A growing phishing scam is tricking US residents into paying fake parking fines. Since December 2024, scammers have been sending text messages stating that recipients have unpaid parking violations and face a $35 daily penalty unless they settle immediately. The scam is widespread, with
A ransomware attack targeting newspaper giant Lee Enterprises has disrupted its ability to process payments for its hired freelancers and contractors, leaving many without compensation. The cyberattack, which began on February 3, 2025, has caused ongoing operational issues, affecting print
An emerging ClickFix phishing scam is exploiting Microsoft SharePoint to lure victims into running PowerShell commands that install the Havoc post-exploitation framework. Uncovered by Fortinet’s FortiGuard Labs, the attack uses fraudulent OneDrive errors to deceive users into executing malicious
A new cybercrime campaign is preying on Web3 job seekers by using fake job interviews to spread "GrassCall" malware. The Russian-speaking cybercriminal group Crazy Evil orchestrated the scam by posting deceptive job listings and luring applicants into downloading a phony video conferencing app.
The breach notification service Have I Been Pwned (HIBP) has added 284 million compromised email accounts to its database after discovering them in a 1.5TB collection of stolen credentials named ALIEN TXTBASE. The data was shared on a Telegram channel and included passwords and email addresses
Cybercriminals are exploiting PayPal’s address confirmation emails to trick users into believing their accounts were hacked. By sending legitimate-looking notifications about an unauthorized purchase and addition of a new address, scammers create panic and lure victims into calling a fake support
Microsoft has uncovered a new variant of the XCSSET macOS malware, which is targeting users' sensitive data, including cryptocurrency wallets and information stored in the Notes app. Active for at least five years, this malware spreads through compromised Xcode projects. The latest attacks used its
A game listed on the Steam store was discovered to contain password-stealing malware, leading to its removal from the platform. The game, PirateFi, appeared to be a survival game but was actually designed to install the Vidar infostealer, a type of malware that can steal passwords, session cookies,
A Chinese state-backed hacking group known as Salt Typhoon has continued targeting telecommunications providers worldwide, despite recent US sanctions and cybersecurity warnings. According to a report from cybersecurity firm Recorded Future, the group has successfully breached multiple telecom
Thousands of GFI KerioControl firewall devices have remained vulnerable to a critical remote code execution (RCE) flaw, CVE-2024-52875, despite security patches being made available since December 2024. The flaw allows attackers to exploit improper input sanitization in the firewall’s web