Experts have warned hackers recently used a generative AI tool to replicate several web pages belonging to the Brazilian government in an effort to steal sensitive personal information and money. The fake websites were examined by Zscaler ThreatLabz researchers, who discovered multiple indicators of the use of AI to generate code. The websites look almost identical to the official sites, with the hackers using SEO poisoning to make the websites appear higher in search results, and therefore se
All Articles (2731)
Sort by
In early July 2025, a new DarkCloud campaign was observed in the wild by Fortinet’s FortiGuard Labs team. It began with a phishing email containing an attached RAR archive. Fortinet subsequently investigated this campaign and conducted a step-by-step analysis. DarkCloud is a known stealthy Windows-based information-stealer malware that was first identified in 2022. It is designed to steal sensitive information from the victim’s computer, including saved login credentials, financial data, conta
A leading cybersecurity, privacy, and data protection firm, Vipre Security Group, has released its Q2 2025 Email Threat Landscape Report, highlighting a significant shift in cybercriminal tactics. The report, based on an analysis of global real-world data, uncovers a growing reliance on hyper-personalized, AI-driven phishing techniques that exploit human vulnerabilities rather than traditional technological tricks. This evolution in email-based threats is raising alarms for organizations world
The Fortinet/FortiMail Workspace Security team recently identified a targeted intrusion campaign impacting multiple Israeli organizations. The adversary leveraged compromised internal email infrastructure to distribute phishing messages across the regional business landscape. These emails initiated a multi-stage, PowerShell-based infection chain that culminated in the delivery of a remote access trojan (RAT), executed entirely through PowerShell.
Key characteristics include:
- Full PowerShell-b
US law enforcement agencies provided new details on an operation that dismantled critical infrastructure used by the BlackSuit ransomware gang after the organization’s leak site was replaced with a takedown banner nearly two weeks ago.
The group, which rebranded from its Royal name after a devastating 2023 attack that shut down the City of Dallas, successfully attacked more than 450 entities in the US. Since emerging in 2022, the gang secured more than $370 million in ransom payments, accordin
Vendor-related risks, from both tech providers and non-tech partners, have always been a concern, but they’re now becoming increasingly apparent in a growing number of cyber insurance claims. While data breaches were once the main concern, we are now seeing more severe first-party losses caused by ransomware attacks and major system outages. These issues are not always the result of a cyberattack, either. Sometimes they come from non-malicious errors, like critical system failures or software
Gen Z has often been hailed as the most tech-savvy generation in history. But new research from Kaspersky suggests that their hyper-connected, gig-driven lifestyle may also be making them one of the most vulnerable. In a recent report, Kaspersky warns that "polyworking," a growing trend among Gen Z workers juggling multiple part-time jobs, freelance gigs, or side hustles, is creating an unprecedented cybersecurity challenge. With a widened digital footprint, these digital natives are increasin
Security researchers this past week which detailed a series of vulnerabilities that could allow hackers to steal sensitive data from devices using Broadcom’s ControlVault, a special chip widely used in security-focused Dell laptops.
ControlVault is system-on-chip (SoC); effectively a tiny computer that is dedicated to security and isolated from the normally modifiable parts of the device. As its name suggests, it is intended to be a kind of vault for sensitive data; Dell describes it as “a secur
A job search platform exposed over 5 million resumes, putting millions of job seekers at risk of identity theft, targeted scams and fraud. The leak, discovered by cybersecurity researchers at Cybernews, comes from a misconfigured Microsoft Azure storage container that is accessible on the Internet. The unsecured cloud bucket contained more than 5.1 million files, predominantly resumes and CVs, dating from 2016 to 2025.[1]
The breach is linked to LiveCareer, a platform founded in 2004 that prov
The US can dreadfully report that they are #1 in malware activity. Canada is #2. Not to be outdone, the UK is now the third most targeted country in the world for malware after seeing over 100 million cyber-attacks over the past three months, this according to a new report. Research from cyber security firm NordVPN found that criminals are increasingly targeting everyday internet users through links in emails and texts, as well as through malicious websites and attachments.[1]
The UK now rank
A recent Varonis report exposes a rising threat: cyber criminals exploiting Microsoft OneNote to launch “native” phishing campaigns via Microsoft 365. OneNote is a well-established digital note-taking app that provides a single place for keeping users' reminders, research and project information. These attacks exploit trust in legitimate collaboration tools, combining social engineering and cloud infrastructure to bypass traditional defenses. This new attack vector uses shared OneNote notebook
The Fortinet team recently investigated a cluster of virtual private servers (VPS) used for Monero mining. The identified samples are associated with prior H2miner campaigns that researchers documented in 2020 and have since been updated with new configurations. H2Miner is a Crypto mining botnet that has been active since late 2019.
