Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
KelpDAO suffers $290 million heist tied to Lazarus hackers
State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. The attack reportedly also impacted the lending protocols Compound, Euler, and Aave, with the latter announcing a freeze and blocking new deposits or borrowing using rsETH as collateral. KelpDAO is a decentralized finance (DeFi) project built around liquid […]
China’s Apple App Store infiltrated by crypto-stealing wallet apps
A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phrases and drain them of cryptocurrency assets. The threat actor used multiple methods to imitate official products, including typosquatting and fake branding, to lure users in China into downloading […]
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. The Gentlemen ransomware-as-a-service (RaaS) operation emerged around mid-2025 and provides a Go-based locker that can encrypt Windows, Linux, NAS, and BSD systems, and a […]
Seiko USA website defaced as hacker claims customer data theft
The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. Visitors to the “Press Lounge” section of the site were shown a page titled “HACKED,” which replaced normal content with what appeared to be a […]
Microsoft: Teams increasingly abused in helpdesk impersonation attacks
Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. The hackers impersonate IT or helpdesk staff to contact employees through cross-tenant chats and trick them into providing remote access for data theft purposes. Microsoft has observed multiple intrusions with […]
British Scattered Spider hacker pleads guilty to crypto theft charges
A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. In November 2024, U.S. prosecutors accused 24-year-old Tyler Robert Buchanan and four other suspects of stealing at least $8 million in cryptocurrency after hacking at least a dozen companies […]
Vercel confirms breach as hackers claim to be selling stolen data
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Vercel is a cloud platform that provides hosting and deployment infrastructure for developers, with a strong focus on JavaScript frameworks. The company is known for developing Next.js, a widely used React […]
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. A reader shared an email with GeekFeed that appeared to be a standard Apple security notification that stated their account information had been updated. […]
NIST to stop rating non-priority flaws due to volume increase
The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. Starting April 15, the service will only analyze and provide additional details (e.g., severity rating, product lists) for security issues that meet specific criteria related to the risk they pose. The […]
Critical flaw in Protobuf library enables JavaScript code execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers. The tool is highly popular in the Node Package Manager (npm) registry, with an average of nearly 50 million weekly downloads. It is used for inter-service communication, in real-time applications, and for […]