The vast majority of Senegal's adult population seems to have just lost its biometric data to hackers. On Jan. 19, a new ransomware outfit calling itself "The Green Blood Group" breached two servers at the West African nation's Directorate of File Automation (DAF), the government agency that handles passports, national ID cards, and biometric data for the country's nearly 20 million residents. READ MORE...
Over 626,000 individuals were impacted by a May 2025 cyberattack at healthcare physician and practice management services provider ApolloMD. The incident occurred between May 22 and May 23 and involved access to files containing personally identifiable information (PII) and protected health information (PHI) pertaining to affiliated physicians and practices. In an incident notice on its website, the company revealed that the hackers stole names, addresses, diagnostic details, and more. READ MORE...
A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Poland's Central Cybercrime Bureau (CBZC) announced that charges were filed on 30 January 2026, following years of investigation into the 2018 breach of Morele.net, that specialises in electronics, computer equipment and home appliances. READ MORE...
A financially motivated North Korean threat actor is aiming at cryptocurrency firms with novel deepfake-powered social engineering strategies. Google Cloud's Mandiant this week published research concerning a threat actor it tracks as UNC1069, which has been active since at least 2018. The research primarily involves one attack in which the attacker used a compromised cryptocurrency executive's Telegram account to target a secondary victim. READ MORE...
AI tool Vercel was abused by cybercriminals to create a Malwarebytes lookalike website. Cybercriminals no longer need design or coding skills to create a convincing fake brand site. All they need is a domain name and an AI website builder. In minutes, they can clone a site's look and feel, plug in payment or credential-stealing flows, and start luring victims through search, social media, and spam. READ MORE...
Apple has released security updates for iPhones, iPads, Macs, Apple Watches, Apple TVs, and Safari, fixing, in particular, a zero-day flaw that is actively exploited in targeted attacks. Exploiting this zero-day flaw would allow cybercriminals to run any code they want on the affected device, potentially installing spyware or backdoors without the owner noticing. Installing these updates as soon as possible keeps your personal information safe from such an attack. READ MORE...
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers. READ MORE...
Ransomware groups crop up like weeds, angling for striking positions in a crowded field rife with turnover, infighting and unbridled competition. Yet, they rarely emerge, as 0APT did late last month, claiming roughly 200 victims out of the gate. Researchers have thus far seen no evidence confirming 0APT attacked any of its alleged victims, which includes high-profile organizations. READ MORE...
A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment. The breaches were observed by researchers at Huntress, who investigated multiple incidents where threat actors deployed Net Monitor for Employees Professional alongside SimpleHelp for remote access to a breached network. READ MORE...
More than 80% of exploitation activity targeting critical vulnerabilities in Ivanti Endpoint Manager Mobile were traced to a single IP address hiding behind a bulletproof hosting infrastructure, according to a report released Tuesday by GreyNoise. Researchers warn that several of the most shared indicators of compromise linked to the current threat campaign indicate no activity linked to Ivanti EPMM. READ MORE...