A California jury ordered Apple to pay Masimo $634 million for infringing a blood-oxygen monitoring patent in Apple Watch models. The verdict raises stakes in a yearslong fight over health-sensor IP, ITC import bans, and Apple’s wearable roadmap.
A fake Chrome wallet called “Safery” steals seed phrases by encoding them into Sui addresses and sending dust transactions, allowing attackers to reconstruct mnemonics later. Consequently, users risk full account takeover. Enforce extension allowlists, remove unknown wallets, rotate seeds, and migrate assets to new addresses immediately.
Cephalus ransomware breaks in through exposed or weak RDP, steals data, and launches a Go-based encryptor that disables backups and evades analysis with DLL sideloading and key obfuscation. Consequently, victims encounter fast double-extortion pressure and noisy business disruption unless identity and remote-access controls stop the chain early.
The newly discovered ClayRat Android spyware represents one of 2025’s most sophisticated state-sponsored mobile espionage tools. Designed to collect device data, intercept communications, and monitor app activity, ClayRat’s discovery highlights how Android remains a prime target in global intelligence operations.
ClickFix campaigns scale by coaching users to “fix” access issues with copy-paste commands. After the click, actors steal Microsoft 365 tokens or credentials and, in some cases, drop PureRAT for persistence. Break the flow by enforcing admin-only app consent, requiring phishing-resistant MFA, and blocking browser-to-shell chains. Investigate mailbox rules, token reuse, and OAuth grants whenever ClickFix pages appear in referral logs.
Recent cyber threats highlight a sharp rise in stealth malware loaders and AI-assisted attack techniques, signaling a shift toward quieter, more adaptive initial access strategies that challenge traditional detection models.
Google has disclosed a widespread Oracle-linked hacking campaign impacting dozens of organizations across sectors including energy, tech, and logistics. The operation, active since mid-2025, exploited software integrations between vendors and clients marking one of the year’s most significant supply chain cyberattacks.
A new cloud native botnet called ShadowV2 is taking aim at organizations worldwide. By abusing exposed Docker daemons and blending into legitimate cloud environments, the malware enables large scale distributed denial of service (DDoS) attacks while evading traditional defenses. With over 24,000 Docker instances exposed online, the potential for exploitation is significant What is ShadowV2?…
The JackFix attack marks the latest evolution of the ClickFix technique. By luring victims through fake adult sites into a full-screen Windows update screen, encoding Run-dialog commands, gating its payload URL, and dropping multiple infostealers through an obfuscated PowerShell script, JackFix sidesteps many earlier ClickFix mitigations and forces defenders to rethink how they handle browser-driven social engineering.
North Korea has transformed cryptocurrency theft into a state-backed, industrial cyber operation. With coordinated threat groups, refined malware pipelines, and aggressive targeting of exchanges and DeFi platforms, DPRK attackers continue scaling their global theft strategy despite expanding sanctions and international pressure.