13 Jul, 2026

New ‘Massiv’ Android banking malware poses as an IPTV app

A new Android banking malware, which researchers named Massiv, is posing as an IPTV app to steal digital identities and access online banking accounts. The malware relies on screen overlays and keylogging to obtain sensitive data and can take remote control of a compromised device. In a campaign observed by researchers at fraud detection and […]

2 mins read

Critical infra Honeywell CCTVs vulnerable to auth bypass flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. Discovered by researcher Souvik Kanda and tracked as CVE-2026-1670, the security issue is classified as “missing authentication for critical function,” and received a crtical severity score of […]

2 mins read

Data breach at fintech firm Figure affects nearly 1 million accounts

Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. Founded in 2018, Figure uses the Provenance blockchain for lending, borrowing, and securities trading, and has unlocked over $22 billion in home equity with over 250 partners, including […]

2 mins read

Glendale man gets 5 years in prison for role in darknet drug ring

​A Glendale man was sentenced to nearly five years in federal prison for his role in a darknet drug trafficking operation that sold cocaine, methamphetamine, MDMA, and ketamine to customers across the United States. 36-year-old Davit Avalyan received a 57-month sentence from U.S. District Judge Percy Anderson in Los Angeles after pleading guilty in October […]

2 mins read

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). Researchers at […]

2 mins read

Chinese hackers exploiting Dell zero-day flaw since mid-2024

A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. Security researchers from Mandiant and the Google Threat Intelligence Group (GTIG) revealed today that the UNC6201 group exploited a maximum-severity hardcoded-credential vulnerability (tracked as CVE-2026-22769) in Dell RecoverPoint for Virtual Machines, a solution used for VMware […]

3 mins read

Notepad++ boosts update security with ‘double-lock’ mechanism

Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. The new mechanism landed in Notepad++ version 8.9.2, announced yesterday, although work on it began in version 8.8.9 with implementing the verification of the signed installer from GitHub. The second part of the […]

2 mins read

New Keenadu backdoor found in Android firmware, Google Play apps

A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. According to a report from cybersecurity company Kaspersky, Keenadu has multiple distribution mechanisms, including compromised firmware images delivered over-the-air (OTA), via other […]

4 mins read

Poland arrests suspect linked to Phobos ransomware operation

Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) arrested the suspect in the Małopolska region in a joint operation involving units from Katowice […]

3 mins read

Ireland now also investigating X over Grok-made sexual images

Ireland’s Data Protection Commission (DPC), the country’s data protection authority, has opened a formal investigation into X over the use of the platform’s Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. The DPC, which also serves as the lead European Union privacy regulator for X due to the company’s […]

2 mins read