ClickFix attack uses fake Windows Update screen to push malware
ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the…
Latest Cybersecurity News — Page 1228
View all →
New Shai-Hulud Attack Hits Nearly 500 Npm Packages
A new Shai-Hulud supply chain attack has hit nearly 500 npm packages with a total of 132 million monthly downloads. The latest campaign follows one…
DTA plans ‘register’ of providers that underperform on gov tech projects
The Digital Transformation Agency (DTA) is proposing a “secure register” of technology providers deemed to have underperformed on government projects. The register is to be created…
Harvard reports vishing breach exposing alumni and donor contact data
Harvard reports vishing breach exposing alumni and donor contact data Pierluigi Paganini November 24, 2025 Harvard revealed its Alumni Affairs systems suffered a vishing breach,…
Bendigo Bank taps Google Cloud for first major AI project
Bendigo Bank has chosen Google Cloud for its first major enterprise AI deployment, giving the tech giant’s Gemini tools to its workforce, organisation-wide. The bank…
Hackers Leverage Malicious PyPI Package to Attack Users and Steal Cryptocurrency Details
A dangerous malware campaign has surfaced targeting cryptocurrency users through a deceptive Python package hosted on the PyPI repository. The threat actors disguised their malicious…
IEC 62443: A Cybersecurity Guide for Industrial Systems (Part 5)
Welcome back to the series on the IEC 62443 standard for industrial cybersecurity. This third installment will investigate the documents that are part of the…
LLMs Tools Like GPT-3.5-Turbo and GPT-4 Fuels the Development of Fully Autonomous Malware
Large language models like GPT-3.5-Turbo and GPT-4 are transforming how we work, but they are also opening doors for cybercriminals to create a new generation…
Black Friday scammers offer fake gifts from big-name brands to empty bank accounts
Black Friday is supposed to be chaotic, sure, but not this chaotic. While monitoring malvertising patterns ahead of the holiday rush, I uncovered one of…
CISA Adds Oracle Identity Manager Vulnerability To KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added an Oracle Identity Manager vulnerability to its Known Exploited Vulnerabilities database after the SANS Internet…
Real-estate finance services giant SitusAMC breach exposes client data
SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that…
ToddyCat APT Targeting Internal Employee Communications at Organizations
Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities.…