New OkoBot framework deploys 20 payloads to steal data, crypto
A new malicious framework called OkoBot is delivering more than 20 payloads in attacks focused on stealing cryptocurrency wallet seed phrases, credentials, and other sensitive data. OkoBot reaches victims through ClickFix attacks or malicious GitHub repositories pretending to host legitimate software tools. In one case, a repository claimed to offer SQL Server Management Studio (SSMS) but dropped a trojanized […]
23andMe to pay $18 million in new genetics data breach settlement
Genetic testing company 23andMe (now Chrome Holding Co.) has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general that it failed to protect customers’ genetic data. 23andMe disclosed a massive data breach in October 2023, following credential-stuffing attacks that went unnoticed for five months, from April 2023 to September 2023. During […]
Scattered Spider members behind TfL hack get five years in prison
Two leading members of the Scattered Spider cybercrime collective were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024. On September 2, 2024, TfL (which provides transportation services to more than 8.4 million Londoners) disclosed that its network was breached in August 2024, with the attack disrupting internal systems and […]
Windows 11 24H2 Home and Pro reach end of support in 90 days
Microsoft announced on Wednesday that systems running Windows 10 Enterprise LTSB 2016 and Home and Pro editions of Windows 11 24H2 will stop receiving updates in three months. However, as the company explains on its support website, Enterprise and Education editions will remain under mainstream support until October 12, 2027. “On October 13, 2026, Windows 11, version […]
CISA orders feds to patch actively exploited Oracle flaw by Saturday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their systems by Saturday against ongoing attacks exploiting a critical vulnerability in the Oracle E-Business Suite (EBS) financial application. Discovered in the File Transmission component of EBS’s Oracle Payments product and tracked as CVE-2026-46817, this security flaw allows unauthenticated threat actors with […]
Russian hackers trojanize WebEx, Zoom apps to push Starland malware
A financially motivated Russian threat actor tracked as UAT-11795 is using trojanized software to steal credentials and cryptocurrency by deploying a new backdoor called Starland RAT. Attacks have been occurring since at least June 2025 and have focused on users in the U.S., although victims in Germany, Romania, and Venezuela have been observed as well. […]
New Spirals ransomware encrypts victim network in under 24 hours
A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours. The attack occurred in June and breached an IT services firm in South Asia after compromising an Internet Information Services (IIS) server exposed on the public web. Researchers at Symantec’s Threat Hunter […]
Dutch police bust investment fraud ring stealing over €100 million
The Dutch Police announced the arrest of multiple individuals suspected of being part of an international investment fraud scheme estimated to have tens of thousands of victims. The group is believed to have operated 20 call centers, with more than 700 people posing as financial advisers. Authorities estimate that the criminal organization at one point […]
Zoom warns of critical account takeover vulnerability
Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts. Discovered internally, the security issue is tracked as CVE-2026-53412 and received a severity score of 9.8 out of 10. In an advisory this week, the messaging platform says […]
Google Gemini CLI abused as a hacking agent, malware botnet operator
A Russian-speaking threat actor known as “bandcampro” used Google’s open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. The AI agent responded to the attacker’s prompts, troubleshooting problems on the fly and even proposing operational improvements at least 59 times. In more than 200 sessions between May 19 and […]