Cybersecurity News

Nucor Corporation, the largest steel producer in the United States, has disclosed a major cybersecurity breach that forced the company to suspend portions of its manufacturing operations. This incident highlights the increasing vulnerability of critical industrial infrastructure to sophisticated cyber threats and raises concerns about the security of the manufacturing sector. Incident Impact and Initial … Read more

Cybersecurity researchers at Hunt.io have uncovered a significant evolution in ClickFix attacks, with threat actors now specifically targeting Linux operating systems for the first time. The campaign, attributed to the APT36 (Transparent Tribe) threat group, marks a concerning expansion of sophisticated social engineering tactics in the cybersecurity landscape. Advanced Social Engineering Tactics and Attack Methodology … Read more

Leading cryptocurrency exchange Coinbase has disclosed a significant security breach involving unauthorized access to customer data through compromised support staff credentials. The incident, which affects approximately one million users, resulted from malicious actions by offshore customer service representatives who sold sensitive client information to cybercriminals demanding a $20 million ransom. Breach Impact Assessment and Data … Read more

The Tor Project has unveiled Oniux, a groundbreaking command-line utility that revolutionizes application privacy in Linux environments. This innovative tool leverages kernel-level isolation mechanisms to provide unprecedented security for routing application traffic through the Tor network, marking a significant advancement in privacy-focused computing. Advanced Kernel-Level Protection Through Linux Namespaces At its core, Oniux employs Linux … Read more

Security researchers at Socket have discovered a significant security threat targeting users of the popular Cursor AI code editor. Three malicious npm packages, masquerading as development tools for the IDE, have been identified in the npm repository. The attack leverages social engineering tactics, promising free access to Cursor AI’s premium features to lure unsuspecting developers. … Read more

In a significant cybersecurity breakthrough, international law enforcement agencies have successfully dismantled one of the longest-running and most sophisticated botnet operations that had been compromising routers worldwide for nearly 20 years. The operation, codenamed “Moonlander,” targeted a criminal network that transformed infected devices into illegal residential proxy servers, marketed through services known as Anyproxy and … Read more

Cybersecurity researchers at Morphisec have uncovered a sophisticated malware campaign that exploits the growing enthusiasm for artificial intelligence technologies to distribute the dangerous Noodlophile infostealer. The operation leverages fake AI-powered video generation platforms to trick users into downloading malicious software, highlighting a concerning trend in cyber threat evolution. Campaign Infrastructure and Social Engineering Tactics The … Read more

Security researchers at Veracode have uncovered a sophisticated supply chain attack targeting the NPM ecosystem through the os-info-checker-es6 package. The malicious package, downloaded over 1,000 times since May 2025, demonstrates advanced obfuscation techniques and represents a significant threat to the developer community. Sophisticated Evolution of a Weaponized Package Initially released as a legitimate system information … Read more

In a significant development that has sent shockwaves through cybersecurity circles, the notorious ransomware group LockBit experienced a severe security breach in late April 2025. An unidentified threat actor successfully infiltrated the group’s administrative infrastructure, compromising partner panels and exposing sensitive operational data. Technical Analysis of the Security Breach The attack vector targeted LockBit’s MySQL … Read more

Google’s security team has released a critical security update for Chrome browser to address a severe vulnerability (CVE-2025-4664) that could allow attackers to compromise user accounts through cross-origin request manipulation. The vulnerability, discovered in the browser’s resource loading mechanism, poses a significant risk to users’ authentication credentials, particularly in applications utilizing OAuth authentication flows. Understanding … Read more