Cybersecurity researchers at Koi Security have uncovered a sophisticated cybercriminal operation dubbed GreedyBear that successfully infiltrated Mozilla’s Firefox browser ecosystem. The campaign resulted in cryptocurrency theft exceeding $1 million through the deployment of 150 malicious browser extensions designed to mimic legitimate crypto wallets. Two-Stage Attack Strategy Bypasses Security Measures The GreedyBear operation employed a carefully … Read more

A sophisticated international espionage campaign targeting organizations across Russia and Uzbekistan has been uncovered, revealing how the Paper Werewolf threat group exploited critical WinRAR vulnerabilities to infiltrate corporate networks. The attacks, conducted between July and early August 2025, demonstrate an alarming evolution in cybercriminal tactics that combine social engineering with zero-day exploits. Multi-Stage Attack Strategy … Read more

Adobe has issued emergency security updates to address two critical vulnerabilities in Adobe Experience Manager Forms (AEM Forms) for Java Enterprise Edition. The situation has become particularly concerning as public proof-of-concept exploits are already available for both security flaws, significantly increasing the risk of active exploitation by malicious actors targeting enterprise environments. Critical Vulnerability Analysis: … Read more

Cybersecurity researchers at Cisco Talos have uncovered a sophisticated vulnerability complex dubbed ReVault that compromises the ControlVault3 security framework across more than 100 Dell enterprise laptop models. This discovery poses significant risks to organizations relying on Dell Latitude and Precision series devices for handling sensitive corporate data and classified information. Understanding Dell’s ControlVault3 Security Architecture … Read more

Cybersecurity researchers at Group-IB have uncovered a sophisticated hybrid cyberattack orchestrated by the notorious UNC2891 (LightBasin) threat group. The attackers employed an innovative approach using a Raspberry Pi single-board computer equipped with a 4G module to establish a covert access channel into a banking institution’s internal network, successfully bypassing all perimeter security defenses. Physical Access … Read more

The women-only social platform Tea has experienced a catastrophic data breach that compromised sensitive user information, including verification selfies, identity documents, and over 1.1 million private messages. This security incident highlights critical vulnerabilities in the platform’s architecture and raises serious concerns about data protection in closed social networks. Understanding the Tea Platform and Its Security … Read more

The capital city of Minnesota has experienced an extraordinary cybersecurity incident that required military intervention to resolve. Governor Tim Walz authorized the deployment of the National Guard to combat a sophisticated cyberattack targeting Saint Paul’s information systems, marking an unprecedented use of military resources for municipal-level cyber threat response. Timeline and Scope of the Cyber … Read more

Independent security researchers have uncovered two critical vulnerabilities in Lovense’s platform that could compromise personal data of over 20 million users worldwide. The interactive intimate device manufacturer’s security flaws enable attackers to harvest user email addresses and execute complete account takeovers, raising serious privacy concerns for users of these sensitive devices. Technical Analysis of Discovered … Read more

Microsoft security researchers have uncovered a severe vulnerability in Apple’s macOS operating system that enabled attackers to circumvent critical security mechanisms and gain unauthorized access to sensitive user data. The security flaw, designated CVE-2025-31199 and dubbed “Sploitlight,” was addressed by Apple in March 2025 with the release of macOS Sequoia 15.4. Understanding TCC: macOS’s Critical … Read more

Gaming peripheral manufacturer Endgame Gear fell victim to a sophisticated supply chain attack that resulted in malicious software being distributed through their official website for two weeks. The security incident affected users who downloaded the OP1w 4k v2 gaming mouse configuration utility between June 26 and July 9, 2025, highlighting the growing threat of compromised … Read more