Ukraine claims it hacked Tupolev, Russia's strategic warplane maker
The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims it hacked the Russian aerospace and defense company Tupolev, which develops Russia's supersonic strategic bombers. According to Ukrainian news outlets, a source within GUR said the military intelligence hackers breached Tupolev's systems and stole 4.4 gigabytes of classified information. This stolen data includes personal data of Tupolev personnel, internal communications, and more. READ MORE...
Hackers abuse malicious version of Salesforce tool for data theft, extortion
A financially motivated hacker group has been targeting Salesforce instances for months in a campaign that uses voice phishing to engage in data theft and follow-on extortion attempts, according to Google Threat Intelligence Group. The hackers, whom Google tracks as UNC6040, impersonated IT workers and tricked employees at often English-speaking branches of multinational companies into sharing sensitive credentials that were then used to access the organizations' Salesforce data. READ MORE...
Ransomware hiding in fake AI, business tools
Artificial intelligence (AI) and small business tools are being abused as smokescreens to hit unsuspecting victims with ransomware. In the masquerade campaigns discovered by Cisco Talos, cybercriminals hid malware behind software and install packages that mimicked the websites or names of the lead monetization service Nova Leads, the enormously popular Chat GPT, and an AI-empowered video tool called InVideo AI. READ MORE...
Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data
Attackers are exploiting a popular code package for the Ruby programming language in a supply chain attack aimed at stealing sensitive data from Telegram chats. The attack demonstrates how threat actors can hijack API communications assumed to be secure for malicious intent. The Socket Security Threat Research Team has uncovered two malicious RubyGems, or Ruby packages, posing as popular plug-ins for Fastlane, a popular open source rapid development platform for mobile applications. READ MORE...
FBI: Play ransomware breached 900 victims, including critical orgs
In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023. "Since June 2022, the Play (also known as Playcrypt) ransomware group has impacted a wide range of businesses and critical infrastructure in North America, South America, and Europe. READ MORE...
AI kept 15-year-old zombie vuln alive, but its time is drawing near
A security bug that surfaced fifteen years ago in a public post on GitHub has survived developers' attempts on its life. Despite multiple developer warnings about the 2010 GitHub Gist containing the path traversal vulnerability in 2012, 2014, and 2018, the flaw appeared in MDN Web Docs documentation and a Stack Overflow snippet. From there, it took up residence in large language models (LLMs) trained on the flawed examples. READ MORE...
- ...in 1933, President Franklin D. Roosevelt takes the United States off of the gold standard.
- ...in 1968, Senator and presidential candidate Robert Kennedy is assassinated at the Ambassador Hotel in Los Angeles, after winning the California Democratic primary.
- ...in 2010, multi-championship winning basketball coach John Wooden passes away at the age of 99.
- ...in 2014, Chester Nez, WWII veteran and last of the original Navajo "code talkers", dies at 93 years old.
