Flux RSS

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware

‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration

The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”

World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog.

Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study

EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials

La CSSF a publié le 26 mars 2026 la circulaire CSSF-CPDI 26/50 exigeant une enquête sur les dépôts couverts détenus au 31 mars 2026. Les institutions financières doivent soumettre ces données dans les délais impartis. Cela renforce la supervision des garanties de dépôts au Luxembourg.

PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients

OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws

A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin - signing his extortion emails from a company called "Loot." Meanwhile, two people drive up to the entrance of the UK's nuclear submarine base at Faslane and politely ask if they can have a look around. Tourists? Spies? Something in between? All this and more in episode 460 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Jenny Radcliffe.

Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key

The National Crime Agency has warned construction firms about surging invoice fraud

Situation as at 28 February 2026

Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts

Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials

The US Federal Communications Commission has placed all “consumer-grade” internet routers produced outside the US on its “covered list”