Sixteen Defendants Indicted on Federal Charges Linked to Global DanaBot Malware Operation
A recent federal grand jury indictment and a related criminal complaint have unsealed charges against 16 individuals connected to the development and deployment of DanaBot malware, allegedly operated by…

CISA Issues Alert on Potential Widespread SaaS Attacks Targeting Application Secrets and Cloud Misconfigurations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that Commvault is actively monitoring cybersecurity threats that are targeting applications hosted within its Microsoft Azure cloud environment.

According…

U.S. Government Indicts Qakbot Botnet Leader Connected to Ransomware Operations
The U.S. government has formally charged Russian national Rustam Rafailevich Gallyamov, the mastermind behind the Qakbot botnet operation, which has compromised over 700,000 computers and facilitated numerous ransomware attacks.…

Operation RapTor: 270 Arrests in Comprehensive Global Initiative Targeting Dark Web Vendors
In a significant international law enforcement operation, dubbed Operation RapTor, authorities have successfully arrested 270 individuals suspected of engaging in illegal activities on dark web platforms. This coordinated crackdown…

Russian National and Qakbot Malware Leader Indicted for Involvement in Extensive Global Ransomware Operations
Operation Endgame has made significant strides in combating cybercrime, as evidenced by a recent announcement in a video titled “My Happy Lie – Cortes.” Following this, the Department of…

GitLab Duo Vulnerability Allowed Exploitation of AI Responses through Concealed Prompts
Cybersecurity researchers have identified a vulnerability in GitLab’s AI assistant, Duo, specifically an indirect prompt injection flaw that could enable attackers to exfiltrate source code and inject untrusted HTML…

Significant Database Leak: 184 Million Records Reveal Extensive Collection of Login Credentials
The inadvertent exposure of data due to misconfigured or improperly secured databases represents a long-standing challenge in privacy and information security. Recent findings have brought to light a substantial…

ViciousTrap Exploits Cisco Vulnerability to Establish Global Honeypot Network Comprised of 5,300 Compromised Devices
Cybersecurity researchers have revealed that a threat actor, identified as ViciousTrap, has successfully compromised approximately 5,300 unique network edge devices across 84 countries, transforming them into a honeypot-like network.…

Law Enforcement Agencies Disrupt Initial Access Malware Operation Linked to Ransomware Deployment
A significant law enforcement initiative has successfully dismantled critical initial access malware used in orchestrating ransomware attacks. This operation, coordinated by Europol and announced on May 23, marks a…

Critical Security Advisory: CVE-2025-4664 Vulnerability in Chrome Reveals Browser Activity on Windows and Linux Systems
A recently discovered zero-day vulnerability in Chrome, identified as CVE-2025-4664, has been found to compromise login tokens on both Windows and Linux operating systems. This flaw poses a significant…

FBI Issues Alert on Luna Moth Ransomware Attacks Targeting Legal Firms
The FBI has issued a warning regarding an extortion group known as the Silent Ransom Group, which has been actively targeting law firms across the United States for the…

Exploitation of TikTok for Malware Distribution: The Utilization of Vidar and StealC via ClickFix Methodology
The malware known as Latrodectus has recently adopted the ClickFix social engineering technique as a distribution method. The ClickFix approach poses significant risks as it enables malware execution…

OpenAI Announces Enhanced Accuracy of Operator Agent with O3 Update
OpenAI has announced that the Operator Agent has been upgraded to utilize the o3 model, resulting in enhanced reasoning capabilities. Operator, which is currently in a research preview phase,…

Global Dark Web Operation Results in 270 Arrests
A recent extensive law enforcement initiative aimed at disrupting the trafficking of fentanyl, opioids, and other illicit goods and services on the dark web has led to the arrest…

BadSuccessor Exploits Vulnerability in Windows Server 2025 for Complete Active Directory Compromise
Akamai researchers have identified a significant vulnerability within the dMSA feature of Windows Server 2025, which poses a considerable risk to system integrity. This flaw allows malicious actors to…

FTC Concludes Enforcement Action Against GoDaddy Regarding Data Security Infringements
The Federal Trade Commission (FTC) has concluded an order with GoDaddy regarding allegations of consumer deception stemming from insufficient data security measures that resulted in multiple security breaches. In…

Identification of Numerous Malicious Packages on NPM Engaging in Host and Network Data Collection
Script designed to delete Vue.js-related files on June 19–30, 2023
Source: Socket

The threat actor responsible for this campaign, operating under the pseudonym ‘xuxingfeng’, also published several…

Critical XSS Vulnerability CVE-2024-27443 Affects 129,000 Zimbra Servers, Linked to Sednit Group
A critical Cross-Site Scripting (XSS) vulnerability, identified as CVE-2024-27443, has been detected within the CalendarInvite feature of the Zimbra Collaboration Suite. This vulnerability poses a significant risk, as it…

British Columbia Health Authority Subject to Class-Action Lawsuit Pertaining to 2009 Data Breach
B.C.’s Interior Health Authority (IH) is currently facing a class-action lawsuit resulting from a significant data breach that occurred in 2009. This breach is reported to have exposed sensitive…

SK Telecom Discovers Extensive Two-Year Malware Campaign Resulting in Leakage of 26 Million IMSI Records
SK Telecom has disclosed a significant cybersecurity incident involving a malware intrusion that persisted undetected for nearly two years. This breach has resulted in the unauthorized disclosure of sensitive…