A threat actor has registered over 4,300 look-alike hotel booking domains, launching a large-scale phishing campaign that impersonates major travel brands to steal payment card data from unsuspecting guests.
CISA warned that multiple federal agencies still haven’t fully patched Cisco ASA/FTD devices despite active exploitation. Because the campaign targets the VPN web server and enables device takeover, teams must apply fixes for CVE-2025-20333/20362, follow ED 25-03 inventory and validation steps, and disconnect end-of-support hardware. This analysis explains impact, attack flow, high-signal detection, and fast remediation so defenders can reduce edge-device risk without slowing operations.
UK investigators seized 61,000 Bitcoin linked to Zhimin Qian’s China-based Ponzi fraud. A London court handed her 11 years and 8 months, while civil recovery fights over billions continue.
A malicious npm package named “@acitons/artifact” impersonates @actions/artifact, hijacks GitHub Actions tokens via postinstall scripts, and attempts to publish artifacts as GitHub showcasing a precise software supply chain attack.
Rhadamanthys suffered a coordinated disruption as “customers” lost access to panels and servers. With certificate-only logins and Tor sites offline, credential theft pipelines broke. Use the lull to rotate passwords, revoke tokens, scrub loaders, and harden identity before operators relaunch under a new brand.
Seven fresh techniques let attackers leak ChatGPT data through everyday workflows: poisoned search, “q=” one-click links, allowlisted ad redirects, conversation injection, markdown hiding, and memory poisoning. Because exposure rides on normal browsing and memory behavior, prevention requires policy plus proof: sanitize URLs, block bing.com/ck/a, disable Saved Memory for high-risk roles, and validate controls continuously with OWASP LLM Top 10 and MITRE ATLAS as your benchmarks.
Global law enforcement has seized a dark web leak site allegedly operated by Scattered Spider, halting a notorious pipeline of stolen corporate data. Here’s what cybersecurity experts need to know about the takedown.
Actors on underground forums are now selling a turnkey ransomware toolkit named MonoLock v1.0 designed to target small and medium organisations, disable backups, encrypt data at scale via AES-256/RSA-2048, and demand payment through an automated Tor portal. Security teams must recognise this shift in the ransomware-as-a-service (RaaS) business model and reinforce detection, defence and incident response accordingly.
China’s Ministry of State Security alleges that the U.S. National Security Agency breached its National Time Service Centre over multiple years. The event signals new exposure for timing infrastructure and escalates global cyber conflict.
The Silver Fox group, long known for precision-targeted malware operations, has extended its Winos 4.0 campaign into Japan and Malaysia. Security experts now observe the deployment of HoldingHands RAT through malicious PDF attachments and deceptive software installers.