Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
VoidLink cloud malware shows clear signs of being AI-generated
The recently discovered cloud-focused VoidLink malware framework is believed to have been developed by a single person with the help of an artificial intelligence model. Check Point Research published details about VoidLink last week, describing it as an advanced Linux malware framework that offers custom loaders, implants, rootkit modules for evasion, and dozens of plugins that expand its functionality. The […]
Gemini AI assistant tricked into leaking Google Calendar data
Using only natural language instructions, researchers were able to bypass Google Gemini’s defenses against malicious prompt injection and create misleading events to leak private Calendar data. Sensitive data could be exfiltrated this way, delivered to an attacker inside the description of a Calendar event. Gemini is Google’s large language model (LLM) assistant, integrated across multiple Google […]
Fake ad blocker extension crashes the browser for ClickFix attacks
A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks. The attacks were spotted earlier this month and delivered a new Python-based remote access tool called ModeloRAT that is deployed in corporate environments. The NexShield extension, which has been removed from the Chrome Web Store, was […]
New PDFSider Windows malware deployed on Fortune 100 firm’s network
Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. The attackers employed social engineering in their attempt to gain remote access by impersonating technical support workers and to trick company employees into installing Microsoft’s Quick Assist tool. Researchers at cybersecurity company […]
UK govt. warns about ongoing Russian hacktivist group attacks
The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (DDoS) attacks. The attacks are aimed at taking websites offline and disabling services, the UK’s National Cyber Security Centre (NCSC) says in an alert today. Despite lacking sophistication, a DDoS attack […]
Hacker admits to leaking stolen Supreme Court data on Instagram
A Tennessee man has pleaded guilty to hacking the U.S. Supreme Court’s electronic filing system and breaching accounts at the AmeriCorps U.S. federal agency and the Department of Veterans Affairs. Federal prosecutors said that 24-year-old Nicholas Moore, of Springfield, Tennessee, had accessed the Supreme Court’s restricted electronic filing system at least 25 times between August and […]
Jordanian pleads guilty to selling access to 50 corporate networks
A Jordanian man has pleaded guilty to operating as an “access broker” who sold access to the computer networks of at least 50 companies. The Justice Department’s Office of International Affairs secured Albashiti’s extradition from Georgia (where he lived and was arrested) in July 2024. 40-year-old Feras Khalil Ahmad Albashiti (also known online as “r1z,” […]
Ingram Micro says ransomware attack affected 42,000 people
Information technology giant Ingram Micro has revealed that a ransomware attack on its systems in July 2025 led to a data breach affecting over 42,000 individuals. Ingram Micro, one of the world’s largest business-to-business service providers and technology distributors, has over 23,500 associates, more than 161,000 customers, and reported net sales of $48 billion in 2024. […]
CIRO confirms data breach exposed info on 750,000 Canadian investors
The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors. The organization disclosed the incident on August 18, but completed an extensive forensic investigation this year, on January 14. CIRO is Canada’s national self-regulatory body for investment dealers, mutual fund dealers, and trading activity. It […]
Credential-stealing Chrome extensions target enterprise HR platforms
Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. The campaign was discovered by cybersecurity firm Socket, which says it identified five Chrome extensions targeting Workday, NetSuite, and SAP […]