Who Is Scattered Spider? Scattered Spider is a cybercrime group known for executing high-impact ransomware attacks across the United States. They gained notoriety for their clever use of social engineering, SIM-swapping, and remote access tools to infiltrate major organizations. Operating with international ties, the group targeted companies with sophisticated techniques and insider manipulation to extort…
OpenAI is experimenting with a new ChatGPT feature called Skills, drawing inspiration from Claude’s modular capabilities model. This represents a paradigm shift in how generative AI can be taught sophisticated workflows and domain-specific functions, potentially improving performance on structured, complex tasks.
The Trump administration is reportedly considering licenses that would let Nvidia sell its H200 AI chips to China, reversing earlier restrictions that treated the GPU as too advanced for export. The debate pits Nvidia’s lost China revenue and a fragile tech truce against fresh smuggling indictments, the proposed CHIP Security Act and mounting fears that high-end AI hardware will accelerate China’s weapons and surveillance programmes.
Belgian chains such as Brico and Carrefour are increasingly playing AI-generated, royalty-free music in their stores to cut licensing costs. This shift could slash 25–28 % of public performance income for local artists, warn rights organizations. Here’s how the technology works, the risks it raises, and what defenses stakeholders must consider.
A public PoC exploit tool for CVE-2025-64446 now turns FortiWeb WAF appliances into high-value RCE targets. The bug uses a relative path traversal flaw to execute administrative commands over HTTP or HTTPS, and active exploitation in the wild, CISA KEV inclusion, and GitHub tooling mean security teams must urgently patch, lock down management access, and fold FortiWeb into their broader Fortinet and perimeter compromise playbooks.
A threat actor has registered over 4,300 look-alike hotel booking domains, launching a large-scale phishing campaign that impersonates major travel brands to steal payment card data from unsuspecting guests.
Google Mandiant has launched an investigation into a new cyberattack campaign targeting Oracle systems, raising alarms over advanced threat activity and enterprise risks.
Smishing texts now target lost iPhone owners with fake “found” alerts and cloned iCloud pages. Verify only in Find My, keep Activation Lock tied to your Apple ID, and avoid links in messages. Set a SIM PIN, rotate your Apple ID password, and review trusted devices to prevent account takeover.
A critical vulnerability in the Service Finder Bookings plugin bundled with the Service Finder WordPress theme allows unauthenticated attackers to log in as administrators. The flaw, tracked as CVE-2025-5947, is actively exploited in the wild with a CVSS 9.8 rating. Users must patch immediately to prevent takeovers.
North Korean–linked attackers exploited a critical React2Shell vulnerability (CVE-2025-55182) to deploy a new smart-contract based RAT named EtherRAT. The malware uses Ethereum smart-contracts for C2 resolution, hides payloads through obfuscation, and employs multiple persistence mechanisms — a serious threat to Web3 and developer environments.