Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rules

The report focuses on DOGE’s activities at the General Services Administration (GSA), Office of Personnel Management (OPM), and Social Security Administration (SSA), revealing multiple instances of potential cybersecurity violations.

Cybercriminals are going after law firms’ sensitive client data

Law firms are increasingly becoming prime targets for cybercriminals due to the sensitive nature of the data they handle, including client communications, financial records, and legal strategies.

Threat Signal Report

Multiple critical vulnerabilities have been identified in Citrix NetScaler ADC and NetScaler Gateway appliances, including a memory overflow flaw (CVE-2025-7775) that enables remote code execution (RCE) and denial of service (DoS).

Old file types, new tricks: Attackers turn everyday files into weapons

Phishing emails accounted for 61% of threats reaching endpoints. Archives were the top delivery method (40%), followed by scripts and executables (35%). Attackers used realistic invoice-themed emails with SVG and PDF attachments to lure victims.

Cyberattacks against schools driven by a rise in student hackers, ICO warns

The ICO analyzed 215 insider threat breach reports from the education sector between January 2022 and August 2024 and identified a pattern of student involvement in cyber incidents. Approximately 57% of these breaches were caused by students.

When typing becomes tracking: Study reveals widespread silent keystroke interception

Researchers from multiple institutions analyzed 15,000 websites and found that 91% used JavaScript event listeners to monitor user interactions. Approximately 40% of websites captured keystrokes before users pressed submit.

Employees keep feeding AI tools secrets they can’t take back

A significant number of employees are sharing sensitive data like customer records, financial results, and login credentials, with public AI platforms. This data is often submitted from unmanaged devices that security teams cannot monitor.

Attackers test the limits of railway cybersecurity

Railway systems are increasingly vulnerable to cyberattacks due to digital transformation, legacy infrastructure, and geopolitical tensions. A critical b dugiscovered in 2012 allows attackers to remotely trigger emergency brakes on American trains.

The Good, the Bad and the Ugly in Cybersecurity – Week 36

Three Russian FSB officers are accused of orchestrating cyberattacks on U.S. critical infrastructure. Two malicious npm packages were using Ethereum smart contracts to conceal URLs for second-stage payload delivery.

Ransomware gang takedowns causing explosion of new, smaller groups

Between July 2024 and June 2025, Malwarebytes tracked 41 new ransomware groups, with over 60 active groups operating simultaneously for the first time. On average, each ransomware group has attacked around five targets per month.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags