UK regulators have fined LastPass for security failures linked to the 2022 breach that exposed vault metadata for 16 million users. The incident revealed significant operational gaps and raised industry-wide questions about password-management safety.
This week’s ThreatsDay Bulletin highlights rising spyware alerts, global scanning activity, and new Linux backdoor threats essential insight for defenders and SOC teams.
A new ClickFix-style attack abuses Grok and ChatGPT to deliver malware by convincing users to run malicious commands disguised as troubleshooting advice. This article explains how the attack works and how defenders can detect and prevent it.
A massive misconfigured database exposed billions of LinkedIn-related records, enabling attackers to refine phishing, impersonation, and identity-based attacks. This investigative report examines how the leak happened and why its long-tail impact will persist for years.
Microsoft 365 suffered a widespread outage across Australia, causing authentication failures, email disruptions and Teams connection issues. Although services gradually recovered, the incident exposed cloud reliability concerns for businesses that rely heavily on Microsoft’s ecosystem.
The U.S. Justice Department indicted a Ukrainian national for her role in Russia-backed cyberattacks targeting critical infrastructure — a move highlighting the resurgence of politically motivated malware campaigns against essential services.
North Korean–linked attackers exploited a critical React2Shell vulnerability (CVE-2025-55182) to deploy a new smart-contract based RAT named EtherRAT. The malware uses Ethereum smart-contracts for C2 resolution, hides payloads through obfuscation, and employs multiple persistence mechanisms — a serious threat to Web3 and developer environments.
SAP has released fixes for three SAP critical vulnerabilities affecting Solution Manager, Commerce Cloud, and the jConnect SDK. These flaws enable remote code execution and unsafe deserialization, posing significant risk to enterprise systems. This article breaks down technical details and offers mitigation guidance.
Japanese organizations continue facing ransomware incidents that cause months of operational disruption. This investigative analysis explores how long-tail damage unfolds, why attackers target Japan’s supply chain ecosystem, and how companies can strengthen long-term resilience.
Microsoft’s December 2025 Patch Tuesday delivers critical security updates — 56 vulnerabilities across Windows, Office, Exchange and more including three zero-day flaws. Attackers exploited at least one, making immediate patching vital for enterprise and personal systems alike.