The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. “LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker,” the Google Threat
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. “This vulnerability is due to the presence of a […]
The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. […]
07
May
May
We continue to see overall query growth in Search. That includes an increase in total queries coming from Apple’s devices and platforms. More generally, as we enhance Se…
360 Digital Marketing LLC, A Little Sunshine, Abtach, Axact, Azneem Bilwani, Breadcrumbs, Digitonics Labs, eWorldTrade, Federal Investigation Agency, Intersys Limited, Junaid Mansoor, Krebs, Majestic Ghostwriting, Muhammad Burhan Mirza, NatInfoSec, Ne'er-Do-Well News, News, Octa Group Technologies AU, Qasim Mansoor, Retrocube LLC, Security, The New York Times, U.S. Department of Justice, U.S. Patent and Trademark Office, Vertical Minds LLC, Web Fraud 2.0
Pakistani Firm Shipped Fentanyl Analogs, Scams to US
07
May
May
A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new […]
PowerSchool is warning that the hacker behind its December cyberattack is now individually extorting schools, threatening to release the previously stolen student and teacher data if a ransom is not paid. […]
A new phishing kit named ‘CoGUI’ sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data. […]
07
May
May
For more than a decade, Google Research has been using AI to precisely map the connections between every cell in the brain in an endeavor called connectomics. Now, in co…
Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. […]
CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world cybersecurity breaches. The report presents each incident as both a detailed narrative and as a threat model with the relevant cloud security risks and mitigations. Today we’re taking a closer look at the first incident covered in the Deep Dive: Snowflake […]