For years, a Russian state-sponsored threat actor has been exploiting an old vulnerability in Cisco networking devices to collect configuration information, Cisco and the FBI warn. Patches for the flaw, tracked as CVE-2018-0171 (CVSS score of 9.8) and impacting the Smart Install (SMI) feature of Cisco's IOS and IOS XE products, were released in March 2018.Russian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171. READ MORE...
A 20-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy. Florida prosecutors alleged Urban conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks. READ MORE...
A significant data theft at Orange Belgium has opened hundreds of thousands of its customers to serious cybersecurity risks. The telecom company confirmed that data pertaining to 850,000 customer accounts was compromised during an intrusion at the end of July, with the attacker gaining access to sensitive information. The crooks accessed the full names and phone numbers of subscribers, Orange said on Wednesday. READ MORE...
The pharmaceutical and biotechnology company Inotiv Inc. is investigating a cyberattack that led to hackers encrypting the firm's data, it said in a filing on Monday with the U.S. Securities and Exchange Commission. The Aug. 8 attack disrupted access to certain data storage and business applications, according to Innotiv. The company said it is working to bring certain systems back online and has moved some operations to offline alternatives in order to maintain business continuity. READ MORE...
An ethical hacker who was just trying to get free Chicken McNuggets from McDonald's inadvertently uncovered numerous flaws within the fast-food giant's partner and employee portals that exposed sensitive and confidential data. The hacker, who goes by the online name "BobdaHacker," found a server-side flaw in the McDonald's Feel-Good Design Hub when using the company's customer rewards system to cash in on loyalty points for food, according to a blog post published this week. READ MORE...
Cybercriminals are using advanced social engineering and AI-generated content to make malicious URLs difficult for users to identify, according to Proofpoint. Whether through email, text messages, or collaboration apps, URL-based threats now dominate the cyber threat landscape. Attackers are not just impersonating trusted brands, they are abusing legitimate services, tricking users with fake error prompts, and bypassing traditional security by embedding threats in QR codes and SMS messages. READ MORE...
Warlock is a ransomware operation that emerged in 2025, combining the traditional "double extortion" tactics of encrypting victims' files so they cannot be accessed, and threatening to release data stolen from the company's network. The Warlock ransomware group seems to have stepped up its attacks in recent months, hitting a number of organisations including government agencies and departments. READ MORE...
The powerful "Rapper Bot" Distributed Denial of Service-for-hire botnet impacted the Department of Defense Information Network (DODIN) in at least three attacks between April and August - when U.S. government authorities gained control of the disruptive malware web, two officials told DefenseScoop. Federal prosecutors in Alaska charged 22-year-old Ethan Foltz on Tuesday for allegedly running the large-scale cyber operation since before or around 2021. READ MORE...
The new GPT-5 is easy to jailbreak. Researchers have discovered the cause - an SSFR-like flaw in its internal routing mechanism. When you ask GPT-5 a question, the answer may not come from GPT-5. The model includes an initial router that parses the prompt and decides which of the various GPT models to query. It may be the GPT-5 Pro you expect, but it could equally be GPT 3.5, GPT-4o, GPT-5-mini, or GPT-5-nano. READ MORE...
A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts. Agentic AI browsers can autonomously browse, shop, and manage various online tasks (like handling email, booking tickets, filing forms, or controlling accounts). Perplexity's Comet is currently the primary example of agentic AI browsers. READ MORE...