More than $12 million has been frozen, and over 20,000 victims have been identified in an international law enforcement operation targeting cryptocurrency and investment scammers. Authorities also uncovered more than $45 million in suspected cryptocurrency fraud losses worldwide. One UK victim identified during the operation is thought to have lost more than £52,000 to the fraud. According to the FBI's report, cryptocurrency remained a central element in fraud-related activity. READ MORE...
Iran-linked hackers' targeting of critical infrastructure threatens more than 5,000 industrial control devices around the world, including roughly 3,900 in the U.S., new data shows. U.S. government agencies recently warned that hackers working on behalf of the Iranian regime were trying to compromise infrastructure operators by breaking into their Rockwell Automation-made Allen-Bradley programmable logic controllers (PLCs), and the U.S. has the most such devices of any country. READ MORE...
OpenAI revealed on Friday that it's one of many organizations affected by the recent Axios supply chain attack, which cybersecurity experts have attributed to North Korean hackers. Axios is a widely used open source JavaScript HTTP client library for making requests in web and Node.js applications. It has over 100 million weekly downloads and is a dependency in countless developer projects and production systems. READ MORE...
The telehealth company Hims & Hers Health, more commonly known as Hims, suffered a data breach via its third-party customer support platform. Due to the ultra-sensitive nature of some Hims products, customers could be at risk of some seriously embarrassing fallout. While organizations gradually have been replacing human customer service workers with bots and calling it "revolutionary," they've been taking an equally penny-pinching approach to securing their customer service stacks online. READ MORE...
ClickFix campaigns are looking for alternatives now that many Mac users have been made aware of the dangers of pasting certain commands into Terminal. Researchers found that ClickFix has kept the same social engineering playbook but completely sidestepped Terminal by using the applescript:// URL scheme to auto-open Script Editor with a ready-to-run script that pulls Atomic Stealer. ClickFix is a social engineering method that tricks users into infecting their own device with malware. READ MORE...
ShinyHunters is back, this time pinning Rockstar Games to its leak site and claiming it didn't so much hack its way in as walk through a door someone else left wide open. The crew's post, seen by The Register, is about as subtle as a brick through a window: "Rockstar Games. Your Snowflake instances metrics data was compromised thanks to Anodot.com. Pay or leak." Grand Theft Auto developer Rockstar didn't respond to The Register's questions, but issued a short statement to Kotaku. READ MORE...
Adobe has pushed out an emergency security update for Adobe Acrobat Reader, patching a zero-day vulnerability (CVE-2026-34621) exploited in the wild since November 2025. CVE-2026-34621 is a critical prototype pollution vulnerability - a type of vulnerability that occurs in JavaScript and allows attackers to add or modify an application's JavaScript objects and properties. CVE-2026-34621 can lead to arbitrary code execution in the context of the current user, but it cannot be triggered remotely. READ MORE...
Claude's rapid growth-nearly 290 million web visits per month-has made it an attractive target for attackers, and this campaign shows how easy it is to fall for a fake site. We discovered a fake website impersonating Anthropic's Claude to serve a trojanized installer. The domain mimics Claude's official site, and visitors who download the ZIP archive receive a copy of Claude that installs and runs as expected. READ MORE...