-
SoundCloud confirms breach after member data stolen, VPN access disrupted
SoundCloud has officially confirmed that recent service disruptions and widespread VPN access issues were the result of a cybersecurity breach that led to the unauthorized access and theft of user data. The incident involved the exposure of a database containing…
-
Malicious Blender model files deliver StealC infostealing malware
A new threat campaign tied to Russian cyber actors is weaponizing malicious Blender model files to deliver the StealC V2 information-stealing malware, targeting creators who download assets from popular 3D marketplaces such as CGTrader. The campaign leverages Blender’s built-in scripting…
-
CISA warns Oracle Identity Manager RCE flaw is being actively exploited
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an urgent advisory instructing federal agencies to remediate a critical remote code execution (RCE) flaw in Oracle Identity Manager, identified as CVE-2025-61757. The vulnerability is already being actively exploited in…
-
‘PlushDaemon’ hackers hijack software updates in supply-chain attacks
A China-linked threat actor tracked as ‘PlushDaemon’ is hijacking software update traffic using a new implant called EdgeStepper in cyberespionage operations. Since 2018, PlushDaemon hackers have targeted individuals and organizations in the United States, China, Taiwan, Hong Kong, South Korea, and…
-
US announces new strike force targeting Chinese crypto scammers
The recent establishment of a dedicated task force by U.S. federal authorities aims to combat the burgeoning issue of Chinese cryptocurrency scams, which are reportedly defrauding American citizens of nearly $10 billion annually. The Scam Center Strike Force, backed by…
-
APT37 hackers abuse Google Find Hub in Android data-wiping attacks
North Korean hackers have recently leveraged Google’s Find Hub tool to track GPS locations of targets and execute remote factory resets on Android devices. This sophisticated attack primarily affects South Korean users. The infiltration method involves initiating contact through KakaoTalk,…
-
Sandworm hackers use data wipers to disrupt Ukraine’s grain sector
Russian state-sponsored hacker group Sandworm has deployed various data-wiping malware families in targeted attacks against Ukraine’s education, government, and grain sectors, integral to the nation’s economy. According to a recent report by ESET, these attacks occurred in June and September…
-
Penn hacker claims to have stolen 1.2 million donor records in data breach
A recent breach at the University of Pennsylvania has escalated concerns about cybersecurity practices in higher education. A hacker has claimed responsibility for the incident, revealing extensive access to sensitive data affecting approximately 1.2 million donors and internal documents. On…
-
Microsoft promises more Copilot features in Microsoft 365 companion apps
In the upcoming weeks, Microsoft 365 companion apps are set to introduce enhanced Copilot features aimed at boosting productivity and streamlining workflows. Currently, Copilot functionality is limited to two companion apps: People and Files. However, Microsoft plans to expand its…
Must-Read Posts
- ‘PlushDaemon’ hackers hijack software updates in supply-chain attacks
- Adidas warns of data breach after customer service provider hack
- AI Cuts vCISO Workload by 68% as Demand Skyrockets, New Report Finds
- AI in Cybersecurity: Revolutionizing Defense Against Emerging Threats
- Apiiro unveils free scanner to detect malicious code merges
