Elon Musk's social media site says it suspended 800 million accounts in a year for spam and manipulation - but with state-backed campaigns still flooding the platform, the real question is how many fake accounts remain. Read more in my article on the Hot for Security blog.
Almost a quarter of the zero days detected by Google in 2025 targeted security and networking appliances
Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction
Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS
2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities
Malicious NuGet package mimicking Stripe's library targeted developers
Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information
CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective
A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances
A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics
New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo
Google researchers found that government-backed hackers now use AI throughout the whole attack lifecycle
Cofense claims AI is making phishing emails more personalized and sophisticated
Multi-stage attack begins with fake message relating to business requests and evades detection with link hidden in a PDF
CrowdStrike assessed that two new threat actor groups have spun off from North Korean Labyrinth Chollima hackers
The FBI outlines ten actions which organizations can take to defend networks against cybercriminal and nation-state threats
Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors
Loan phishing operation in Peru is stealing card info by impersonating financial institutions