Month: October 2025

Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. This claim began over the weekend and into today, with news stories claiming that millions of Gmail accounts were breached, with some outlets

X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. In a series of posts on X, the company says this change only affects users who use passkeys or hardware-based security keys, such as

In 2025, AI is making it easier for attackers to exploit weaknesses, while businesses are contending with expanding attack surfaces due to a multitude of factors including shadow IT, supply chain risk, and sprawling cloud infrastructure. Faced with these challenges, how well are defenders keeping up? The data highlights progress in some areas, but also

Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. The malware can also steal credentials stored in the browser, cryptocurrency wallet data, and game accounts. RedTiger is a Python-based penetration testing suite for Windows and Linux that bundles options for scanning networks and cracking

The 2024 FinWise data breach serves as a stark example of the growing insider threats faced by modern financial institutions. Unlike typical cyberattacks originating from external hackers, this incident stemmed from unauthorized access by a former employee using retained credentials. On May 31, 2024, the ex-employee accessed FinWise Bank’s systems after leaving the company and

Meta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts. On Messenger, the company has started testing more advanced scam-detection for suspicious chats that will warn users when a new contact sends a potentially scammy message, giving them the option to send recent messages for AI scam

North Korean Lazarus hackers compromised three European companies in the defense sector through a coordinated Operation DreamJob campaign leveraging fake recruitment lures. The threat group’s activity was detected in late March and targeted organizations involved in the development of unmanned aerial vehicle (UAV) technology. ‘Operation DreamJob’ is a long-running Lazarus campaign where the adversary, posing as

OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to attacks that spoof the built-in AI sidebar and can lead users into following malicious instructions. The AI Sidebar Spoofing attack was devised by researchers at browser security company SquareX and works on the latest versions of the two browsers. The researchers created three realistic attack scenarios where a

A new phishing technique dubbed ‘CoPhish’ weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. The technique was developed by researchers at Datadog Security Labs, who warned in a report earlier this week that Copilot Studio’s flexibility introduces new, undocumented phishing risks. Although CoPhish relies on social