17 Jul, 2026

Police busts credit card fraud rings with 4.3 million victims

International authorities have dismantled three massive credit card fraud and money laundering networks, linked to losses exceeding €300 million ($344 million) and affecting over 4.3 million cardholders across 193 countries. The November 4th joint action, dubbed “Operation Chargeback,” included investigators from Germany, the USA, Canada, Singapore, Luxembourg, Cyprus, Spain, Italy, and the Netherlands. The operation […]

2 mins read

US sanctions North Korean bankers linked to cybercrime, IT worker fraud

The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes. The Treasury’s Office of Foreign Assets Control (OFAC) designated Ryujong Credit Bank, a North Korea-based financial institution linked to sanctions-evasion activities between North Korea and China, including money laundering. OFAC […]

2 mins read

Microsoft: October Windows updates trigger BitLocker recovery

Microsoft has warned that some systems may boot into BitLocker recovery after installing the October 2025 Windows security updates. BitLocker is a Windows security feature that encrypts storage drives to block data theft attempts. Windows computers typically enter BitLocker recovery mode after hardware changes or Trusted Platform Module (TPM) updates to regain access to protected […]

1 min read

ClickFix malware attacks evolve with video instructions and OS detection

ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic  detection of the operating system to provide the correct commands. In a typical ClickFix attack, the threat actor relies on social-engineering to trick users into pasting and executing code or […]

2 mins read

Critical Cisco UCCX flaw lets attackers run commands as root

Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges. The Cisco UCCX platform, described by the company as a “contact center in a box,” is a software solution for managing customer interactions in call centers, supporting up […]

3 mins read

Sandworm hackers use data wipers to disrupt Ukraine’s grain sector

Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine’s education, government, and the grain sector, the country’s main revenue source. The attacks occurred in June and September, cybersecurity company ESET says in a report today, and continue Sandworm’s (a.k.a. APT44) string of destructive operations in Ukraine. As the name indicates, […]

3 mins read

Gootloader malware is back with new tricks after 7-month break

The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. Gootloader is a JavaScript-based malware loader spread through compromised or attacker-controlled websites, used to trick users into downloading malicious documents. The websites are promoted in search engines either via […]

5 mins read

Hyundai AutoEver America data breach exposes SSNs, drivers licenses

Hyundai AutoEver America is notifying individuals that hackers breached the company’s IT environment and gained access to personal information. The company discovered the intrusion on March 1 but the investigation revealed that the attacker had access to the systems since February 22nd. Hyundai AutoEver America (HAEA) is an affiliate of Hyundai Motor Group that provides IT […]

2 mins read

CISA warns of critical CentOS Web Panel bug exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning that threat actors are exploiting a critical remote command execution flaw in CentOS Web Panel (CWP). The agency has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and is giving federal entities subject to the BOD 22-01 guidance until November 25 to apply available security updates and […]

2 mins read