Massive Malvertising Campaign Spreads Lumma Malware Through Fake CAPTCHA Scam
Cybercriminals have launched a sophisticated attack reaching millions of users through compromised ad networks, using fake CAPTCHA verification pages to distribute the Lumma information stealer. The campaign generates over 1 million daily ad impressions across 3,000+ websites, targeting sensitive data like banking credentials and personal files.
Arctic Wolf's $160M Acquisition of BlackBerry's Cylance Reshapes Cybersecurity Landscape
Arctic Wolf's strategic $160M acquisition of BlackBerry's Cylance endpoint security business combines AI-powered protection with advanced security operations. The deal includes cash payments and company shares, positioning Arctic Wolf for market expansion while maintaining service continuity for existing customers.
Critical Security Flaws Found in Smart Car Camera Systems
Researchers uncover serious vulnerabilities in cloud-connected vehicle cameras that could allow hackers to access private location data and footage. While one vendor has patched the security holes, another remains exposed despite being notified over a year ago.
Hackers Turn the Tables: 390,000 WordPress Credentials Stolen in Supply Chain Attack
A sophisticated hacking group dubbed MUT-1244 executed a year-long campaign targeting cybercriminals and researchers through trojanized software tools. The attackers successfully stole over 390,000 WordPress credentials along with other sensitive data using deceptive GitHub repositories and infected npm packages.
HeartCrypt: The $20 Malware Service Making Cyber Attacks More Accessible
A new malware packing service called HeartCrypt has emerged, allowing criminals to hide malicious code in legitimate-looking software for just $20. The service's sophisticated concealment techniques and growing adoption by cybercriminals highlight evolving threats in the cybersecurity landscape.
Major Data Breach at Byte Federal Exposes 58,000 Bitcoin ATM Users' Personal Data
A significant security breach at Byte Federal, a leading US Bitcoin ATM operator, has compromised sensitive data of 58,000 customers through a GitLab vulnerability. The breach exposed personal information including government IDs and transaction records, prompting immediate security measures and customer warnings.
Critical Security Flaws Found in 336,000 Exposed Prometheus Monitoring Servers
Researchers discovered over 336,000 Prometheus monitoring servers and exporters exposed online, leaking sensitive data and vulnerable to DoS attacks. The investigation revealed plaintext passwords, authentication tokens, and internal API addresses were accessible, while also identifying risks from 'repojacking' vulnerabilities.
Chinese Hacker Indicted for Massive Sophos Firewall Attack Affecting 81,000 Devices
The U.S. Department of Justice has charged Chinese national Guan Tianfeng for exploiting Sophos firewall vulnerabilities that compromised 81,000 devices globally. The attack, linked to China's Ministry of Public Security, prompted multi-agency U.S. response including sanctions and a $10 million reward for information.
Russian Hackers Hijack Criminal Networks to Target Ukrainian Starlink Devices
Russian state-backed group Secret Blizzard has adopted an unusual tactic of compromising other cybercrime groups' infrastructure to infiltrate Ukrainian military Starlink connections. Microsoft's report reveals the hackers leveraged malware tools from multiple threat actors to gather intelligence on military hardware.
Krispy Kreme's Online Ordering Hit by Cyberattack, Disrupting Digital Sales
Popular doughnut chain Krispy Kreme faces operational disruptions after detecting an unauthorized system breach affecting its U.S. online ordering platforms. While physical stores remain open, the company acknowledges potential material impact as it works with cybersecurity experts to investigate and restore services.