Security researchers have documented a large-scale Android espionage operation in Russia that uses convincing social engineering, Telegram distribution, and a modern installation trick to weaken Android’s defenses. The malware, dubbed ClayRat, impersonates legitimate apps such as WhatsApp, Google Photos, TikTok, and YouTube, and is delivered via phishing sites and Telegram channels. Once installed, it can … Read more

Qualcomm announced its intent to acquire Arduino, the open-source hardware and software ecosystem used by millions of developers worldwide. The companies state that the Arduino brand, mission, and open development model will be preserved, and that the ecosystem will remain multi-vendor. Financial terms were not disclosed, and closing is subject to regulatory approvals and customary … Read more

Blockchain analytics firm Elliptic estimates that North Korea–linked threat actors stole more than $2 billion in cryptocurrency during the first nine months of 2025—an all-time high. Cumulative, confirmed losses attributed to DPRK operators have now surpassed $6 billion. As noted in multiple United Nations and U.S. government reports, proceeds from these operations are believed to … Read more

Salesforce has notified customers it will not negotiate or pay ransom to the threat actors behind a wave of data exfiltration from customer-run Salesforce instances. According to Bloomberg, the extortion group has warned of imminent data releases and published a list of 39 globally recognized organizations it claims are affected. Salesforce refuses ransom: timeline and … Read more

Researchers from the Georgia Institute of Technology and Purdue University have introduced WireTap, a physical-layer attack that compromises Intel Software Guard Extensions (SGX) by undermining the Data Center Attestation Primitives (DCAP) mechanism. By placing a passive interposer between the memory controller and a DDR4 DIMM, the team extracted the platform attestation key and generated valid … Read more

Solar 4RAYS has profiled a previously unidentified East Asian threat cluster, designated NGC4141, after the group compromised a federal agency’s custom web application. Investigators say the operators abused undocumented API capabilities to achieve operating system–level command execution, deploy web shells, and pivot into the internal network before access was contained. Attack timeline: from high‑volume scanning … Read more

Trend Micro has identified a rapid‑propagation Windows threat dubbed SORVEPOTEL that weaponizes WhatsApp Web to distribute itself at scale. The campaign is overwhelmingly concentrated in Brazil and emphasizes speed and reach over data theft or extortion, underscoring how mainstream messaging platforms can be turned into efficient malware delivery rails with minimal user interaction. SORVEPOTEL scope, … Read more

Discord has publicly refused to pay a ransom to cybercriminals who claim they stole data on 5.5 million users. The company maintains the exposure is far smaller—about 70,000 users—and stems from a third‑party customer support vendor whose account was compromised on September 20, 2025. Official statement: vendor compromise and preliminary impact Discord says the incident … Read more

Researchers at the University of California, Irvine have demonstrated Mic‑E‑Mouse, a novel acoustic side‑channel attack that repurposes modern high‑DPI optical mice as improvised “microphones.” By harvesting standard HID motion telemetry, the method captures tiny surface vibrations induced by human speech and reconstructs an intelligible audio signal—without accessing the system microphone. How the Mic‑E‑Mouse acoustic side‑channel … Read more

Microsoft is rolling out a change to its email ecosystem: the web version of Outlook and the new Outlook for Windows will stop rendering inline SVG images. The phased rollout began in early September 2025 and is scheduled to complete by mid-October 2025. According to Microsoft, the change will affect fewer than 0.1% of all … Read more