A coordinated international operation supported by Eurojust dismantled a fraudulent call centre operating from three offices and targeting citizens throughout Europe. Authorities arrested 11 suspects and seized more than €400,000 in cash. Initial investigations identified victims in Latvia and Lithuania who lost over €160,000, with more people believed to have fallen for the fake investment platform. READ MORE...
Nearly 140,000 people are affected by a data breach disclosed by healthcare diagnostic company Vikor Scientific. The number of affected individuals came to light in recent days on the healthcare data breach tracker maintained by the US Department of Health and Human Services (HHS). HHS's tracker lists the South Carolina-based molecular diagnostics company Vikor Scientific as the victim of a data breach that compromised the information of 139,964 individuals. READ MORE...
A fraudulent website dressed in Avast's brand is tricking French-speaking users into handing over their full credit card details-card number, expiry date, and three-digit security code-under the cover story of processing a €499.99 refund that was never owed to them. The operation combines live chat "support," a hardcoded alarming transaction amount, and a convincing replica of Avast's visual identity to create urgency and harvest payment data at scale. READ MORE...
A Russian-speaking threat actor used AI to plan, manage and conduct cyberattacks on organizations with misconfigured firewalls in 55 countries in January and February, according to Amazon researchers. The compromises of more than 600 Fortinet FortiGate devices, which occurred between Jan. 11 and Feb. 18, were notable in that they did not exploit any technical vulnerabilities, Amazon Web Services's threat intelligence team explained in a Feb. 20 blog post. READ MORE...
A fake Zoom meeting website is silently pushing surveillance software onto Windows machines. Visitors land on a convincing imitation of a Zoom video call. Moments later, an automatic "Update Available" countdown downloads a malicious installer-without asking for permission. The software being installed is a covert build of Teramind, a commercial monitoring tool companies use to record what employees do on work computers. READ MORE...
North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. The Medusa ransomware-as-a-service (RaaS) operation emerged in January 2021, and by February 2025, it impacted over 300 organizations in various critical infrastructure sectors. Since then, the gang claimed at least another 80 victims. READ MORE...
Security researchers have uncovered a new supply chain attack targeting the NPM registry with malicious code that exhibits worm-like propagation capabilities. Dubbed Sandworm_Mode, the attack was deployed through 19 packages published under two aliases, which relied on typosquatting to trick developers into executing the malicious code. The attack bears the hallmarks of the Shai-Hulud campaign that hit roughly 800 NPM packages in September and November 2025. READ MORE...
Enterprise leaders are asking a blunt question about artificial intelligence (AI) systems: What did it actually do? Not what it was designed to do. Not what the dashboard says it usually does. But what actually happened at the moment the system acted. As AI systems are deployed into regulated and high-risk environments, that question stops being theoretical. Boards, auditors, and regulators increasingly expect organizations to account for specific AI decisions. READ MORE...
If the sour taste has still not left your mouth after Ring's Super Bowl ad, there is a $10,000 prize for anyone who can find a security flaw in the company's cameras. The bounty was launched by the Fulu Foundation, a nonprofit set up to raise awareness of consumers' lack of ownership over their tech. In keeping with Fulu's ethos, the winner will be the first to figure out a way to run a Ring camera system locally, and block any data from being transmitted to Amazon's servers. READ MORE...
Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information. In one of the apps, security researchers discovered more than 85 medium- and high-severity vulnerabilities that could be exploited to compromise users' therapy data and privacy. Some of the products are AI companions designed to help people suffering from clinical depression, multiple forms of anxiety, panic attacks, etc. READ MORE...
Enigma cipher machines have endured in the minds of history buffs and cryptography hobbyists for more than a century, still discovered at dusty French flea markets and dredged up from under beach sludge by treasure hunters. And a dive at this year's upcoming RSAC Conference into lessons the Enigma can teach today's defenders suggests cybersecurity professionals should keep the history of the Nazis' hubris and failure of imagination in mind. READ MORE...
A global coalition of privacy watchdogs has fired a warning shot at the generative AI industry, saying companies churning out realistic synthetic images can't pretend that data protection rules don't apply. The joint statement [PDF] signed by more than 60 regulators boils down to a simple point: if your model can convincingly fake a person, you don't get to pretend data protection law doesn't exist. READ MORE...