A large number of phishing campaigns emerged in the aftermath of the Bybit heist, designed to siphon cryptocurrency from its customers. There were instances of popular crypto keywords, and the use of free hosting and subdomain registration services.

A sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing the abuse of Cloudflare services and Telegram for malicious purposes.

Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically that the malware infection can also lead to ransomware attacks.

A new threat assessment by the Danish Social Security Agency warns that nation-state hackers have an extensive technical understanding of the telecommunications sector’s infrastructure and protocols in cyberattacks against the industry abroad.

As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing.

U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack.

A new open-source tool named 'Chirp' transmits data between computers (and smartphones) through different audio tones. Other microphone-equipped computers running Chirp may capture the sound and translate the message back into text.

US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day.

Ukraine’s state cyber response team (CERT-UA) warned that hackers are targeting notaries' computers in an attempt to gain remote access and manipulate government registries.

The campaign has been in preparation since July-August 2024 and entered the active phase in November-December 2024. Recent malware samples and command-and-control (C2) infrastructure activity indicate that the operation remains active in recent days.