The Python Software Foundation (PSF) has alerted the community to a fresh wave of phishing emails impersonating Python Package Index (PyPI) notifications. The messages pressure recipients to “verify” their email or face account suspension. Embedded links route users to attacker-controlled domains, where credentials—and in some cases one-time two-factor codes—are harvested. Phishing technique: domain spoofing and … Read more

Microsoft Threat Intelligence has identified a refreshed iteration of the modular macOS malware XCSSET. The campaign introduces two high‑impact capabilities—clipboard hijacking to replace cryptocurrency addresses and expanded data theft from Firefox—alongside updated persistence techniques designed to survive reboots and evade casual inspection. Although current spread appears limited, the traits align with targeted operations against Apple … Read more

Dark web marketplaces are advertising real-time video and audio deepfakes priced from $50 per video and $30 per voice clone. Just a year ago, a minute of bespoke deepfake video could fetch up to $20,000. This sharp price drop signals rapid commercialization of identity-impersonation tools and expands the attack surface for fraud against both individuals … Read more

The Royal Canadian Mounted Police (RCMP) has taken the privacy-focused cryptocurrency exchange TradeOgre offline and seized more than $40 million in digital assets. Authorities allege the platform operated outside Canada’s anti-money laundering (AML) regime and may have been used to launder proceeds of cybercrime. RCMP officials characterized the action as Canada’s first complete law-enforcement shutdown … Read more

The FBI has issued a warning about a rise in counterfeit websites impersonating the Internet Crime Complaint Center (IC3) at www.ic3.gov. The look‑alike portals are designed to harvest personal and financial information and, in some cases, to facilitate fraudulent payments from victims who believe they are interacting with the official complaint system. The alert follows … Read more

SonicWall has advised customers to immediately rotate passwords, shared secrets, and cryptographic keys after attackers obtained access to cloud-stored firewall configuration backups tied to MySonicWall accounts. The company reports that malicious access has been cut off and that it is working with relevant government and law‑enforcement partners as part of an ongoing investigation. SonicWall incident: … Read more

A cyber incident at a key passenger processing provider triggered widespread check-in disruptions across several European airports, forcing airlines and ground handlers to revert to manual procedures. Collins Aerospace confirmed a “cyberattack-linked outage” affecting its ARINC SelfServ vMUSE software—technology that underpins self-service kiosks and staffed counters for check-in, bag drop, and boarding pass printing. What … Read more

Google Threat Intelligence reported a long-running espionage campaign in which the China-linked cluster UNC5221 deployed the Brickstorm backdoor to compromise US organizations. Investigators estimate an average 393 days of undetected dwell time per victim, underscoring disciplined operations, strong operational security, and effective evasion. What is the Brickstorm backdoor and why it matters Brickstorm is a … Read more

Researchers at SPLX, a firm focused on automated security testing for AI systems, demonstrated that manipulating an LLM agent’s context through prompt injection can override built-in guardrails and lead to prohibited actions—most notably, solving CAPTCHA challenges. The finding highlights structural weaknesses in agentic architectures and calls for a reassessment of CAPTCHA’s role when AI-driven browser … Read more

Cloudflare reports neutralizing the most powerful distributed denial‑of‑service event seen to date: a 22.2 Tbps burst peaking at 10.6 billion packets per second (pps). The attack lasted roughly 40 seconds, arriving less than a month after an earlier record of 11.5 Tbps. The rapid escalation underscores how quickly adversaries are scaling bandwidth and packet‑rate output, … Read more