A phishing campaign has been identified targeting Afghan government employees with emails disguised as official correspondence from the office of the prime minister. The campaign uses a decoy document to deliver malware named FalseCub.

A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations. The closure of Tudou is a significant blow to the Southeast Asian scam economy.

The UK government has issued a warning about ongoing DDoS attacks by the Russian-aligned hacktivist group NoName057(16), targeting critical infrastructure and local government organizations.

A vulnerability in Google Gemini AI allows attackers to exploit calendar invites to extract private data. This attack uses Indirect Prompt Injection, embedding commands in meeting invites that instruct Gemini to leak information.

Anti-regime activists hijacked Iran’s Badr satellite and briefly took control of state TV channels to broadcast messages from Crown Prince Reza Pahlavi, calling for protests against the Islamic Republic.

Western cyber agencies have issued a warning about the growing digital threats to industrial operational technology (OT) systems. These systems are integral to critical infrastructure.

The increasing complexity of vendor ecosystems and the integration of AI in business operations have heightened third-party cyber risks. CISOs are increasingly concerned about the lack of visibility beyond direct vendors.

Socket’s Threat Research Team has identified a malicious Google Chrome extension, MEXC API Automator, that quietly hijacks user accounts on the MEXC exchange to steal funds.

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata.

Ukraine's CERT says in a report that the attacks were likely launched by the Russian threat group known as 'Void Blizzard' and 'Laundry Bear', although there is medium confidence in attribution.