Law enforcement from nine countries—Australia, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, and the United States—executed a coordinated strike on cybercrime infrastructure under Operation Endgame, led by Europol and Eurojust. Between 10–14 November 2025, authorities disabled 1,025 servers, seized 20 domains, and conducted searches at 11 locations across Germany, Greece, and the Netherlands. The … Read more

Konni, a threat cluster linked to North Korea, has expanded its tactics by abusing Google Find Hub (commonly known as Find My Device) to remotely locate, lock, and factory‑reset Android devices. According to research by Genians, the campaign targets users in South Korea and begins with social engineering on the popular messaging app KakaoTalk. Attack … Read more

Google has filed a federal lawsuit against Lighthouse, a phishing‑as‑a‑service (PhaaS) platform allegedly used by threat actors to run high‑volume smishing campaigns that impersonate brands such as USPS and E‑ZPass. According to Google’s estimates, Lighthouse‑enabled operations have impacted over 1 million users in 120 countries, and in the United States alone roughly 115 million payment … Read more

Mobile threats accelerated sharply over the past year, according to new data from Zscaler. From June 2024 to May 2025, researchers identified 239 malicious Android apps on Google Play, accumulating more than 42 million installs. In the same period, mobile-focused attacks climbed 67% year over year, signaling sustained pressure on the Android ecosystem from financially … Read more

Amazon is rolling out system-level restrictions on Fire TV devices that will prevent unauthorized apps—including popular piracy-focused streaming clients—from running after upcoming firmware updates. The change applies to both current and older Fire TV models and is part of a broader platform hardening strategy. What changes for Fire TV users and why it matters For … Read more

Researchers from Cyble and Seqrite Labs have uncovered a targeted espionage operation, dubbed Operation SkyCloak, that focuses on defense and government networks in Russia and Belarus. The campaign blends a repurposed OpenSSH service, Tor hidden services, and obfs4 traffic obfuscation to establish stealthy, durable command-and-control (C2) channels and file transfer paths that are difficult to … Read more

Cisco has shipped out-of-band security updates for Unified Contact Center Express (UCCX), addressing multiple flaws, including two critical vulnerabilities: CVE-2025-20354 (CVSS 9.8) and CVE-2025-20358 (CVSS 9.4). According to Cisco PSIRT, there are no public exploits or confirmed attacks at publication time, but the vendor classifies the risk as high and urges immediate patching. CVE-2025-20354: Java … Read more

The U.S. Congressional Budget Office (CBO) has confirmed a cyber incident affecting parts of its IT environment. According to the agency, the activity was detected quickly, contained, and followed by the deployment of additional monitoring and protective controls. Sources cited by The Washington Post suggest possible involvement of foreign state-aligned actors, but attribution has not … Read more

Microsoft’s Detection and Response Team (DART) has identified a backdoor dubbed SesameOp that abuses the OpenAI Assistants API to establish a covert command‑and‑control (C2) channel. According to Microsoft’s investigation, the operators maintained control of compromised hosts for months and evaded traditional monitoring during an attack observed in July 2025. How SesameOp turns AI APIs into … Read more

Akira ransomware operators have added Apache OpenOffice to their leak site, asserting they stole 23 GB of data containing employee personal information and financial documents. The Apache Software Foundation (ASF) says it is reviewing the allegation but emphasized that such datasets do not exist for the OpenOffice project and that no ransom demand was received. … Read more