Data Breaches
South Africa’s largest lender by assets is reeling from a major security incident after a threat actor publicly released a massive cache of sensitive banking data. JOHANNESBURG, SOUTH AFRICA — Standard Bank has confirmed it is managing a "data incident" following reports that a threat actor has successfully
Digital Identity
Following a coordinated global takedown of the Tycoon 2FA infrastructure, decentralized threat actors are abandoning traditional Adversary-in-the-Middle (AiTM) kits in favor of more resilient device code phishing tactics. LONDON, UK — The landscape of Multi-Factor Authentication (MFA) bypass is undergoing a rapid transformation. Just weeks after an international law enforcement operation
Artificial Intelligence (A.I.)
A sophisticated "Vishing-as-a-Service" (VaaS) platform named ATHR has surfaced, utilizing high-fidelity AI voice clones to automate large-scale credential theft and bank fraud. SAN FRANCISCO, CA — Security researchers have uncovered a potent new threat in the social engineering landscape: ATHR, a specialized vishing (voice phishing) platform that leverages generative
IoT Security
The classic Mirai botnet has evolved, weaponizing a critical RCE vulnerability in TBK-brand DVR devices to scale its destructive volumetric traffic capabilities. TEL AVIV, ISRAEL — Cybersecurity researchers have identified a sophisticated new variant of the notorious Mirai botnet, dubbed Nexcorium, which is rapidly expanding its footprint by exploiting unpatched vulnerabilities
National Security
New mandates for the Marine Transportation System (MTS) transition from guidance to enforcement, requiring vessel owners and port operators to implement rigorous cyber-risk reporting and governance. WASHINGTON, D.C. — The U.S. Coast Guard (USCG) has reached a critical milestone in the implementation of the "Cybersecurity in the Marine
Cyber Crime
The Russia-linked exchange halts all operations after a high-precision attack empties its hot wallets, with leadership blaming Western intelligence services for the collapse. MOSCOW, RUSSIA — Grinex, a prominent cryptocurrency exchange previously blacklisted by international regulators for its alleged role in money laundering and sanctions evasion, has officially suspended all trading
Vulnerabilities
A disgruntled security researcher has publicly released proof-of-concept code for three critical vulnerabilities in Microsoft Defender, leaving over a billion users exposed as two flaws remain unpatched. REDMOND, WA — The global cybersecurity community is on high alert following the unauthorized leak and subsequent exploitation of three zero-day vulnerabilities within Microsoft
Cyber Attacks
The decentralized social network faces its first major infrastructure test as malicious traffic floods its servers, causing intermittent outages for millions of users. SEATTLE, WA — Bluesky, the decentralized social media platform often viewed as the primary alternative to X (formerly Twitter), has confirmed that a Distributed Denial of Service (DDoS)
Critical Infrastructure
A newly discovered hybrid threat, ZionSiphon, marks a significant escalation in industrial warfare, moving beyond data theft toward the physical sabotage of desalination and treatment plants. TEL AVIV, ISRAEL — Cybersecurity researchers have identified a sophisticated new malware strain, dubbed ZionSiphon, engineered specifically to infiltrate and sabotage Israeli water infrastructure. Unlike
Cyber Crime
The sentencing of Nathan Latka’s co-conspirator highlights the severe legal repercussions for "credential stuffing" and the lucrative black market for stolen digital identities. NEW YORK, NY — A second individual involved in the massive November 2022 cyberattack against the sports betting giant DraftKings has been sentenced to 30
Vulnerabilities
The "Jolokia" vulnerability allows for unauthenticated Remote Code Execution, posing a significant risk to the message-brokering infrastructure that underpins global finance and logistics. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical input validation vulnerability in Apache ActiveMQ to its Known Exploited
Policy & Government
As Congress passes a last-minute, 10-day extension for key spy powers, the cybersecurity industry watches closely to see if the "backdoor search" debate will fundamentally change data privacy for US enterprises. WASHINGTON, D.C. — The U.S. House of Representatives has approved a temporary, short-term extension of Section