The US State Department is developing an online portal, freedom.gov, designed to give users in Europe and other regions access to content blocked by their national regulators. According to three sources cited by Reuters, the service will surface material restricted under local hate speech and terrorism‑propaganda laws, raising complex questions around legal liability, cybersecurity, and … Read more

One of the world’s largest bug bounty platforms, HackerOne, has become the focus of an industry‑wide debate on how artificial intelligence (AI) and researcher data should be used in cybersecurity. The launch of a new AI‑driven service triggered concerns in the bug bounty community that vulnerability reports might be used as training data for AI … Read more

A new commercial mobile spyware platform dubbed ZeroDayRAT has surfaced on underground marketplaces in Telegram, offering cybercriminals full remote access to compromised Android and iOS devices. According to mobile security researchers at iVerify, the malware combines the capabilities of a classic remote access trojan (RAT), a banking trojan and a cryptocurrency stealer into a single … Read more

Telecommunication operators in Kyrgyzstan and Tajikistan have become targets of a prolonged, multi‑stage advanced persistent threat (APT) campaign uncovered by Positive Technologies. The attackers used rare Chinese-origin tools and two separate backdoors, LuciDoor and MarsSnake, disguising them as legitimate Microsoft components to establish long‑term, covert access to critical telecom infrastructure. Why telecom operators are high‑value … Read more

An extensive security analysis of browser add-ons has identified 287 Google Chrome extensions that silently collect and transmit users’ complete browsing history to external companies. According to the researcher’s estimates, these extensions account for more than 37.4 million installations, making the privacy impact global in scope. How the browser history tracking in Chrome extensions was … Read more

At the end of January 2026, a previously unknown group calling itself 0APT appeared on the cybercrime landscape with unusually bold claims: within days, it allegedly compromised hundreds of major companies worldwide. Subsequent analysis, however, indicates that most of these statements were fabricated, pointing to a deliberate extortion and reputation-building campaign rather than a wave … Read more

Japanese adult products manufacturer Tenga has disclosed a security incident involving the compromise of a corporate email account, potentially exposing sensitive customer information and correspondence. The case illustrates how a seemingly routine business email compromise can become particularly damaging when it affects buyers of intimate goods. Tenga email account compromised: what is known about the … Read more

A newly documented Android backdoor dubbed Keenadu demonstrates how dangerous preinstalled malware and supply chain attacks have become for the mobile ecosystem. According to researchers at Kaspersky, Keenadu is distributed through factory firmware images, system applications, and even official app stores such as Google Play, meaning users can purchase a brand‑new device that is already … Read more

Cybersecurity researchers have documented the first confirmed theft of OpenClaw AI agent configuration files, marking a significant milestone in the evolution of credential-stealing malware. The stolen data included API keys, authentication tokens and cryptographic keys – information that can effectively unlock the “internal world” of a user’s personal AI assistant and its integrated services. What … Read more

Analysts from Kaspersky have identified a new targeted campaign by the pro-Ukrainian group Head Mare, aimed at Russian government entities as well as construction and industrial companies. The operation showcases an updated toolset centered around a new PowerShell backdoor dubbed PhantomHeart, which replaces the group’s earlier DLL-based malware and significantly strengthens its stealth and flexibility. … Read more