Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking
New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrast...
Threat Intelligence Feed
Aggregating 5517 articles from trusted cybersecurity sources
Latest News
Daemon Tools Developer Confirms Software Was Trojanized
A China-linked threat actor backdoored a version of Daemon Tools to infect thousands
Node.js 26 ships with Temporal API enabled by default
Developers managing JavaScript runtimes have a new major version to evaluate. Node.
Facial recognition arrives at the gates of Disney’s magic kingdom
Disney has equipped select entrance lanes at Disneyland Park and Disney California Adventure Park with facial recognition technology, saying the system is in...
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously u...
Google Chrome 148 Released With Fixes for 127 Security Flaws
Google has officially rolled out Chrome version 148 to the stable channel, delivering a massive security overhaul that addresses 127 vulnerabilities across W...
CallPhantom Android scam reached 7.3 million downloads on Google Play
Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records...
CISOs: Align cyber risk communication with boardroom psychology
By now, executive boards across industries understand that cyberattacks can be costly. What they often lack, however, is a clear view of which risks pose the...
Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds
Traditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible withou...
Fake call logs, real payments: How CallPhantom tricks Android users
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven mil...
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
Cofense has warned of a “significant” increase in phishing campaigns abusing Vercel platform
Kloudfuse 4.0 delivers AI-governed observability and scalable workload isolation
Kloudfuse has announced the general availability of Kloudfuse 4.0.
Data Breaches
Klue OAuth breach victim list grows as Icarus hackers claim attack
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to custo...
Texas govt data breach exposes over 3 million driver’s licenses
The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three mil...
The Good, the Bad and the Ugly in Cybersecurity – Week 25
FBI dismantles extensive PhaaS, DragonForce ransomware abuses MS Teams relays, and PRC-based spies breach REDCap servers to steal research data.
Klue breach lead to Salesforce data theft, Huntress affected
Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sale...
From Assistive to Agentic: The AI Shift That's Redefining Threat Management
Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often...
CISA warns Fortinet users to secure devices after FortiBleed leak
The U.S.
24 Billion Stolen Credentials Exposed in Massive Data Leak
24 Billion Records Left Open Online: Passwords, Emails, and Everything Else Exposed database with 24 Billion records revealed stolen credentials from infoste...
Companies are discarding the logs they need to catch a breach
Many large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT...
Icarus threat actors exploit Klue OAuth breach to steal Salesforce data
The attack involved the theft of OAuth credentials from Klue's Battlecards integration, which threat actors then used to access and exfiltrate data from cust...
Texas Parks & Wildlife data breach exposes millions of driver's licenses, passport numbers
The Texas Parks & Wildlife department disclosed that hackers gained access to its license system vendor, which processes hunting and fishing license sales.
Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in...
Telegram admits it couldn't police exam-leak channels, India tells court
India's government has told the Delhi High Court that Telegram was warned about two weeks before it was blocked, and that the platform admitted it could not ...