Security Breach: Over 3,200 Cursor Users Compromised by Malicious npm Packages with Backdoor Threats and Credential Theft
Cybersecurity experts have identified three malicious npm packages aimed specifically at the macOS version of Cursor, a widely used artificial intelligence (AI)-led source code editor. These packages masquerade as…

Chinese Cyber Actors Target SAP NetWeaver Servers in Coordinated Attack
Forescout Vedere Labs security researchers have identified a series of ongoing attacks exploiting a critical vulnerability in SAP NetWeaver servers, attributed to a Chinese threat actor. This unauthenticated file…

Star Health Cybersecurity Incident: Executive Threats Reported by Hacker
The hacker linked to a significant data breach at Star Health and Allied Insurance has purportedly taken responsibility for intimidating the company’s senior management through death threats and dispatched…

Ascension Reports Data Breach Impacting Over 430,000 Patients
Ascension, a leading private healthcare system in the United States, has disclosed that a recent data breach affects the personal and health information of over 430,000 patients. With a…

Important Update: Dismantling of 7,000-Device IoT and EoL System Proxy Botnet in U.S. Executed by Dutch Authorities
A coordinated operation conducted by Dutch and U.S. law enforcement agencies has successfully dismantled a significant criminal proxy network comprised of thousands of compromised Internet of Things (IoT) and…

Google Chrome Implements AI Technology to Combat Tech Support Scam Websites
Google is advancing its efforts to combat tech support scams through the integration of Artificial Intelligence (AI) within the Chrome browser. With the upcoming release of Chrome version 137,…

Google Chrome Integrates On-Device AI for Enhanced Detection of Tech Support Scams
Google is introducing a significant security enhancement for Chrome, utilizing the ‘Gemini Nano’ large-language model (LLM) to better identify and mitigate tech support scams encountered during web browsing.

Tech…

OtterCookie v4 Introduces Enhanced Virtual Machine Detection and Advanced Credential Theft Features for Chrome and MetaMask
The North Korean threat actors behind the Contagious Interview campaign have been observed employing upgraded versions of a cross-platform malware known as OtterCookie. This malware is capable of stealing…

Law Enforcement Disrupts Botnet Operation Utilizing Compromised Routers for Residential Proxy Services
Law enforcement authorities have successfully disrupted a botnet that has compromised thousands of routers over the past 20 years, leading to the establishment of two networks of residential proxies,…

Chinese Threat Actors Exploit SAP Remote Code Execution Vulnerability CVE-2025-31324, Deploy Golang-Based SuperShell
A China-linked threat actor known as Chaya_004 has been identified exploiting a recently disclosed vulnerability in SAP NetWeaver.

Forescout Vedere Labs reported the discovery of a malicious infrastructure…

Google Agrees to $1.375 Billion Settlement with Texas Regarding Unauthorized Tracking and Biometric Data Practices
Google has agreed to a settlement with the state of Texas, amounting to $1.4 billion, to resolve two lawsuits alleging the company unlawfully tracked users’ locations and retained facial…

Germany Closes eXch Amidst $1.9 Billion Money Laundering Investigation, Seizing €34 Million in Cryptocurrency and 8TB of Data
Germany’s Federal Criminal Police Office (Bundeskriminalamt, BKA) has successfully dismantled the online infrastructure associated with the eXch cryptocurrency exchange due to serious allegations of money laundering and operating an…

Microsoft Teams to Implement Screen Capture Restrictions During Meetings
Microsoft is in the process of developing a new feature for Teams aimed at enhancing content security during meetings by preventing users from capturing screenshots of sensitive information.

Participants…

Emergence of Noodlophile Infostealer Malware from Deceptive AI Video Generation Tools
Fake AI-driven video generation platforms are being exploited to disseminate a new category of information-stealing malware, referred to as ‘Noodlophile,’ disguised as content generated by supposed artificial intelligence tools.…

Department of Justice Reports Potential Data Breach at Berkeley Research Group Involving Sensitive Information on Survivors of Diocesan Abuse
The U.S. Department of Justice has confirmed that a recent data breach at a California consulting firm has led to the exposure of sensitive information belonging to survivors of…

Bluetooth 6.1 Enhances Privacy through Randomized RPA Timing Techniques
The Bluetooth Special Interest Group (SIG) has introduced the Bluetooth Core Specification 6.1, which incorporates significant enhancements to the well-established wireless communication protocol. A key feature of this release…

Introduction of PDF Download Feature for In-Depth Research in ChatGPT
ChatGPT’s Deep Research feature, which facilitates in-depth research for complex tasks, is set to introduce a long-awaited functionality: the option to save reports as PDF files.

By utilizing the…

Cybersecurity Breach: iClicker Platform Compromised, Exposing Students to Malware through Phony CAPTCHA Mechanism
The iClicker website, a widely used platform for student engagement, fell victim to a sophisticated ClickFix attack targeting students and educators. This security breach involved a deceptive CAPTCHA prompt…

Exploiting Fraudulent AI Tools to Deploy Noodlophile Malware, Affecting Over 62,000 Victims Through Facebook Lures
Threat actors are increasingly exploiting the allure of artificial intelligence (AI) by offering counterfeit AI-powered tools to entice users into downloading malware known as Noodlophile.

Rather than relying on…

Emerging SEO Poisoning Threat: Targeted Malware Campaign Aimed at IT Administrators
Recent intelligence from Varonis has unveiled a notable trend in cyberattacks where adversaries are leveraging SEO poisoning techniques to manipulate IT administrators into downloading malicious software. This tactic involves…