Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
TEE.Fail: DDR5 Memory-Bus Attack Undermines Attestation in Intel SGX/TDX and AMD SEV‑SNP
Researchers from the Georgia Institute of Technology and Purdue University have disclosed TEE.Fail, a practical attack on trusted execution environments ...
Ribbon Communications reports suspected state-sponsored intrusion, highlighting telecom supply‑chain risk
Ribbon Communications has disclosed unauthorized access to its IT environment, attributing the activity to a likely state-aligned threat actor. The ...
X sets 10 November deadline to re-register passkeys and security keys due to x.com migration
X (formerly Twitter) has notified users that they must re-register their passkeys and hardware security keys used for two‑factor authentication ...
DeliveryRAT Android Trojan Evolves into Mobile Botnet with DDoS, Phishing Screens, and Mass SMS
Researchers at F6 have documented a substantial evolution of the Android trojan DeliveryRAT, which disguises itself as delivery services, marketplaces, ...
Herodotus Android Banking Trojan Evades Behavioral Biometrics with Human‑Like Input
ThreatFabric has profiled a new Android banking trojan dubbed Herodotus that targets users in Italy and Brazil and is already ...
Atroposia Malware-as-a-Service: Modular RAT Adds Hidden RDP, Stealth Exfiltration, and DNS Hijacking for $200/Month
Varonis researchers report the emergence of Atroposia, a malware‑as‑a‑service (MaaS) platform marketed at $200 per month. Subscribers gain access to ...
LastPass warns of emergency access phishing as attackers pivot to passkeys
Developers of LastPass have alerted users to a large-scale phishing operation that began in mid‑October 2025. The campaign impersonates “emergency ...
Dante Spyware Linked to Memento Labs Spotted in Real-World APT Using Chrome Zero‑Day
Kaspersky researchers have reported the first confirmed in-the-wild deployment of the commercial surveillance platform Dante, attributed to Memento Labs (formerly ...
ISC fixes BIND 9 resolver flaws enabling DNS cache poisoning and DoS
Internet Systems Consortium (ISC) has released security updates for BIND 9 that remediate three significant vulnerabilities in the recursive resolver. ...
Google Refutes “Gmail Breach”: Synthient’s 183M Credentials Come from Infostealers and Old Leaks
Reports claiming “183 million Gmail accounts were hacked” triggered widespread concern, but Google has confirmed no compromise of Gmail’s infrastructure ...
