Latest Cybersecurity News and Articles

Abacus Market Shutters After Exit Scam, Say Experts

Abacus Market, the Western world’s highest-grossing dark web marketplace, went offline in early July 2025, following user reports of withdrawal issues that began in late June. Experts believe this marks a classic exit scam.

Researchers Jailbreak Grok-4 AI Within 48 Hours of Launch

Researchers successfully jailbroke Elon Musk’s Grok-4 AI within 48 hours of its launch. By combining two advanced techniques—Echo Chamber and Crescendo—they bypassed the AI’s security filters and extracted instructions for creating dangerous items.

Why skipping security prompting on Grok’s newest model is a huge mistake

Researchers identified critical vulnerabilities in Grok 4, particularly when deployed without system-level security prompting. The model was found to be highly susceptible to prompt injection attacks and capable of generating harmful content.

Malicious VSCode extension in Cursor IDE led to $500K crypto theft

A malicious VSCode-compatible extension named Solidity Language distributed via the Cursor AI IDE's Open VSX registry led to the theft of $500,000 in cryptocurrency. The extension impersonated a legitimate Ethereum smart contract syntax highlighter.

Russia-linked group spoofing European journalists to spread disinformation

A Russian state-linked threat actor, Storm-1516, has launched a sophisticated disinformation campaign across Europe by impersonating legitimate journalists and publishing fabricated stories on spoofed news websites.

Dordt University notifies 34K+ people of April 2024 data breach that compromised SSNs, medical info

Dordt University has notified 34,251 individuals of a data breach stemming from a ransomware attack by the BianLian group. The breach occurred between April 21 and May 16, 2024, but notifications were only issued in July 2025—14 months later.

Indian Police Raid Tech Support Scam Call Center

Indian law enforcement, in collaboration with international agencies, has dismantled a fraudulent tech support call center operation targeting victims in the UK, US, and Australia through fraudulent tech support schemes.

WordPress Gravity Forms developer hacked to push backdoored plugins

A supply-chain attack has compromised the popular WordPress plugin Gravity Forms, affecting manual and composer installations of versions 2.9.11.1 and 2.9.12 downloaded between July 10 and 11, 2025.

Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now

A critical pre-authentication remote code execution (RCE) vulnerability, tracked as CVE-2025-25257, has been disclosed in Fortinet FortiWeb. The flaw allows unauthenticated attackers to execute arbitrary code on vulnerable servers.

Stealthy PHP Malware Uses ZIP Archive to Redirect WordPress Visitors

A new stealthy PHP malware campaign has been discovered targeting WordPress websites. The malware leverages the `zip://` PHP wrapper to include obfuscated malicious code from a ZIP archive embedded in the WordPress core file `wp-settings.php`.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags