Breaking cybersecurity news, vulnerability disclosures, and industry updates.
On February 20, 2024, a 10-country task force seized LockBit's infrastructure, identified 194 affiliates, and froze $112 million in cryptocurrency in the most significant ransomware takedown in history.
The Clop ransomware group weaponized CVE-2025-61882 and CVE-2025-61884 to breach nearly 100 organizations including Allianz UK, GlobalLogic, Envoy Air, Harvard, and Washington Post, with ransom demands reaching $50 million.
South Korean e-commerce giant Coupang confirmed an additional 165,000 user accounts were exposed in the massive data breach affecting 33.7 million total accounts, triggered by a former employee using valid authentication keys.
Check Point Research documents a new threat cluster weaponizing CVE-2025-8088 within days of disclosure to target government and law enforcement agencies across Cambodia, Thailand, Philippines, and neighboring countries.
Securonix researchers document a sophisticated malware campaign that chains IPFS hosting, virtual hard disk abuse, and in-memory shellcode injection to deliver AsyncRAT while evading traditional detection.
CVE-2025-11953 in React Native CLI's Metro Development Server is being exploited in the wild to deploy Rust-based malware on developer systems, with attacks observed since December 2025.
Russia's APT28 has deployed LAMEHUG and PROMPTSTEAL malware that queries large language models via Hugging Face to dynamically generate attack commands, marking the first confirmed use of AI-powered malware in active cyber operations.
The ShinyHunters cybercriminal group published stolen data from Harvard University and the University of Pennsylvania after ransom demands went unpaid, exposing over 2 million alumni, donor, and student records.
A critical flaw in n8n (CVSS 9.4) exploits TypeScript/JavaScript type mismatch to bypass sanitization from a December 2025 patch, enabling authenticated remote command execution via webhook workflows.
Threat actors are using CVE-2025-55182 exploitation to inject malicious NGINX configurations that silently redirect web traffic through attacker infrastructure, targeting Asian TLDs and government sites.
Russia's APT28 weaponized CVE-2026-21509 within three days of Microsoft's disclosure, deploying MiniDoor email stealers and PixyNetLoader against Ukraine, Slovakia, and Romania.
Firefox 148 introduces a 'Block AI enhancements' toggle that disables all current and future generative AI features, plus individual controls for translations, tab grouping, link previews, and chatbot access.