Cyber Attacks
Ukrainian police have arrested three individuals who systematically used stolen session cookies to access and sell more than 610,000 Roblox accounts, targeting profiles with accumulated in-game currency and rare items and reselling them through Russian criminal platforms for cryptocurrency. KYIV, UKRAINE — Ukrainian law enforcement has detained three suspects in
Spyware
Italian-linked surveillance firm IPS Intelligence is tied to a new Android spyware, “Morpheus,” that tricks targets into installing a fake “update” app and then hijacks WhatsApp accounts using biometric-spoofing overlays. The case highlights how commercial spyware vendors are turning to mobile-phishing tactics to deploy powerful snooping tools. MILAN, ITALY — Another
Cyber Attacks
A “mobile SMS blaster” deployed from vehicles in Toronto mimicked cell towers, hijacked tens of thousands of phones, and caused 13 million network disruptions—temporarily blocking 911 access while sending massive volumes of fraudulent texts under Project Lighthouse. TORONTO, ONTARIO — In a first-of-its-kind cybercrime investigation in Canada, the Toronto Police
Identity Theft
A highly sophisticated phishing operation is utilizing hyper-personalized "copyright strike" warnings to bypass security instincts and seize full control of Google accounts and YouTube channels. MOUNTAIN VIEW, CA — A new and alarmingly convincing phishing campaign is currently targeting YouTube creators, leveraging their greatest fear: the sudden loss of
Data Breaches
The world’s largest cryptocurrency ATM operator has confirmed a security incident involving its corporate hot wallets, leading to the unauthorized transfer of 50.9 Bitcoin. ATLANTA — Bitcoin Depot, the leading provider of cryptocurrency ATMs globally, has disclosed a significant security breach that occurred earlier this week. According to corporate
Data Breaches
A major vulnerability in a prominent companion AI platform has led to the public exposure of sensitive prompts and account identifiers, highlighting the privacy risks of generative AI data retention. SAN FRANCISCO — Security researchers have confirmed a significant data breach at MyLovely.ai, a popular "AI companion" platform.
Trending
A novel Phishing-as-a-Service platform is leveraging Microsoft's device code flow to bypass multi-factor authentication and automate business email compromise at scale. REDMOND — Security researchers have identified a surge in high-velocity phishing campaigns powered by a new service called "EvilTokens." The platform specifically targets Microsoft 365 environments
Scattered Spider
Introduction to Scattered Spider Scattered Spider is a highly active hacking group, also known as 0ktapus, UNC3944, or Muddled Libra, that has rapidly evolved into one of the most dangerous threat actors targeting enterprises today. The group focuses its attack efforts on the target organization by conducting reconnaissance, impersonating employees,
Cybersecurity 101
Account takeover (ATO) is one of the fastest-growing threats in cybersecurity today. Account takeover (ATO) is a type of identity fraud where fraudsters leverage a person's existing credentials to take control of their financial, credit, email, or social media accounts. As more user accounts move online across banking,
Cybersecurity 101
Credential stuffing is a type of cyberattack in which a cybercriminal uses stolen usernames and passwords from one organization to access user accounts at another organization. Credential stuffing has become one of the most widespread threats to modern authentication systems. This guide explains what credential stuffing is, how these attacks
Cyber Attacks
Roku has disclosed a cybersecurity incident that resulted in unauthorized access to more than 570,000 user accounts, marking one of the largest account takeover events to impact a major streaming platform in recent months. The company said in an official security update that the breach did not stem from