A notorious Chinese hacking group has been targeting entities involved in US-China relations, economic policy, and international trade in a fresh phishing campaign, Proofpoint reports. The attacks, observed in July and August 2025, attempted to establish a Visual Studio (VS Code) remote tunnel for persistent remote access to the compromised environments, instead of relying on conventional malware. READ MORE...
Fall is here, and we're excited to hit the road for a series of events! We can't wait to connect with you, share insights, and have some fun along the way. From cybersecurity summits to philanthropic events, there's something for everyone to learn, network, and grow. Here's a look at where you can find us this September and October: READ MORE...
Luxury fashion group Kering - owner of the prestigious Gucci, Balenciaga, and Alexander McQueen brands, amongst others - has confirmed that hackers stole customer data from its systems in June 2025. Millions of customers of the high-end fashion brands owned by Paris-headquartered Kering could have had their names, dates of birth, phone numbers, and email addresses exposed in the attack, as well as details of how much they were spending in stores. READ MORE...
Google confirmed that miscreants created a fraudulent account in its Law Enforcement Request System (LERS) portal, which police and other government agencies use to ask for data about Google users. "We have identified that a fraudulent account was created in our system for law enforcement requests and have disabled the account," a Google spokesperson told The Register on Tuesday. "No requests were made with this fraudulent account, and no data was accessed." READ MORE...
A high-volume cybercrime operation known as "Vane Viper" that's been active for more than a decade is supported by a commercial digital advertising platform with a checkered past, according to security researchers. Vane Viper takes advantage of hundreds of thousands of compromised websites and malicious ads that redirect unsuspecting Web users to destinations such as exploit kits, malware droppers, botnets, scams, and even ransomware campaigns. READ MORE...
The North Korea-linked Kimsuky cyberthreat group has started using ChatGPT and other AI services to create images for fake identities - both to make social engineering attacks more convincing and as a way to obfuscate code execution. In the latest attack, the group used deepfakes of South Korean military identification documents to attempt to convince targets - including journalists, researchers, and human-rights activists - to click on a link. READ MORE...
Many devices are still vulnerable to a Wi-Fi attack method disclosed more than a decade ago, software and firmware supply chain security company NetRise reported on Wednesday. The attack, named Pixie Dust, came to light in 2014, when a researcher showed that a vulnerability related to Wi-Fi Protected Setup (WPS) could be exploited to obtain a router's WPS PIN and connect to the targeted wireless network without needing its password. READ MORE...
Apple backported a fix to older iPhones and iPads for a serious bug it patched last month - but only after it may have been exploited in what the company calls "extremely sophisticated" attacks. The latest security update, pushed on Monday, fixes an out-of-bounds write issue tracked as CVE-2025-43300 in the ImageIO framework, which Apple uses to allow applications to read and write image file formats. READ MORE...