Researchers from Koi Security have reported that the popular VPN browser extension Urban VPN Proxy, installed by millions of users, was silently intercepting and exfiltrating conversations with AI chatbots, including ChatGPT, Claude, Gemini, Copilot and others, and sending this data to external analytics servers. Urban VPN’s “Recommended” Browser Extension Under Scrutiny Urban VPN markets itself … Read more

December 2025 Patch Tuesday security updates for Windows have unexpectedly disrupted Microsoft Message Queuing (MSMQ) in a number of corporate environments, leading to message queue failures and instability of IIS-based web applications. For organizations that rely on MSMQ for business‑critical workflows, the impact has ranged from degraded performance to full service outages. Windows December 2025 … Read more

A new ransomware-as-a-service (RaaS) operation, VolkLocker, run by the pro-Russian hacktivist group CyberVolk, has entered the cybercrime market — but serious cryptographic mistakes in its code may allow many victims to decrypt their data without paying. Analysis by SentinelOne shows that the malware’s encryption scheme relies on a static master key that is both embedded … Read more

In October 2025, Kaspersky researchers detected a new wave of targeted cyber‑espionage attacks linked to the threat actor known as “Forumnyy Troll”. This time, the group focused on political scientists, international relations experts, and economists from leading Russian universities and research institutes, using a phishing lure designed to trigger an immediate emotional response: accusations of … Read more

The French Ministry of the Interior has confirmed a significant cybersecurity incident in which attackers gained unauthorised access to the ministry’s email servers and a set of internal documents. The breach once again highlights how exposed even large government information systems can be – and why the protection of official email infrastructure remains a central … Read more

Gamers are facing a new, large‑scale Steam phishing campaign designed to steal accounts and drain valuable in‑game items. Analysts from cybersecurity company F6 report identifying at least 20 phishing sites that impersonate official Steam and Twitch pages, promising fake Steam gift cards and “free skins” for popular titles in exchange for account credentials. Phishing sites … Read more

Security researchers at Koi Security have uncovered a large-scale malicious campaign, dubbed GhostPoster, that abuses Firefox browser extensions. Attackers embedded harmful JavaScript code into the PNG logos of 17 Firefox add-ons using steganography, achieving more than 50,000 installations before the extensions were removed. The incident highlights how trusted browser extensions can be turned into stealthy … Read more

Developers of the popular text editor Notepad++ have released version 8.8.9 to close a critical vulnerability in the application’s auto-update mechanism. The issue drew attention after users reported that the updater was downloading and executing suspicious binaries instead of legitimate installation files, raising serious concerns about a potential software supply chain attack. How the Notepad++ … Read more

MITRE has published the updated annual ranking of the Top 25 Most Dangerous Software Weaknesses, better known as the CWE Top 25. The 2025 list is based on an analysis of 39,080 CVE entries disclosed between June 2024 and June 2025, and was compiled with support from HSSEDI and the U.S. Cybersecurity and Infrastructure Security … Read more

The reported Pornhub data breach, allegedly exposing premium subscribers’ viewing and search histories, has rapidly become a benchmark case in modern cyber risk. The incident intertwines a compromised analytics service, Mixpanel, and the well-known extortion group ShinyHunters, raising serious questions about third‑party data security, insider risk, and crisis communications. Mixpanel Rejects Link Between Its Incident … Read more