Malware

Dec 17, 2025Ravie LakshmananVulnerability / Network Security SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been…

Dec 17, 2025Ravie LakshmananEmail Security / Threat Intelligence The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a “sustained” credential-harvesting campaign targeting…

Google issued an extra patch addressing two security vulnerabilities in Chrome, both of which can be triggered remotely by an attacker when a user visits a specially crafted, malicious web…

Modern security teams often feel like they’re driving through fog with failing headlights. Threats accelerate, alerts multiply, and SOCs struggle to understand which dangers matter right now for their business….

Google has announced that early next year they are discontinuing the dark web report, which was meant to monitor breach data that’s circulating on the dark web. The news raised…

Android users spent 2025 walking a tighter rope than ever, with malware, data‑stealing apps, and SMS‑borne scams all climbing sharply while attackers refined their business models around mobile data and…

Dec 16, 2025Ravie LakshmananMalware / Threat Detection An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency…

Comparing data breaches is like comparing apples and oranges. They differ on many levels. To news media, the size of the brand, how many users were impacted, and how it…

Dec 16, 2025Ravie LakshmananCybersecurity / Cryptocurrency Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in…

Photo booths are great. You press a button and get instant results. The same can’t be said, allegedly, for the security practices of at least one company operating them. A…

Dec 16, 2025Ravie LakshmananNetwork Security / Vulnerability Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity…

Dec 16, 2025Ravie LakshmananDark Web / Online Safety Google has announced that it’s discontinuing its dark web report tool in February 2026, less than two years after it was launched…

After an investigation by BleepingComputer, PayPal closed a loophole that allowed scammers to send emails from the legitimate service@paypal.com email address. Following reports from people who received emails claiming an…

A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT,…

This week on the Lock and Code podcast… This is the story of the world’s worst scam and how it is being used to fuel entire underground economies that have…

Dec 15, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in…

Dec 15, 2025Ravie LakshmananMalware / Cybercrime Cybersecurity researchers have disclosed details of an active phishing campaign that’s targeting a wide range of sectors in Russia with phishing emails that deliver…

Dec 13, 2025Ravie LakshmananNetwork Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known…

Dec 13, 2025Ravie LakshmananZero-Day / Vulnerability Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that…

When you’re shopping around for a Virtual Private Network (VPN) you’ll find yourself in a sea of promises like “military-grade encryption!” and “total anonymity!” You can’t scroll two inches without…

Technology professionals hoping to come and work in the US face a new privacy concern. Starting December 15, skilled workers on H-1B visas and their families must flip their social…

Cybersecurity researchers are calling attention to a new campaign that’s leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. “These repositories, often themed…

Researchers have found evidence that AI conversations were inserted in Google search results to mislead macOS users into installing the Atomic macOS Stealer (AMOS). Both Grok and ChatGPT were found…

Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025,…

The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the…

Dec 12, 2025Ravie LakshmananVulnerability / Server Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities…

Say hello to the upgraded Malwarebytes for Mac—now with more robust protection, more control, and the same trusted defense you count on every day. We’ve given our Mac scan engine…

Researchers have analyzed a new threat campaign actively targeting Android users. The malware, named DroidLock, takes over a device and then holds it for ransom. The campaign to date has…

Dec 11, 2025Ravie Lakshmanan This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates…