Microsoft has restricted Internet Explorer (IE) Mode in Edge after discovering it was exploited in targeted attacks. The vulnerability, now patched, allowed threat actors to bypass modern security controls by abusing legacy IE components embedded within enterprise browsers.
Cybercriminals are distributing malware through fake judicial notification emails, posing as court summons or legal notices.
The campaign aims to deceive users into opening malicious attachments or clicking links that trigger trojan infections and data theft.
Seven zero-day vulnerabilities affecting QTS/QuTS hero and popular QNAP apps were exploited at a live event. Update OS and apps, remove internet exposure, and enforce MFA. Verify snapshots and offline backups, stream logs off-box, and alert on admin anomalies and backup job edits to prevent data loss.
Zero Trust in 2025 means verifying every request and limiting access by default. This guide turns principles into a deployable plan: identity-first controls, phishing-resistant MFA, device posture checks, microsegmentation, and centralized policy decisions. Start with fast wins, measure risk reduction, and scale confidently.
Smishing texts now target lost iPhone owners with fake “found” alerts and cloned iCloud pages. Verify only in Find My, keep Activation Lock tied to your Apple ID, and avoid links in messages. Set a SIM PIN, rotate your Apple ID password, and review trusted devices to prevent account takeover.
Threat actors now pair generative AI with trusted cloud apps to breach manufacturing. They deliver malware through OneDrive/GitHub, steal API keys and tokens, and persist via OAuth consent. Without governed AI usage, Cloud DLP, and consent controls, factories face quiet IP theft and escalating downtime risks.
Attackers behind the ClickFix campaign registered over 13,000 unique domains to execute browser-based malware through fake CAPTCHA lures and clipboard tricks. This breakdown reveals their infrastructure, tactics, and defenses every security team must implement.
Gemini’s Deep Research now taps Gmail, Drive, and Chat when users allow it. Because the agent can fuse internal messages and files with web context, output quality rises along with privacy risk. This guide shows how to roll out safely: set consent norms, restrict high-risk teams, validate audit coverage, and keep DLP and labels active so Deep Research never reads more than policy permits.
Confucius hackers launched a phishing campaign in Pakistan deploying WooperStealer and Anondoor malware using PPSX and LNK files to compromise sensitive systems.
Actors on underground forums are now selling a turnkey ransomware toolkit named MonoLock v1.0 designed to target small and medium organisations, disable backups, encrypt data at scale via AES-256/RSA-2048, and demand payment through an automated Tor portal. Security teams must recognise this shift in the ransomware-as-a-service (RaaS) business model and reinforce detection, defence and incident response accordingly.