning on June 7.

Microsoft's June 2025 Patch Tuesday addresses 66 vulnerabilities, including one actively exploited and one publicly disclosed zero-day. Ten of the vulnerabilities are rated as Critical.

A major supply chain attack has compromised 16 popular Gluestack 'react-native-aria' packages on NPM, affecting nearly 960,000 weekly downloads. The attack involves the injection of obfuscated remote access trojan (RAT) code.

Optima Tax Relief, a prominent U.S.-based tax resolution firm, has been targeted in a ransomware attack by the Chaos ransomware gang. The attackers employed a double-extortion strategy, encrypting servers and exfiltrating sensitive data.

Qilin RaaS is now exploiting two critical Fortinet vulnerabilities—CVE-2024-21762 and CVE-2024-55591—to bypass authentication and deploy ransomware. These impacted high-profile organizations and are currently targeting Spanish-speaking countries

A previously known data breach involving AT&T has resurfaced in a repackaged form, with threat actors re-releasing the stolen data from 2021. The updated dataset now includes decrypted Social Security Numbers and dates of birth.