The Russian-speaking Tomiris cyber-espionage group is wielding new attack tools and techniques in an ongoing campaign targeted at foreign ministries, intergovernmental organizations and government entities across the Commonwealth of Independent States (CIS). Kaspersky researchers, who have been tracking the threat actor's activities since 2021, identified the new malicious operations beginning in early 2025 and described them as impacting high-value diplomatic and political infrastructure. READ MORE...
US-listed ecommerce giant Coupang (NYSE: CPNG), one of South Korea's largest online retailers, has disclosed a five-month-long data breach involving the personal information of 33.7 million customers in Korea. The incident, the company says, came to light on November 18, when it "became aware of unauthorized personal data access" to roughly 4,500 customer accounts. Subsequent investigation has revealed that the extent of customer account exposure is about 33.7 million accounts. READ MORE...
?The University of Pennsylvania (Penn) has announced a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. The private Ivy League research university was founded in 1740 and has 5,827 faculty members and 29,109 students, with an 8:1 student-to-faculty ratio. It also has an academic operating budget of $4.7 billion and an endowment of $24.8 billion as of June 30, 2025. READ MORE...
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. Although threat actors targeting business ad manager accounts isn't new, the campaign discovered by Push Security is highly targeted, with professionally crafted lures that create conditions for high success rates. READ MORE...
Hackers affiliated with the Scattered Lapsus$ Hunters might be preparing a threat campaign against Zendesk environments, according to Reliaquest researchers. About 40 typoquatting and impersonating domains have been created over the past six months that mimic Zendesk environments, according to a blog published Wednesday by Reliaquest. Zendesk is a company that provides cloud-based customer service and sales software. READ MORE...
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month before publication, but that doesn't always mean the patches reach every device right away. You can check your device's Android version, security update level, and Google Play system update in Settings. READ MORE...
Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto accounts during real sessions. Researchers have analyzed a new Android malware family called Albiriox which is showing signs of developing rapidly and already has strong capabilities. Albiriox is sold as Malware-as-a-Service (MaaS), meaning entry-level cybercriminals can simply rent access and launch their own fraud campaigns. READ MORE...
OpenAI recently patched a Codex CLI vulnerability that can be exploited in attacks aimed at software developers, Check Point revealed on Monday. Codex CLI is an open source coding agent that developers can run locally from their terminal. The AI agent can read, change, and run code on the machine, enabling users to improve documentation, write unit tests, generate architecture diagrams, propose PRs, and look for vulnerabilities using natural language commands. READ MORE...
AI development keeps accelerating while the safeguards around it move on uneven ground, according to The International AI Safety Report. Security leaders are being asked to judge exposure without dependable benchmarks. Across the AI ecosystem, developers are adopting layered controls throughout the lifecycle. They combine training safeguards, deployment filters, and post release tracking tools. READ MORE...
In his 2020 book, "Future Politics," British barrister Jamie Susskind wrote that the dominant question of the 20th century was "How much of our collective life should be determined by the state, and what should be left to the market and civil society?" But in the early decades of this century, Susskind suggested that we face a different question: "To what extent should our lives be directed and controlled by powerful digital systems-and on what terms?" READ MORE...