Microsoft on Wednesday announced a coordinated operation with Europol and other international partners to disrupt Amadey and StealC - tools used as infostealers to conduct ransomware, financial fraud and other digital crimes. Amadey is a specialized tool used by cybercriminals to infect computers, while StealC is used to steal passwords and other sensitive data after the computers are infected. READ MORE...
A21-year-old Minnesota man who operated under the online alias "Snoopy" was sentenced Tuesday to 18 months in federal prison for his role in a 2022 credential stuffing attack that compromised roughly 60,000 user accounts on the fantasy sports and betting platform DraftKings, resulting in hundreds of thousands of dollars in losses. Nathan Austad pleaded guilty in December to one count of conspiring to commit computer intrusion in the U.S. District Court for the Southern District of New York. READ MORE...
Russian authorities used Cellebrite phone-cracking technology to break into a device belonging to a prominent domestic human rights activist they arrested and imprisoned, despite the company canceling its contract with the Russian government, according to a report published Thursday. The University of Toronto's Citizen Lab reached its conclusions after analyzing a phone belonging to Andrey Pivovarov and examining court documents he provided confirming the usage of Cellebrite's UFED product. READ MORE...
Google on Wednesday rolled out a new Chrome 149 update that resolves 18 vulnerabilities, including four critical and 14 high-severity security defects. More than half of the addressed issues, including three critical and seven high-severity, are use-after-free flaws, a type of memory corruption bug that could lead to remote code execution (RCE). In Chrome, use-after-free vulnerabilities can be combined with security holes to escape the sandbox. READ MORE...
A relatively new backdoor called Mistic has been deployed in multiple attacks since April 2026 targeting organizations in the insurance, education, IT, and professional services sectors, according to Symantec. The malware appears to be associated with Woodgnat, also known as KongTuke, a financially motivated initial access broker (IAB) active since at least May 2024 that has been connected to ransomware operations including Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. READ MORE...
Security researchers have identified multiple malicious skills on a marketplace for the OpenClaw ecosystem that can steal credentials, bypass security scans, and conduct other novel malicious activity for an attacker's financial gain. Researchers at Palo Alto Networks' Unit 42 recently identified five malicious skills that appeared legitimate on ClawHub, OpenClaw's dedicated marketplace, demonstrating that such platforms are emerging as a significant AI supply chain attack surface. READ MORE...
Some organizations exist to be exclusive. They're invite-only, and discreet, the kind of place where the membership directory is the product. Dialog, the exclusive network founded by billionaire Peter Thiel, whose members include a sitting NATO commander, two US senators, and the US Treasury Secretary, is one of those. Last week, information on hundreds of those members was sitting in plaintext on its app distribution site, visible to anyone who knew how to right-click. READ MORE...
You receive an email warning that your website's domain name is about to expire. Renew now, it says, or your website and email could stop working. The link opens a professional-looking page that already knows your domain name, displays your registrar and expiry date, and starts a countdown timer. The site, branded Renovarix, doesn't renew domains. Instead, it pushes visitors through a series of pages that collect personal information and payment details. READ MORE...
Google's Mandiant team has detailed the exploitation of a Cisco Catalyst SD-WAN vulnerability that was exploited as a zero-day months prior to its disclosure. The vulnerability, tracked as CVE-2026-20245, is the 7th Cisco SD-WAN product flaw whose exploitation came to light in 2026. CVE-2026-20245 affects the CLI of Cisco Catalyst SD-WAN Manager and allows an authenticated local attacker to execute arbitrary commands with root privileges using specially crafted files. READ MORE...