Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Snail mail letters target Trezor and Ledger users in crypto-theft attacks
Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. These phishing letters claim recipients must complete a mandatory “Authentication Check” or “Transaction Check” to avoid losing access to wallet functionality, creating a sense of urgency […]
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. The activity has been ongoing since at least May 2025 and is characterized by modularity, which allows the threat actor to quickly resume it in case of partial compromise. The bad actor relies […]
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. At least two variants of the malicious activity have been observed in the wild, and more than 10,000 users have accessed the content with dangerous instructions. A Claude artifact is content generated with […]
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers. All three brands are part of the Louis Vuitton Moët Hennessy (LVMH) group and suffered data […]
CISA flags critical Microsoft SCCM flaw as exploited in attacks
CISA ordered U.S. government agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks. Microsoft Configuration Manager (also known as ConfigMgr and formerly System Center Configuration Manager, or SCCM) is an IT administration tool for managing large groups of Windows servers and […]
Bitwarden introduces ‘Cupid Vault’ for secure password sharing
Bitwarden has launched a new system called ‘Cupid Vault’ that allows users to safely share passwords with trusted email addresses. Cupid Vault works by allowing users of the free version of Bitwarden to create a 2-person shared vault called an ‘Organization’. Other users can access the logins inside the Organization space with credentials assigned by the owner […]
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. Tracked as CVE-2026-1731 and assigned a near-maximum CVSS score of 9.9, the flaw affects BeyondTrust Remote Support versions 25.3.1 and earlier and Privileged Remote Access versions 24.3.4 […]
Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities
Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. Beukema documented four previously unknown techniques for manipulating Windows LNK shortcut files to hide malicious targets from users inspecting file properties. LNK shortcuts were introduced with Windows 95 and use a complex […]
Romania’s oil pipeline operator Conpet confirms data stolen in attack
Romania’s national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. In a press release the day following the incident, the company said that the threat actor breached its corporate IT infrastructure, but operations remained unaffected. Conpet S.A. published an update today about the incident, saying that […]
Odido data breach exposes personal info of 6.2 million customers
Dutch telecommunications provider Odido is warning that it suffered a cyberattack that reportedly exposed the personal data of 6.2 million customers. Odido is one of the largest mobile and telecommunications providers in the Netherlands, offering mobile, broadband, and television services to millions of customers nationwide. The company was formed in 2023 through the rebranding of T-Mobile […]