Russian threat actors are conducting a multiyear campaign targeting critical organizations around the world. Though that in itself is nothing new, the way they're conducting those attacks is changing. Amazon Threat Intelligence yesterday published a blog post detailing a multiyear threat campaign by Russian nation-state actors targeting North American, European, and Middle Eastern critical infrastructure, with notable focus in the energy sector. READ MORE...
Browser extensions with more than 8 million installs are harvesting complete and extended conversations from users' AI conversations and selling them for marketing purposes, according to data collected from the Google and Microsoft pages hosting them. Security firm Koi discovered the eight extensions, which as of late Tuesday night remained available in both Google's and Microsoft's extension stores. READ MORE...
A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. Specifically, attackers can select apps from Android's official app store and create trojanized versions that appear trustworthy and keep the real app's interface and functionality. READ MORE...
For two days in September, Afghanistan had no internet. No satellite failed, no cable was cut. This was a deliberate outage, mandated by the Taliban government. It followed a more localized shutdown two weeks prior, reportedly instituted "to prevent immoral activities." No additional explanation was given. The timing couldn't have been worse: communities still reeling from a major earthquake lost emergency communications, flights were grounded, and banking was interrupted. READ MORE...
When a deepfake targeted him personally, Vaishnav Anand panicked. But when everything settled down, he turned that panic into purpose. The California high-school junior was inspired by the incident to ask a different question than most: If people already doubt celebrity videos and viral images, what about the satellite maps that governments and corporations quietly trust every day? If these could be altered to create distortions, that could have serious effects, he pondered. READ MORE...
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. React2Shell is an insecure deserialization issue in the React Server Components (RSC) 'Flight' protocol used by the React library and the Next.js framework. It can be exploited remotely without authentication to execute JavaScript code in the server's context. READ MORE...