Latest IT News & Tech Trends
The U.S. Department of Justice announced Friday that it has seized the CFAKE.com and SOCFAKE.com websites, which allegedly hosted nonconsensual AI-generated nude images and videos of women, in what appears to be the first publicly announced domain seizure under the TAKE IT DOWN Act. According to the DOJ, the sites shared sexually explicit digital images, […]
A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. The flaw is tracked as CVE-2026-48558 and received a critical severity rating. It impacts SimpleHelp versions 5.5.15 and older, as well as 6.0 pre-release versions. Researchers at offensive security company Horizon3.ai explain that […]
WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive’s content distribution network (CDN). Of the three products, the OptinMonster lead-generation and conversion optimization platform is the most popular, with at least 1.2 million websites using it. E-commerce security firm Sansec discovered the attack over the weekend and found that malicious scripts […]
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. Formerly known as SD-WAN vManage, this network management software allows admins to manage up to 6,000 SD-WAN devices from a single dashboard. The now-patched zero-day security flaw affects all deployment […]
The Council of Europe, the continent’s oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. As Europe’s leading human rights organization, the Council represents 46 European member states and a population of over 700 million people, promoting democracy and the rule of law across Europe […]
The U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butchering or romance baiting. Such scams usually start with the fraudsters reaching out to their targets via social media, dating sites, and messaging apps, building trust, and then luring victims into fake […]
A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. Google Threat Intelligence Group (GTIG) researchers attribute the attacks to a threat actor tracked as UNC6508, who remained undetected for more than a year in the victim network. The REDCap platform is […]
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target’s mailbox, OneDrive, or SharePoint account through a specially crafted URL. The exfiltrated information could be email content (e.g., access codes, passwords), calendar events and meeting details, documents, and other content accessible through Copilot Enterprise […]
The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. Infinite Campus is an education technology (EdTech) company that provides a student information system (SIS) to over 3,200 school districts across the […]
In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. The cybercrime operation used AI and distributed phishing kits for campaigns impersonating various trusted brands in texts sent through […]
