Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Malicious GhostPoster browser extensions found with 840,000 installs
Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. The GhostPoster campaign was first reported by Koi Security researchers in December. They found 17 extensions that were hiding malicious JavaScript code in their logo images, which monitored browser activity and planted […]
StealC hackers hacked as researchers hijack malware control panels
A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers’ hardware. StealC emerged in early 2023 with aggressive promotion on dark web cybercrime channels. It grew in popularity due to its evasion and extensive data theft capabilities. […]
Black Basta boss makes it onto Interpol’s ‘Red Notice’ list
The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol. Germany’s Federal Criminal Police Office (BKA) identified Oleg Evgenievich Nefedov, a 35-year-old Russian national, as the leader of the Black Basta ransomware gang. The Ukrainian […]
China-linked hackers exploited Sitecore zero-day for initial access
An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day vulnerabilities. The hacker group has been active since at least 2025, and its purpose appears to be mainly to obtain initial access to […]
Verizon starts issuing $20 credits after nationwide outage
Verizon has begun sending text messages with instructions on how to redeem a $20 account credit for last week’s nationwide wireless outage. The message states that the $20 credit is intended to cover multiple days of service and apologizes for the outage. “Valued Verizon Customer – We let you down this week. For that we […]
Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks
A critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code is now being abused in attacks. According to security researcher Zach Hanley at penetration testing company Horizon3.ai, who reported the vulnerability (CVE-2025-64155), it is a combination of two issues that allow arbitrary writes with admin permissions and privilege escalation to root access. “An improper […]
Cisco finally fixes AsyncOS zero-day exploited since November
Cisco has finally patched a maximum-severity Cisco AsyncOS zero-day exploited in attacks against Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances since November 2025. As Cisco explained in December, when it disclosed the vulnerability (CVE-2025-20393), it affects only Cisco SEG and Cisco SEWM appliances with non-standard configurations when the Spam Quarantine […]
Microsoft: Some Windows PCs fail to shut down after January update
Microsoft has confirmed a new issue that prevents Windows 11 23H2 devices with System Guard Secure Launch enabled from shutting down. System Guard Secure Launch is a Windows security feature designed to protect the boot process from firmware-level attacks and malware such as rootkits. According to a release health dashboard update on Thursday, this known […]
Gootloader now uses 1,000-part ZIP archives for stealthy delivery
The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. In doing so, the malware, which is an archived JScript file, causes many tools to crash when trying to analyze it. According to researchers, the malicious file is successfully unpacked using the default […]
Grubhub confirms hackers stole data in recent security breach
Exclusive: Food delivery platform Grubhub has confirmed a recent data breach after hackers accessed its systems, with sources telling GeekFeed the company is now facing extortion demands. “We’re aware of unauthorized individuals who recently downloaded data from certain Grubhub systems,” Grubhub told GeekFeed. “We quickly investigated, stopped the activity, and are taking steps to further increase […]