“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix
Sekoia, a cyber threat detection and response specialist, has released details on a widespread and ongoing cybercrime operation that first targets hotels and then directly…
Latest Cybersecurity News — Page 1304
View all →
Popular LLMs dangerously vulnerable to iterative attacks, says Cisco
Some of the world’s most widely used open-weight generative AI (GenAI) services are profoundly susceptible to so-called “multi-turn” prompt injection or jailbreaking cyber attacks, in…
Actively exploited firewall flaws now abused for DoS attacks
Cisco warned this week that two vulnerabilities, which have been used in zero-day attacks, are now being exploited to force ASA and FTD firewalls into reboot loops. The…
Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks
Microsoft’s upcoming Teams update, set for targeted releases in early November 2025 and worldwide by January 2026, will allow users to initiate chats with only…
New Analysis Reveals LockBit 5.0’s Core Features and Dual-Stage Attack Model
LockBit has remained one of the most dominant ransomware-as-a-service (RaaS) groups in the world since its emergence as ABCD ransomware in 2019 and official launch…
Fake CAPTCHA sites now have tutorial videos to help victims install malware
Early on in 2025, I described how criminals used fake CAPTCHA sites and a clipboard hijacker to provide instructions for website visitors that would effectively…
CVE-2025-12779: Amazon WorkSpaces Linux Vulnerability
A newly disclosed security flaw in the Amazon WorkSpaces client for Linux has raised serious concerns across organizations relying on AWS virtual desktop infrastructure. The vulnerability, identified as CVE-2025-12779, enables local…
Exploiting JWT Vulnerabilities: Advanced Exploitation Guide
Before JSON Web Tokens (JWTs) became popular in today’s app development landscape, web applications predominantly used server-side sessions, which presented horizontal scalability issues. JWTs solved…
New Analysis Uncovers LockBit 5.0 Key Capabilities and Two-Stage Execution Model
LockBit 5.0 made its debut in late September 2025, marking a significant upgrade for one of the most notorious ransomware-as-a-service (RaaS) groups. With roots tracing…
Weaponized Videos Trigger Self-Infection Tactics
ClickFix attacks have surged dramatically over the past year, cementing their position as pivotal tools in the modern attacker’s arsenal. These sophisticated social engineering campaigns…
University Of Pennsylvania Confirms Major Cyberattack
The University of Pennsylvania has confirmed that a hacker stole sensitive university data during a recent cyberattack. The breach, first detected on October 31, 2025, resulted in…
The quiet revolution: How regulation is forcing cybersecurity accountability
Cybersecurity headlines still focus on the headline-grabbing moments, whether it’s the latest breach, a zero-day exploit, or an eye-catching product launch. However, beneath the surface…