Atop FBI cyber official said Salt Typhoon, the Chinese cyber espionage group behind the widespread compromise of U.S. telecommunications infrastructure in 2024, continues to pose a broad threat to both America's private and public sectors. Michael Machtinger, deputy assistant director for cyber intelligence at the FBI, touted improved partnerships between the telecommunications industry and government in the wake of the campaign. READ MORE...
PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. The incident affected the PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing. The financial technology company said it has reversed the code change that caused the incident, blocking attackers' access to the data. READ MORE...
The University of Mississippi Medical Center (UMMC) closed all its clinic locations statewide on Thursday following a ransomware attack. UMMC has over 10,000 employees and, as one of the largest employers in Mississippi, operates seven hospitals, 35 clinics, and more than 200 telehealth sites statewide. The medical center includes the state's only children's hospital, only Level I trauma center, only organ and bone marrow transplant program, and the only Telehealth Center of Excellence. READ MORE...
Operation Red Card 2.0, supported by INTERPOL and involving law enforcement agencies from 16 African countries, led to 651 arrests and the recovery of more than $4.3 million from online scams. Running from 8 December 2025 to 30 January 2026, the operation targeted networks behind high-yield investment fraud, mobile money scams and fraudulent loan applications that caused more than $45 million in losses. READ MORE...
Thieves stole more than $20 million from compromised ATMs last year using a malware-assisted technique that the FBI says is on the uptick across the United States. They are doing this through ATM jackpotting - a cyber-physical attack in which crooks exploit physical and software vulnerabilities in ATMs to deploy malware that instructs the machine to dispense cash on demand without bank authorization. Of the 1,900 such incidents reported since 2020, more than 700 occurred in 2025 alone. READ MORE...
A growing phishing-as-a-service (PhaaS) tool reliably undermines traditional methods for detecting phishing attacks, both technical and psychological. "Starkiller," described this week by researchers at Abnormal AI, is packaged and sold with a sleekness comparable to legitimate software-as-a-service (SaaS) platforms. It's got a clean, retrofuturist dashboard, sporting real-time campaign analytics. It's got substance to back up its style, too. READ MORE...
Cybersecurity researchers say they've spotted the first Android malware strain that uses generative AI to improve performance once installed. But it may be only a proof of concept. ESET calls it PromptSpy, malware whose primary goal is to deploy a VNC module that hands hackers remote control of infected devices. The Slovak security shop's experts said PromptSpy comes with capabilities to instruct Google's Gemini chatbot to interpret parts of the device's user interface. READ MORE...
AI chatbots may deliver unequal answers depending on who is asking the question. A new study from the MIT Center for Constructive Communication finds that LLMs provide less accurate information, increase refusal rates, and sometimes adopt a different tone when users appear less educated, less fluent in English, or from particular countries. The team evaluated GPT-4, Claude 3 Opus, and Llama 3-8B using established benchmarks for scientific knowledge and truthfulness. READ MORE...
Three researchers investigating Discord's age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple "teen safety" tool. A short while ago we reported that Discord will limit profiles to teen-appropriate mode until you verify your age. READ MORE...