A sophisticated phishing campaign is targeting UK pet owners with fake microchip renewal emails. These emails appear highly credible, often including accurate pet details such as name, breed, and microchip number.

ESET identified several prominent AsyncRAT forks actively used in cyberattacks, including DcRat, VenomRAT, and SilverRAT. DcRat offers an expanded feature set, while VenomRAT includes even more advanced capabilities.

Konfety masquerades as legitimate applications but delivers none of the promised functionality. It is designed to fetch hidden ads, exfiltrate device data, and potentially load additional malicious modules dynamically.

DragonForce, a ransomware group operating under a Ransomware-as-a-Service (RaaS) model, has claimed responsibility for a data breach targeting Belk, a North Carolina-based department store chain.

Indian Springs School District 109, located in Justice, Illinois, disclosed a ransomware attack that compromised the personal data of 11,542 individuals. The breach is attributed to the RansomHub ransomware group.

The Lorain County Auditor’s Office in Ohio was targeted by the Global ransomware group in a cyberattack that occurred on May 27. Global RaaS)group, has claimed responsibility and alleges possession of private data, including bank account information.

Abacus Market, the Western world’s highest-grossing dark web marketplace, went offline in early July 2025, following user reports of withdrawal issues that began in late June. Experts believe this marks a classic exit scam.

Researchers successfully jailbroke Elon Musk’s Grok-4 AI within 48 hours of its launch. By combining two advanced techniques—Echo Chamber and Crescendo—they bypassed the AI’s security filters and extracted instructions for creating dangerous items.

Researchers identified critical vulnerabilities in Grok 4, particularly when deployed without system-level security prompting. The model was found to be highly susceptible to prompt injection attacks and capable of generating harmful content.

A malicious VSCode-compatible extension named Solidity Language distributed via the Cursor AI IDE's Open VSX registry led to the theft of $500,000 in cryptocurrency. The extension impersonated a legitimate Ethereum smart contract syntax highlighter.