Cybersecurity researchers have recently uncovered a new cyber campaign linked to the Iranian hacking group known as MuddyWater. The group is believed to have connections with Iran’s Ministry of Intelligence and Security. In this campaign, attackers managed to infiltrate several organizations and quietly place malicious tools inside their systems. Researchers say the hackers used a … Continued
Microsoft has recently revealed details about a new cyberattack campaign that is using a social-engineering technique called ClickFix. This campaign is designed to infect Windows computers with a well-known malware called Lumma Stealer. Instead of exploiting a software vulnerability, the attackers trick users into running a malicious command themselves. Once the command is executed in … Continued
A major international law-enforcement operation has shut down Tycoon 2FA, a phishing-as-a-service platform used by cybercriminals to steal login credentials and bypass security protections. The operation was led by Europol with support from several cybersecurity companies and technology partners. Authorities targeted the infrastructure that powered the service. As a result, many domains used for phishing … Continued
A new cybersecurity vulnerability called Mail2Shell has been discovered in FreeScout, a popular open-source helpdesk platform used by organizations to manage customer support emails. Security researchers revealed that attackers can exploit this flaw to take control of vulnerable servers. The attack works by sending a specially crafted email to the system. Because of this, even … Continued
A new cybersecurity threat has been discovered involving fake Laravel packages uploaded to the Packagist repository. These packages pretend to be useful development tools but secretly install malware on a developer’s system. Because Packagist is widely used by PHP developers through Composer, this attack can affect many projects. The malware works across Windows, macOS, and … Continued
Cybersecurity researchers have recently uncovered a cyber-espionage campaign carried out by a threat group known as Silver Dragon. Security analysts believe this group has connections to the Chinese-aligned hacking collective APT41. The campaign has mainly targeted government organizations across Europe and Southeast Asia. Reports suggest that the activity has been ongoing since mid-2024 and focuses … Continued
The University of Hawaiʻi Cancer Center has confirmed that a major data breach has affected nearly 1.2 million people. The incident was linked to a ransomware attack targeting the center’s research systems. The breach was first detected in August 2025. After a detailed review, officials confirmed the scale of the exposure. According to the university, … Continued
Amazon Web Services (AWS), the cloud computing division of Amazon, has confirmed that three of its data centres in the Middle East were damaged by drone strikes. The incident happened amid rising regional tensions and military escalation. According to the company’s official statements, two facilities in the United Arab Emirates were directly hit. A third … Continued
Cybersecurity researchers have uncovered a new supply chain attack involving 26 malicious npm packages published to the public registry. These packages were disguised as normal developer tools but secretly contained harmful code. The activity has been linked to threat actors associated with North Korea. The campaign specifically targeted developers and software environments. Researchers have named … Continued
A serious security vulnerability named “ClawJacked” has been discovered in OpenClaw, a popular self-hosted AI agent platform. Security researchers revealed that malicious websites could secretly take control of a user’s locally running OpenClaw instance. This flaw allowed attackers to hijack the AI agent and potentially steal sensitive data. The discovery has raised significant concern within … Continued
