F6 researchers, in coordination with RuStore, have dismantled one of the most active Android-focused cybercrime operations of 2024 by blocking 604 domains used to distribute the DeliveryRAT trojan. The malware impersonated food delivery services, marketplaces, banking apps, and package trackers, leveraging large-scale social engineering to infect Android devices. What DeliveryRAT Targets: Data Theft and Financial … Read more

The underground market for pirated video is shrinking financially even as its infrastructure expands. According to F6 estimates, distributors of illegal video earned $16.6 million in the first half of 2025, a 14.5% year-over-year decline and a 26.5% drop versus the same period in 2023. This marks the sixth consecutive year of deteriorating monetization. Piracy … Read more

Streaming platform Plex has notified users about unauthorized access to one of its databases. According to the company, the intruder viewed a limited set of user records, including email addresses, account names, and securely hashed passwords. Plex says the issue was promptly contained and urges customers to reset their password and sign out of all … Read more

A coordinated phishing campaign against a high-profile npm maintainer enabled attackers to publish malicious versions of widely used JavaScript packages, including chalk and strip-ansi. Together, these packages account for more than 2.6 billion downloads per week, amplifying downstream risk through npm’s transitive dependency model. While early analysis suggests limited direct financial losses, the incident underscores … Read more

Google is preparing a notable shift in its Search interface: users will soon be able to set an AI mode as their default experience, surfacing AI-generated summaries, tables, charts, image handling, and coding assistance ahead of traditional link lists. While positioned as an optional workflow today, the company is testing a path that reduces friction … Read more

TP-Link has confirmed a previously unknown (0‑day) vulnerability in its implementation of the TR‑069/CWMP remote management protocol used by consumer routers. The issue was reported to the vendor on May 11, 2024 and is under active investigation. According to the company’s statement to BleepingComputer, firmware patches for European builds are ready, while updates for the … Read more

A record-scale npm supply chain incident briefly inserted malicious code into widely used JavaScript libraries, touching an estimated 10% of cloud environments yet producing only a modest financial return for the attackers. The event underscores how fast tainted dependencies can propagate across build systems and runtime workloads, and why dependency hygiene and provenance controls are … Read more

An unusual incident involving Huntress’s endpoint detection and response (EDR) agent has reignited debate over the scope of EDR telemetry, user privacy, and the ethics of observed threat-actor monitoring. According to the company, a threat actor inadvertently installed a trial version of the Huntress agent—apparently via a Google advertisement—allowing defenders to observe the host’s operational … Read more

An unnamed European DDoS filtering provider recently withstood one of the most intense packet-rate attacks recorded: a peak of 1.5 billion packets per second (PPS), according to FastNetMon. The deluge originated from a distributed botnet of thousands of compromised consumer devices—including IoT equipment and MikroTik routers—and was observed coming from more than 11,000 unique networks … Read more

Threat actors are exploiting iCloud Calendar invitations to deliver convincing “purchase receipts” that originate from Apple infrastructure and pass SPF, DKIM, and DMARC, substantially increasing deliverability and trust. According to BleepingComputer, the invitations arrive from [email protected] (email.apple.com), a legitimate Apple sending domain, and are used to kick off callback phishing, also known as TOAD (telephone-oriented … Read more