Cybersecurity News

Mozilla’s February 2024 privacy policy revision for Firefox has sparked significant discussion within the cybersecurity community, marking a notable shift in how the organization approaches user data handling. This update represents a strategic realignment of Mozilla’s privacy commitments, introducing more nuanced language regarding data usage while maintaining core privacy protections. Critical Changes in Data Handling … Read more

The Federal Bureau of Investigation has officially attributed the massive $1.5 billion cryptocurrency theft from Bybit exchange to North Korea’s notorious hacking group TraderTraitor, also known as Lazarus and APT38. The incident, which occurred on February 21, 2025, represents one of the largest cryptocurrency heists in the industry’s history, highlighting the evolving sophistication of state-sponsored … Read more

In a devastating cybersecurity breach on February 21, 2025, cryptocurrency exchange Bybit suffered a massive attack resulting in the theft of approximately $1.5 billion in digital assets. Cybersecurity investigators have attributed the sophisticated operation to North Korea’s notorious Lazarus Group, marking one of the largest cryptocurrency heists in history. Technical Analysis of the Smart Contract … Read more

Microsoft has taken decisive action to protect Visual Studio Code users by removing two widely-used extensions from its official marketplace: Material Theme – Free and Material Theme Icons – Free. The security intervention came after the discovery of potentially malicious code in these popular developer tools, which had accumulated nearly 9 million downloads combined. Security … Read more

Palo Alto Networks researchers have identified a sophisticated new Linux malware strain dubbed “Auto-Color,” which has been actively targeting educational and government institutions across North America and Asia. The malware campaign, observed between November and December 2024, demonstrates unprecedented technical complexity and advanced evasion capabilities, marking a significant evolution in Linux-targeted threats. Technical Analysis of … Read more

Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered a sophisticated malware distribution campaign leveraging GitHub’s platform to spread malicious code disguised as legitimate open-source projects. The operation, dubbed GitVenom, has compromised over 200 repositories, marking a significant escalation in threat actors’ abuse of trusted development platforms. Attack Vector and Social Engineering Tactics The threat … Read more

In a significant move to enhance user account security, Google has announced plans to gradually discontinue SMS-based two-factor authentication (2FA) in favor of more sophisticated verification methods. This strategic shift reflects growing concerns about the vulnerabilities inherent in SMS-based authentication systems and aligns with current cybersecurity best practices. The Evolution and Limitations of SMS Authentication … Read more

Google Cloud has unveiled a groundbreaking advancement in data security with the introduction of quantum-resistant digital signatures in its Cloud Key Management Service (Cloud KMS). This preview release implements cutting-edge post-quantum cryptography standards developed by the National Institute of Standards and Technology (NIST), marking a significant milestone in protecting sensitive data against future quantum computing … Read more

OpenAI has recently uncovered and blocked multiple accounts linked to prominent North Korean state-sponsored hacking groups that were leveraging ChatGPT for cyber attack preparation. The February threat intelligence report reveals how these threat actors utilized artificial intelligence capabilities to conduct target research and develop sophisticated system penetration methodologies. Advanced Persistent Threat Groups Identified Through collaboration … Read more

Cybersecurity researchers at Socket have uncovered a significant security threat in the Python Package Index (PyPI), identifying a malicious package named “automslc” that has accumulated over 100,000 downloads since 2019. The package has been specifically designed to bypass Deezer’s security measures, enabling unauthorized access to protected content on the popular music streaming platform that serves … Read more