Hackers are actively exploiting vulnerabilities in Fortinet firewalls to deploy ransomware, targeting organizations that have yet to patch their systems. The Mora_001 ransomware gang, which has ties to the notorious LockBit group, has been using two specific Fortinet flaws — CVE-2024-55591 and
A new phishing campaign has been targeting Coinbase users, tricking them into setting up a new wallet with a pre-generated recovery phrase that’s controlled by the attackers. The scam email masquerades as an official communication from Coinbase, instructing users to switch to self-custodial
A growing phishing scam is tricking US residents into paying fake parking fines. Since December 2024, scammers have been sending text messages stating that recipients have unpaid parking violations and face a $35 daily penalty unless they settle immediately. The scam is widespread, with
A ransomware attack targeting newspaper giant Lee Enterprises has disrupted its ability to process payments for its hired freelancers and contractors, leaving many without compensation. The cyberattack, which began on February 3, 2025, has caused ongoing operational issues, affecting print
An emerging ClickFix phishing scam is exploiting Microsoft SharePoint to lure victims into running PowerShell commands that install the Havoc post-exploitation framework. Uncovered by Fortinet’s FortiGuard Labs, the attack uses fraudulent OneDrive errors to deceive users into executing malicious
A new cybercrime campaign is preying on Web3 job seekers by using fake job interviews to spread "GrassCall" malware. The Russian-speaking cybercriminal group Crazy Evil orchestrated the scam by posting deceptive job listings and luring applicants into downloading a phony video conferencing app.
The breach notification service Have I Been Pwned (HIBP) has added 284 million compromised email accounts to its database after discovering them in a 1.5TB collection of stolen credentials named ALIEN TXTBASE. The data was shared on a Telegram channel and included passwords and email addresses
Cybercriminals are exploiting PayPal’s address confirmation emails to trick users into believing their accounts were hacked. By sending legitimate-looking notifications about an unauthorized purchase and addition of a new address, scammers create panic and lure victims into calling a fake support
Microsoft has uncovered a new variant of the XCSSET macOS malware, which is targeting users' sensitive data, including cryptocurrency wallets and information stored in the Notes app. Active for at least five years, this malware spreads through compromised Xcode projects. The latest attacks used its
A game listed on the Steam store was discovered to contain password-stealing malware, leading to its removal from the platform. The game, PirateFi, appeared to be a survival game but was actually designed to install the Vidar infostealer, a type of malware that can steal passwords, session cookies,