Department of Justice Reports Potential Data Breach at Berkeley Research Group Involving Sensitive Information on Survivors of Diocesan Abuse
The U.S. Department of Justice has confirmed that a recent data breach at a California consulting firm has led to the exposure of sensitive information belonging to survivors of…

Bluetooth 6.1 Enhances Privacy through Randomized RPA Timing Techniques
The Bluetooth Special Interest Group (SIG) has introduced the Bluetooth Core Specification 6.1, which incorporates significant enhancements to the well-established wireless communication protocol. A key feature of this release…

Introduction of PDF Download Feature for In-Depth Research in ChatGPT
ChatGPT’s Deep Research feature, which facilitates in-depth research for complex tasks, is set to introduce a long-awaited functionality: the option to save reports as PDF files.

By utilizing the…

Cybersecurity Breach: iClicker Platform Compromised, Exposing Students to Malware through Phony CAPTCHA Mechanism
The iClicker website, a widely used platform for student engagement, fell victim to a sophisticated ClickFix attack targeting students and educators. This security breach involved a deceptive CAPTCHA prompt…

Exploiting Fraudulent AI Tools to Deploy Noodlophile Malware, Affecting Over 62,000 Victims Through Facebook Lures
Threat actors are increasingly exploiting the allure of artificial intelligence (AI) by offering counterfeit AI-powered tools to entice users into downloading malware known as Noodlophile.

Rather than relying on…

Emerging SEO Poisoning Threat: Targeted Malware Campaign Aimed at IT Administrators
Recent intelligence from Varonis has unveiled a notable trend in cyberattacks where adversaries are leveraging SEO poisoning techniques to manipulate IT administrators into downloading malicious software. This tactic involves…

FreeDrain Phishing Scam Depletes Cryptocurrency Assets of Enthusiasts
A sophisticated phishing scheme, comprising a network of counterfeit websites, has been identified as a significant threat to web3 projects, draining cryptocurrency wallets on a large scale for several…

Weekly Security Update: May 4 – May 10
Last week, our labs observed several significant developments in the realm of information security.

– A new episode of Lock and Code highlights the emergence of AI chatbot programs…

ASUS Addresses Remote Code Execution Vulnerabilities in DriverHub Accessible through HTTP and Malicious .ini Files
ASUS has implemented security updates to rectify two critical vulnerabilities affecting the ASUS DriverHub software. These flaws, if successfully exploited, could allow an attacker to execute remote code on…

Moldova Detains Individual Associated with DoppelPaymer Ransomware Operations
Moldovan law enforcement agencies have successfully apprehended a 45-year-old suspect implicated in DoppelPaymer ransomware attacks that targeted Dutch entities in 2021.

On May 6, officers executed searches at the…

Leading Malware Threats: FakeUpdates, Remcos, and AgentTesla Dominate Stealth Attack Landscape
Check Point’s April 2025 malware report highlights an alarming trend characterized by the growing sophistication and obfuscation of cyberattacks. The analysis indicates that attackers are increasingly leveraging well-known malware…

Assessment of Hacktivist Threats to India in Context of APT36 Espionage Activities
A recent surge in reported hacktivist attacks against India’s digital infrastructure has raised concerns, with claims of over 100 breaches across various sectors, including government and education. These incidents…

Weekly Summary: Zero-Day Vulnerabilities, Developer Malware Threats, IoT Botnet Developments, and AI-Driven Fraud Techniques
What do a source code editor, a smart billboard, and a web server have in common? These elements have all become potential entry points for attacks as cybercriminals redefine…

Critical Vulnerability in ASUS DriverHub Enables Malicious Sites to Execute Commands with Elevated Privileges
The ASUS DriverHub driver management utility has been identified as having a critical remote code execution vulnerability that enables malicious websites to execute commands on devices where the software…

Data Breach: Anonymous Hackers Compromise Flight Information from GlobalX, a U.S. Deportation Airline
A hacker group associated with Anonymous has reportedly infiltrated GlobalX Airlines, leading to the exposure of sensitive flight and passenger information. The breach raises significant concerns regarding data protection…

Criminal Proxy Network Compromises Thousands of IoT Devices
A criminal proxy network has been identified as infecting thousands of Internet of Things (IoT) and end-of-life (EoL) devices, repurposing them into a substantial botnet that facilitates anonymity for…

Addressing the Persistence Challenge: Understanding the Issue of Exposed Credentials and Strategies for Remediation
Detecting leaked credentials is only half the battle; the real challenge lies in what happens after detection. Recent research highlights a troubling trend: a significant majority of exposed company…

Windows 11 Upgrade Restrictions Removed Following Resolution of Safe Exam Browser Issues
Microsoft has removed the upgrade restriction that previously prevented certain users of Safe Exam Browser from upgrading to the Windows 11 2024 Update due to compatibility issues.

Safe Exam…

Roblox Lawsuit Alleges Covert Tracking for Monetization of Children’s Data
Roblox Corporation is facing a class-action lawsuit that alleges the company has engaged in the unauthorized tracking of children’s personal data. The lawsuit accuses Roblox of violating various privacy…

#2025 Security Summit: Experts to Illuminate Vendor Supply Chain Resilience
The vendor supply chain comprises a complex ecosystem of hundreds, if not thousands, of third-party suppliers, presenting significant cybersecurity challenges for organizations. Recent data indicates that an alarming 50%…