Analysts also identified a new variant of the Lcryx ransomware, called Lcrypt0rx. Lcryx is a relatively new VBScript-based ransomware strain first observed in Nov
The dating safety app Tea was hacked, resulting in the leak of images, posts, and comments from thousands of users who shared anonymous “red flag” reports on men. Tea is a woman-only dating safety app launched in 2023 that lets users assess and review potential partners using real-time safety tools, not matchmaking. The app has over 1.6 million members in the US. It allows them to perform background checks on men and anonymously share “red-flag” behavior.
The app offers real-time tools like rev
Russian authorities shut down mobile internet services more than 2,000 times in July, which is a record monthly high, as Russia escalates its digital restrictions in the name of cyber security. This presented through a report from the nonprofit Russian Internet Protection Society. Local authorities often cut off access to the internet, citing “national security” amid Ukrainian drone attacks. However, rights groups and digital watchdogs say many of the blackouts appear unrelated to any real t
The Cybersecurity Team at SafetyDetectives has uncovered a post on a clear web forum where a threat actor claimed to be selling a database containing 61 million records allegedly belonging to Verizon customers. The data, packaged in a 3.1 GB CSV/JSON file and dated as “2025,” was offered for purchase on a platform known for hosting discussions on database leaks, cracks, and downloads. Clear web forums, accessible to anyone with an internet connection, are popular among hackers for sharing and
A recently disclosed vulnerability in train braking systems could let hackers remotely stop trains with relatively simple and inexpensive hardware, potentially causing derailments, according to the US Cybersecurity & Infrastructure Security Agency (CISA). The high-severity vulnerability, tracked as CVE-2025-1727, involves weak authentication in the protocol used to send what are known as end-of-train and head-of-train packets, radio signals that command a rail vehicle’s end-of-train device to s
Cisco Talos researchers on 24 July 2025 detailed Chaos, a newer Ransomware-as-a-Service (RaaS) group that specializes in big company hunting and double extortion attacks (meaning it both encrypts victim files and steals data for potential leaking). According to Cisco Talos, the group emerged in early February 2025 and appears to be made up of former BlackSuit ransomware gang members "based on similarities in the ransomware's encryption methodology, ransom note structure, and the toolset used in
The education sector is haunted by a significant fraud problem where fake students impersonate celebrities and employ other identity techniques to steal resources and money from legitimate students. While sorting through student submission applications, the name Brad Pitt appears. Admission office employees believe it must be a joke or an accident, but soon they find another familiar-looking celebrity name. It becomes clear that the fraudulent technique, named "ghost students," is highly inten
A new backdoor malware campaign targeting Linux systems and exploiting critical vulnerability in SAP has been uncovered by cybersecurity researchers. The malware, known as Auto-Color, was deployed in a targeted intrusion against a US-based chemicals company in April 2025. According to an advisory published by Darktrace on 29 July 2025, the attack began when a threat actor exploited CVE-2025-31324, a critical flaw in SAP NetWeaver that allows remote file uploads and potential system compromise.
The notorious Russian cyber-espionage gang known as Fancy Bear, also known as APT28, has increased its attacks against governments and military entities worldwide using new sophisticated cyber tools and technology. Fancy Bear is perhaps best known in the United States for its hack and leak of Democratic National Committee emails in the lead-up to the 2016 presidential election. Eleven Western countries have accused the hacking group of targeting defense, transport, and tech firms involved in
