Cybersecurity researchers from Guidepoint Security and Arctic Wolf have uncovered a sophisticated social engineering campaign where threat actors are impersonating the notorious BianLian ransomware group through physical mail-based extortion attempts targeting U.S. businesses. Unprecedented Physical Mail Extortion Tactics In late February 2024, corporate executives across the United States began receiving meticulously crafted physical extortion letters … Read more

A comprehensive investigation by The Register has revealed that Cloudflare’s anti-DDoS security mechanisms are significantly impacting users of alternative web browsers, creating a concerning barrier to web accessibility. The security provider’s automated defense systems are regularly blocking access to protected websites for users of less mainstream browsers, highlighting a growing tension between security measures and … Read more

The Electronic Frontier Foundation (EFF) has unveiled Rayhunter, a groundbreaking open-source security tool designed to detect cell site simulators, marking a significant advancement in mobile privacy protection. This innovative solution enables users to identify potentially malicious devices known as IMSI catchers or Stingrays, which pose substantial risks to mobile communication security. Understanding IMSI Catchers and … Read more

The Polish Space Agency (POLSA) has implemented emergency protocols following a significant cybersecurity breach detected during the weekend, forcing the organization to disconnect its entire IT infrastructure from external networks. This incident highlights the growing sophistication of cyber threats targeting critical space infrastructure and research organizations. Immediate Response and Impact Assessment Upon detection of suspicious … Read more

Leading data security and cyber resilience provider Rubrik has disclosed a security incident involving unauthorized access to one of its logging servers. The company has initiated a comprehensive authentication key rotation campaign in response to the detected compromise, demonstrating its commitment to maintaining robust security measures. Incident Detection and Immediate Response Protocol On February 22, … Read more

Cybersecurity researchers at Positive Technologies have uncovered a significant tactical evolution in the operations of Dark Caracal, a notorious advanced persistent threat (APT) group active since 2012. The group has pivoted to deploying a new backdoor called Poco RAT, marking a substantial shift in their attack methodology and technical capabilities. Sophisticated Campaign Targeting Spanish-Speaking Nations … Read more

A comprehensive investigation by Kaspersky Digital Footprint Intelligence has uncovered an alarming cybersecurity threat, revealing that stealer malware has compromised over 2.3 million banking cards globally during 2023-2024. Technical analysis confirms that 95% of the stolen data corresponds to legitimate payment cards, highlighting the severity of this growing financial security crisis. Global Impact and Infection … Read more

Security researchers at Truffle Security have uncovered a significant security vulnerability in Common Crawl, a widely-used dataset for training artificial intelligence models. Their analysis of approximately 400 terabytes of data revealed nearly 12,000 unique authentication credentials, including API keys and service access tokens, potentially compromising numerous systems and organizations. Extensive Scope of Exposed Credentials The … Read more

Mozilla’s February 2024 privacy policy revision for Firefox has sparked significant discussion within the cybersecurity community, marking a notable shift in how the organization approaches user data handling. This update represents a strategic realignment of Mozilla’s privacy commitments, introducing more nuanced language regarding data usage while maintaining core privacy protections. Critical Changes in Data Handling … Read more

The Federal Bureau of Investigation has officially attributed the massive $1.5 billion cryptocurrency theft from Bybit exchange to North Korea’s notorious hacking group TraderTraitor, also known as Lazarus and APT38. The incident, which occurred on February 21, 2025, represents one of the largest cryptocurrency heists in the industry’s history, highlighting the evolving sophistication of state-sponsored … Read more