News Type
Summary
Report
Threat actors are taking advantage of the rise in popularity of DeepSeek to promote two malicious infostealer packages on the Python Package Index (PyPI), where they impersonated developer tools for the AI platform. The packages were named “deepseeek” and “deepseekai” after the Chinese artificial intelligence startup, developer of the R1 large-language model that recently saw a meteoric surge in popularity.
Report
An attempt to block a phishing URL in Cloudflare’s R2 object storage platform backfired, triggering a widespread outage that brought down multiple services for nearly an hour. The outage occurred when an employee responded to an abuse report about a phishing URL in Cloudflare’s R2 platform. However, instead of blocking the specific endpoint, the employee mistakenly turned off the entire R2 Gateway service.
Report
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates.
Report
A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall.
Report
Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously.
Report
A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavours, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. The hackers deployed the RA World ransomware against an Asian software and services company and demanded an initial ransom payment of $2 million.
Report
A name confusion attack allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. Dubbed “whoAMI,” the attack was crafted by DataDog researchers, who demonstrated that it’s possible for attackers to gain code execution within AWS accounts by exploiting how software projects retrieve AMI IDs.
Report
A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users.
Report
Social media platform X (formerly Twitter) is now blocking links to “Signal.me,” a URL used by the Signal encrypted messaging to share your account info with another person.
Report
Microsoft announced the deprecation of the Location History feature from Windows, which lets applications like the Cortana virtual assistant to fetch location history of the device.
Report
JPMorgan Chase Bank (Chase) will soon start blocking Zelle payments to social media contacts to combat a significant rise in online scams utilising the service for fraud.
Report
The Chinese APT hacking group “Mustang Panda” has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software.
Report
A large-scale malware campaign dubbed “StaryDobry” has been targeting gamers worldwide with trojanized versions of cracked games such as Garry’s Mod, BeamNG.drive, and Dyson Sphere Program.
Report
Russian threat actors have been launching phishing campaigns that exploit the legitimate “Linked Devices” feature in the Signal messaging app to gain unauthorised access to accounts of interest.
Report
The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyber attacks on U.S. telecommunication providers.
Report
Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract.
Report
Apple will no longer offer iCloud end-to-end encryption in the United Kingdom after the government requested a backdoor to access Apple customers’ encrypted cloud data.
Report
Threat actors are exploiting major Counter-Strike 2 (CS2) competitions, like IEM Katowice 2025 and PGL Cluj-Napoca 2025, to defraud gamers and steal their Steam accounts and cryptocurrency.
Report
The eyewear retailer Warby Parker was hit with a $1.5 million fine by the Department of Health and Human Services following a credential stuffing attack in 2018 that compromised the personal information of nearly 200,000 people.
Report
An Android malware app called SpyLend has been downloaded over 100,000 times from Google Play, where it masqueraded as a financial tool but became a predatory loan app for those in India. The app falls under a group of malicious Android applications called “SpyLoan,” which pretend to be legitimate financial tools or loan services but instead steal data from devices for use in predatory lending.
Warning
Cybercrime continues to expand and evolve and has become a national security-level threat that is enabling more attacks by state-backed groups, Google warned in a new report.
Report
As an undercover journalist covering Italian politics, Francesco Cancellato is used to reporting on scandals. But he never thought he would be part of the story. Late last month, WhatsApp announced that 90 people had been targeted with Paragon Solutions’ spyware via their accounts on the messaging platform. Cancellato, the editor-in-chief of the Italian newspaper Fanpage, is one of four victims to come forward so far. All four have been critical of the Italian government.
Warning
Law enforcement agencies risk losing the trust of the societies they protect unless those societies understand why new powers are needed to tackle surging levels of cybercrime, Europol’s chief warned.
Report
The Department of Government Efficiency (DOGE) may already have access to sensitive tax and medical data stored at the IRS and Social Security Administration (SSA), which jointly retain disability diagnoses, child adoption information, exceptionally detailed financial data and individuals’ immigration status, experts said.
Report
Russian state-backed hackers are increasingly targeting Signal messenger accounts – including those used by Ukrainian military personnel and government officials – in an effort to access sensitive information that could aid Moscow’s war effort, researchers warned.
Record
The Black Basta ransomware group has become the latest criminal enterprise to be hit by a release of internal chat logs, potentially revealing identifying details about the individuals behind the scheme and their operations.
Record
A previously unknown hacking group has been spotted targeting European healthcare organizations using spyware linked to Chinese state-backed hackers and a new ransomware strain, researchers said.
Report
OpenAI said it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks.
Warning
Russia’s National Coordination Center for Computer Incidents (NKTsKI) warned organizations in the country’s credit and financial sector about a breach at LANIT, a major Russian IT service and software provider.
Report
A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious “GrassCall” meeting app that installs information-stealing malware to steal cryptocurrency wallets.
Report
Cybercriminals are exploiting major e-sports tournaments to target players of the popular video game Counter-Strike 2 (CS2), researchers have found.
Report
A threat actor tracked as ‘EncryptHub,’ aka Larva-208, has been targeting organizations worldwide with spear-phishing and social engineering attacks to gain access to corporate networks.
Report
The Have I Been Pwned data breach notification service has added over 284 million accounts stolen by information stealer malware and found on a Telegram channel.
Report
Four foreign and two U.S. developers unlawfully accessed generative AI services, reconfigured them to allow the creation of harmful content such as celebrity deepfakes and then resold access to the tools, Microsoft said in a legal filing.
Report
Privacy-focused email provider Tuta (previously Tutanota) and the VPN Trust Initiative (VTI) are raising concerns over proposed laws in France set to backdoor encrypted messaging systems and restrict internet access.
