Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to achieve DoS or send arbitrary files to a target's device without their approval.

A large number of phishing campaigns emerged in the aftermath of the Bybit heist, designed to siphon cryptocurrency from its customers. There were instances of popular crypto keywords, and the use of free hosting and subdomain registration services.

Over three-fifths of US and British water and electricity firms were targeted by cyber-attacks in the past year, with a majority suffering serious disruption. 59% revealed that the attack had disrupted normal operations.

FortiGuard Labs recently observed a sophisticated campaign dubbed RolandSkimmer. This threat actor targets users in Bulgaria, leveraging malicious browser extensions across Chrome, Edge, and Firefox.

A sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing the abuse of Cloudflare services and Telegram for malicious purposes.

Royal Mail Group, the UK’s centuries-old postal institution, has allegedly suffered a massive data breach resulting in the leak of 144GB of internal files, customer information, and marketing data.

A vulnerability in Verizon's Call Filter feature allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request. The payload includes phone number of the logged-in user.

The Socket research team recently discovered a malicious Python package on PyPI named disgrasya, which contains a fully automated carding script targeting WooCommerce stores.

In January 2025, a phishing email targeting an MSP administrator led to a ransomware attack, with the Qilin ransomware group gaining access to the administrator's credentials and attacking the MSP's customers.

Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration.