Cisco has formally warned customers about a critical zero-day vulnerability in Cisco AsyncOS that is already being exploited in the wild against Cisco Secure Email Gateway (SEG) and Cisco Secure Email and Web Manager (SEWM) appliances. Because a security patch is not yet available, organizations relying on these products need to implement compensating controls and … Read more

Pirate meta-search engine Anna’s Archive has announced what it calls the largest unauthorized Spotify scraping operation to date. According to the project, activists collected metadata for approximately 256 million tracks and downloaded audio for around 86 million songs, with a total volume close to 300 TB. The case highlights how large-scale data extraction from streaming … Read more

Global cryptocurrency theft surged to $3.41 billion over the past year, according to a new annual report from blockchain analytics firm Chainalysis. More than half of these losses are attributed to North Korea–linked hacking groups, underscoring how nation-state-backed actors have turned crypto exchanges and Web3 projects into a key funding channel. North Korean Cryptocurrency Theft … Read more

A new Windows malware family known as Stealka is being actively discussed on cybersecurity forums and threat‑intel platforms. This credential‑stealing trojan focuses on harvesting logins, passwords, payment data and cryptocurrency wallet information. Most confirmed attacks currently affect users in Russia, but campaigns using Stealka have also been observed in Turkey, Brazil, Germany and India, indicating … Read more

Researchers at Riot Games, in coordination with CERT/CC, have identified a critical UEFI firmware vulnerability in several motherboard lines from Asus, Gigabyte, MSI and ASRock. The flaw allows a malicious PCIe device to perform a Direct Memory Access (DMA) attack during early boot, bypassing key security mechanisms before the operating system is loaded. Due to … Read more

The Attorney General of Texas, Ken Paxton, has filed lawsuits against five leading smart TV manufacturers — Sony, Samsung, LG, Hisense and TCL — alleging that their televisions used Automated Content Recognition (ACR) to collect detailed viewing data from users without clear, informed consent. The cases highlight growing concerns around smart TV privacy, covert tracking … Read more

A newly documented Android DDoS botnet dubbed Kimwolf has infected approximately 1.83 million Android-based devices in a short time, with a primary focus on consumer electronics such as smart TVs, TV boxes, and Android tablets. Analysis by QiAnXin XLab shows that this botnet is already one of the most significant threats targeting Android TV ecosystems … Read more

An international law enforcement operation has taken down the infrastructure of the cryptocurrency platform E-Note, which US authorities allege was used to launder more than $70 million in proceeds from ransomware attacks, extortion schemes, and compromised online accounts. The case illustrates how unregulated, no‑KYC crypto services have become critical enablers of modern cybercrime — and … Read more

Streaming platform SoundCloud has reported a significant cybersecurity incident in which attackers gained unauthorized access to a user database. According to the company’s preliminary assessment, the breach affected around 28 million accounts, or approximately 20% of SoundCloud’s total user base, raising serious concerns about privacy, phishing, and account takeover attempts across other online services. SoundCloud … Read more

Google is gradually discontinuing its Dark Web Report service, a tool designed to alert users when their personal data appears on underground dark web resources. The feature will stop scanning for new data breaches on 15 January 2026, and all previously generated reports will be deleted by 16 February 2026. What Google Dark Web Report … Read more