Hacker Uses Claude and ChatGPT to Breach Multiple Government Agencies
A single threat actor compromised nine Mexican government agencies and stole hundreds of millions of citizen records in a highly sophisticated cyberattack. The campaign, which…
Category: CyberSecurityNews
OpenAI Warns macOS Users to Update ChatGPT and Codex Immediately
OpenAI has disclosed a security incident tied to the compromise of Axios, a widely used third-party JavaScript developer library, as part of a broader software…
Google Unveils Device-Bound Chrome Sessions in Anti-Cookie-Theft Move
Google officially announced the public rollout of Device Bound Session Credentials (DBSC) for Windows users on Chrome 146. According to the Google Account Security and…
Google Launches Gmail End-to-End Encryption for Android and iOS
Google has officially rolled out End-to-End Encryption (E2EE) for the Gmail application on Android and iOS devices. This major update targets users utilizing Gmail client-side…
Ransomware Gangs Expand Use of EDR Killers Beyond Vulnerable Drivers, ESET Warns
In recent years, Endpoint Detection and Response (EDR) killers have become a standard, highly effective weapon in modern ransomware intrusions. Before launching their file-encrypting malware,…
Hackers Use AiTM Session Hijacking to Redirect Employee Salaries in New Storm-2755 Campaign
A financially motivated threat group called Storm-2755 has launched a campaign that quietly reroutes employee salary payments to attacker-controlled bank accounts. Targeting Canadian workers, the…
EngageSDK Vulnerability Exposes Millions of Crypto Wallet Users to Cyberattacks
A serious security flaw found inside a widely used Android library called EngageSDK has put over 30 million cryptocurrency wallet users at risk of financial…
Hackers Use Fake BTS World Tour Ticket Sites to Scam Fans Across Multiple Countries
Cybercriminals are capitalizing on the excitement around BTS’s long-awaited return to the world stage by setting up fraudulent ticket websites that steal money from unsuspecting…
MuddyWater Turns to Russian Malware-as-a-Service in New ChainShell Campaign
Iranian state-backed hacking group MuddyWater has made a decisive operational shift, adopting a Russian-built Malware-as-a-Service platform to power a new campaign against Israeli targets. The…
AWS Patches Critical RCE and Escalate Privileges in Research and Engineering Studio
Amazon Web Services (AWS) has released an important security bulletin addressing three severe vulnerabilities in its Research and Engineering Studio (RES). These flaws could allow…
New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection
A newly discovered remote access trojan called STX RAT has emerged as a serious cybersecurity threat in 2026, combining hidden remote desktop access with credential-stealing…
Hackers Use ClickFix and Malicious DMG Files to Deliver notnullOSX on macOS
A new macOS info-stealer named notnullOSX has surfaced, targeting crypto holders with wallets above $10,000. Written in Go, it uses two parallel attack paths —…