Threat actors are exploiting the popularity of AI tools by using Black Hat SEO to poison search engine results and Vidar Stealer, Lumma Stealer, and Legion Loader through complex redirection chains and obfuscated JavaScript.

A massive data breach has compromised the personal information of approximately 7.4 million Paraguayan citizens. The stolen data includes names, ID card numbers, dates of birth, professions, and certificates.

The Androxgh0st botnet has significantly evolved since its emergence in early 2023, now leveraging a broader range of attack vectors and targeting misconfigured servers, particularly in academic institutions.

Mainline Health Systems has begun notifying 101,104 individuals of a data breach stemming from a ransomware attack that occurred in April 2024. The breach compromised sensitive data including Social Security numbers.

A sophisticated phishing campaign is targeting Trezor users by exploiting the company’s automated support system to send deceptive emails that appear to originate from the legitimate help@trezor.io address.

A recent phishing campaign has compromised over 2,000 devices by impersonating the U.S. Social Security Administration (SSA). The attackers used a convincing email lure to redirect victims to a fake SSA webpage hosted on Amazon Web Services (AWS).

A widespread and highly coordinated phishing campaign is targeting U.S. citizens by impersonating state Departments of Motor Vehicles (DMVs). The campaign uses smishing tactics to steal personal and financial data through fake DMV websites.

A new social engineering technique called FileFix has emerged as a variant of the ClickFix attack, leveraging the Windows File Explorer address bar to stealthily execute malicious PowerShell commands.

A sophisticated variant of the Havoc Remote Access Trojan (RAT) was deployed in a targeted cyber intrusion against critical national infrastructure in the Middle East. This variant leverages a disguised remote injector to deploy the Havoc payload.

A critical vulnerability (CVE-2025-52562) in Performave Convoy, a KVM server management panel used by hosting providers, allows unauthenticated remote attackers to execute arbitrary PHP code on affected systems.