Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
New ‘Massiv’ Android banking malware poses as an IPTV app
A new Android banking malware, which researchers named Massiv, is posing as an IPTV app to steal digital identities and access online banking accounts. The malware relies on screen overlays and keylogging to obtain sensitive data and can take remote control of a compromised device. In a campaign observed by researchers at fraud detection and […]
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. Discovered by researcher Souvik Kanda and tracked as CVE-2026-1670, the security issue is classified as “missing authentication for critical function,” and received a crtical severity score of […]
Data breach at fintech firm Figure affects nearly 1 million accounts
Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. Founded in 2018, Figure uses the Provenance blockchain for lending, borrowing, and securities trading, and has unlocked over $22 billion in home equity with over 250 partners, including […]
Glendale man gets 5 years in prison for role in darknet drug ring
A Glendale man was sentenced to nearly five years in federal prison for his role in a darknet drug trafficking operation that sold cocaine, methamphetamine, MDMA, and ketamine to customers across the United States. 36-year-old Davit Avalyan received a 57-month sentence from U.S. District Judge Percy Anderson in Los Angeles after pleading guilty in October […]
Flaws in popular VSCode extensions expose developers to attacks
Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. The security issues impact Code Runner (CVE-2025-65715), Markdown Preview Enhanced (CVE-2025-65716), Markdown Preview Enhanced (CVE-2025-65717), and Microsoft Live Preview (no identifier assigned). Researchers at […]
Chinese hackers exploiting Dell zero-day flaw since mid-2024
A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. Security researchers from Mandiant and the Google Threat Intelligence Group (GTIG) revealed today that the UNC6201 group exploited a maximum-severity hardcoded-credential vulnerability (tracked as CVE-2026-22769) in Dell RecoverPoint for Virtual Machines, a solution used for VMware […]
Notepad++ boosts update security with ‘double-lock’ mechanism
Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. The new mechanism landed in Notepad++ version 8.9.2, announced yesterday, although work on it began in version 8.8.9 with implementing the verification of the signed installer from GitHub. The second part of the […]
New Keenadu backdoor found in Android firmware, Google Play apps
A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. According to a report from cybersecurity company Kaspersky, Keenadu has multiple distribution mechanisms, including compromised firmware images delivered over-the-air (OTA), via other […]
Poland arrests suspect linked to Phobos ransomware operation
Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) arrested the suspect in the Małopolska region in a joint operation involving units from Katowice […]
Ireland now also investigating X over Grok-made sexual images
Ireland’s Data Protection Commission (DPC), the country’s data protection authority, has opened a formal investigation into X over the use of the platform’s Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. The DPC, which also serves as the lead European Union privacy regulator for X due to the company’s […]