Cybersecurity News

Cybersecurity researchers at NSFOCUS have uncovered a sophisticated new DDoS botnet called HTTPBot, marking a significant shift in malware targeting strategies. Unlike traditional DDoS botnets that primarily target Linux and IoT devices, this new threat specifically focuses on Windows systems, presenting a unique challenge to gaming companies, educational institutions, and technology firms in China. Technical … Read more

In a watershed moment for digital privacy rights, Google has agreed to pay $1.375 billion to settle privacy violation claims in Texas, marking the largest state privacy settlement in U.S. history. The agreement addresses unauthorized location tracking and biometric data collection practices that affected millions of users, setting a new precedent for corporate accountability in … Read more

In a significant victory against cybercrime, an international law enforcement coalition has successfully dismantled six major DDoS-for-hire platforms in a coordinated operation. The investigation culminated in the arrest of four suspected administrators in Poland, effectively disrupting services responsible for thousands of cyberattacks worldwide since 2022. These platforms had targeted educational institutions, government agencies, commercial enterprises, … Read more

Cybersecurity researchers at Aikido have uncovered a severe security breach in the widely-used NPM package rand-user-agent, which averages over 45,000 weekly downloads. The compromise involved the injection of obfuscated malicious code that deploys a Remote Access Trojan (RAT) on affected systems, posing a significant threat to developers and organizations utilizing this package. Compromise Details and … Read more

Cybersecurity researchers at Patchstack have uncovered a severe security vulnerability in the widely-used WordPress plugin OttoKit (formerly SureTriggers), potentially affecting over 100,000 active websites. The critical flaw enables unauthorized attackers to create administrator accounts on vulnerable WordPress installations, posing a significant risk to website security. Understanding the Technical Impact The vulnerability, tracked as CVE-2025-27007, stems … Read more

Nucor Corporation, the largest steel producer in the United States, has disclosed a major cybersecurity breach that forced the company to suspend portions of its manufacturing operations. This incident highlights the increasing vulnerability of critical industrial infrastructure to sophisticated cyber threats and raises concerns about the security of the manufacturing sector. Incident Impact and Initial … Read more

Cybersecurity researchers at Hunt.io have uncovered a significant evolution in ClickFix attacks, with threat actors now specifically targeting Linux operating systems for the first time. The campaign, attributed to the APT36 (Transparent Tribe) threat group, marks a concerning expansion of sophisticated social engineering tactics in the cybersecurity landscape. Advanced Social Engineering Tactics and Attack Methodology … Read more

Leading cryptocurrency exchange Coinbase has disclosed a significant security breach involving unauthorized access to customer data through compromised support staff credentials. The incident, which affects approximately one million users, resulted from malicious actions by offshore customer service representatives who sold sensitive client information to cybercriminals demanding a $20 million ransom. Breach Impact Assessment and Data … Read more

The Tor Project has unveiled Oniux, a groundbreaking command-line utility that revolutionizes application privacy in Linux environments. This innovative tool leverages kernel-level isolation mechanisms to provide unprecedented security for routing application traffic through the Tor network, marking a significant advancement in privacy-focused computing. Advanced Kernel-Level Protection Through Linux Namespaces At its core, Oniux employs Linux … Read more

Security researchers at Socket have discovered a significant security threat targeting users of the popular Cursor AI code editor. Three malicious npm packages, masquerading as development tools for the IDE, have been identified in the npm repository. The attack leverages social engineering tactics, promising free access to Cursor AI’s premium features to lure unsuspecting developers. … Read more