Cybersecurity News

Blockchain analytics firm Elliptic has uncovered one of the largest cryptocurrency fraud operations to date, identifying a Telegram-based criminal marketplace called Xinbi Guarantee that has processed over $8.4 billion in cryptocurrency transactions since 2022. This platform ranks as the second-largest underground market after HuiOne Guarantee, marking a significant milestone in the evolution of digital financial … Read more

Germany’s Federal Criminal Police Office (BKA) has executed a significant operation against cryptocurrency exchange eXch, successfully dismantling a platform allegedly responsible for laundering billions in illicit funds. Law enforcement officials seized the exchange’s server infrastructure and secured digital assets valued at approximately $38 million across multiple cryptocurrencies, including Bitcoin, Ethereum, Litecoin, and Dash. Massive Scale … Read more

A significant cybersecurity incident has emerged in the gaming industry as threat actor “Machine1337” claims to have obtained and listed for sale approximately 89 million Steam user records. The data breach, primarily affecting Steam’s SMS authentication system, has prompted an immediate response and investigation from Valve Corporation, the platform’s owner. Understanding the Scope and Nature … Read more

The cybersecurity industry is facing an unprecedented challenge as artificial intelligence-generated false vulnerability reports flood security platforms and bug bounty programs. This emerging trend has effectively created a new form of unintentional denial-of-service attack against vulnerability management systems, significantly impacting security teams’ ability to identify and address genuine threats. The Scale and Impact of AI-Generated … Read more

British retail giant Marks & Spencer (M&S) has fallen victim to a sophisticated cyberattack, resulting in a significant data breach affecting its extensive network of over 1,400 stores. The incident, which occurred on April 22, 2025, marks another concerning example of escalating threats facing major retail organizations. Attack Vector Analysis and Threat Actor Identification Security … Read more

ASUS has released a critical security update for its DriverHub software, addressing two severe vulnerabilities that could allow attackers to execute arbitrary code remotely on affected systems. These high-severity flaws posed significant risks to users of the popular driver management tool, potentially enabling unauthorized system access and code execution. Understanding the Security Vulnerabilities The first … Read more

Security researchers at Socket have uncovered a sophisticated attack campaign targeting the Python Package Index (PyPI), revealing seven malicious packages that employed an innovative attack vector through Gmail SMTP servers and WebSocket connections. This discovery highlights a concerning evolution in supply chain attacks, demonstrating how threat actors are leveraging trusted services to bypass security controls. … Read more

A significant cybersecurity breach has exposed critical vulnerabilities in TeleMessage’s enterprise messaging infrastructure, compromising sensitive communications from government agencies and major corporations. The incident has revealed serious security flaws in modified versions of popular messaging applications, including Signal, WhatsApp, Telegram, and WeChat. Discovery and Initial Investigation The security incident came to light following a Reuters … Read more

Google has released an urgent security update for Android, addressing 46 vulnerabilities, with particular emphasis on a critical FreeType library flaw that’s currently being exploited in targeted attacks. The vulnerability, tracked as CVE-2025-27363, carries a high CVSS score of 8.1 and represents a significant security risk for Android users worldwide. Understanding the FreeType Vulnerability The … Read more

Cybersecurity researchers at Sansec have uncovered a sophisticated supply chain attack targeting the Magento e-commerce ecosystem, affecting between 500 and 1,000 online stores. The attack, which remained dormant since 2019, was strategically activated in April 2024, demonstrating an unprecedented level of patience and planning by the threat actors. Technical Analysis of the Attack Vector The … Read more