Is your password manager truly GDPR compliant?
Passwords sit at the core of every critical system, but many organizations still overlook how fragile their password workflows can be. When something goes wrong,…
Latest Cybersecurity News — Page 1260
View all →
China-Nexus APT Group Leverages DLL Sideloading Technique to Attack Government and Media Sectors
A targeted cyber espionage campaign has emerged across Southeast Asia, specifically affecting government and media organizations in countries surrounding the South China Sea. The campaign,…
Google Play Store’s privacy practices still confuse Android users
Privacy rules like GDPR and CCPA are meant to help app stores be clearer about how apps use your data. But in the Google Play…
TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign
Nov 20, 2025Ravie LakshmananMalvertising / Artificial Intelligence Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part…
Hackers Can Exploit Default ServiceNow AI Assistants Configurations to Launch Prompt Injection Attacks
A dangerous vulnerability in ServiceNow’s Now Assist AI platform allows attackers to execute second-order prompt injection attacks via default agent configuration settings. The flaw enables…
When IT fails, OT pays the price
State groups, criminal crews, and hybrid operators are all using familiar IT entry points to reach systems that support industrial processes, according to the latest…
Hackers Attacking Palo Alto Networks’ GlobalProtect VPN Portals with 2.3 Million Attacks
Hackers have unleashed over 2.3 million malicious sessions against Palo Alto Networks’ GlobalProtect VPN portals since November 14, 2025, according to threat intelligence firm GreyNoise.…
Nova Stealer Targets macOS Users, Swaps Legit Apps to Steal Crypto Wallets
A sophisticated new macOS malware campaign dubbed “Nova Stealer” has emerged, targeting cryptocurrency users through an elaborate scheme that replaces legitimate wallet applications with malicious…
Microsoft Teams Adds Option to Report Misidentified Threat Messages
Microsoft Teams is rolling out a new feature that allows users to misreport messages flagged as security threats. The capability, rolling out by the end…
Single Click on CAPTCHA Triggers Destructive Akira Ransomware Attack on Malicious Website
A sophisticated Akira ransomware attack orchestrated by the Howling Scorpius group recently left a global data storage and infrastructure company grappling with massive operational disruption…
Hackers Exploit Tuoni C2 Framework to Stealthily Deploy In-Memory Payloads
In October 2025, Morphisec’s anti-ransomware prevention platform detected and neutralized a sophisticated cyberattack targeting a major U.S. real estate company. The campaign showcased the emerging…
Chinese PlushDaemon Hackers Exploit EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers
ESET researchers have uncovered a sophisticated attack chain orchestrated by the China-aligned threat actor PlushDaemon, revealing how the group leverages a previously undocumented network implant,…