Malware attacks strip Roblox developers of entire games 2026-06-18 at 15:41 By Sinisa Markovic Hackers who once focused on stealing valuable Roblox items are now taking over entire games. Although Roblox operates the service, users can create and publish their own games on it. Successful games can generate substantial revenue through in-game purchases. Some developers […]
Malware attacks strip Roblox developers of entire games Read More »
Fake Spotify Premium tutorials on TikTok and Instagram Reels spread malware 2026-06-11 at 16:51 By Sinisa Markovic Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, according to ReversingLabs. The researchers uncovered two campaigns behind the activity, each using a different approach to
Fake Spotify Premium tutorials on TikTok and Instagram Reels spread malware Read More »
Scams now operate like real businesses with budgets and targets 2026-06-10 at 07:23 By Anamarija Pogorelec Social media has overtaken email as a primary attack vector, showing changes in how people consume information and interact online, according to Bitdefender’s Global Scam Intelligence Report 2026. Fraud campaigns use advertisements, sponsored content, impersonation pages, and direct messages
Scams now operate like real businesses with budgets and targets Read More »
Hackers are knocking on office doors pretending to be IT staff 2026-05-27 at 18:09 By Sinisa Markovic The Silent Ransom Group (SRG) is targeting law firms using social engineering techniques and an unusual tactic for cybercriminals: showing up at victims’ offices in person while posing as IT staff, the FBI warns. The group, also known
Hackers are knocking on office doors pretending to be IT staff Read More »
The new economics of fraud: Cheaper, faster, more convincing 2026-05-22 at 08:29 By Anamarija Pogorelec Scams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats Report. Criminals redirect efforts toward trust and third parties Fraud involves behavioral manipulation, fragmented
The new economics of fraud: Cheaper, faster, more convincing Read More »
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector 2026-05-20 at 17:16 By Zeljka Zorz Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector Read More »
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain 2026-05-19 at 15:35 By Sinisa Markovic A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found.
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain Read More »
Thieves unlock stolen iPhones using cheap tools sold on Telegram 2026-05-15 at 14:32 By Sinisa Markovic Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure used to monetize stolen iPhones. Activation Lock can remotely disable a stolen iPhone and prevent normal resale, with
Thieves unlock stolen iPhones using cheap tools sold on Telegram Read More »
Signal responds to phishing attacks with new in-app security warnings 2026-05-13 at 16:08 By Sinisa Markovic Signal is adding new protections for users following recent phishing and social engineering attacks. In March, the FBI and CISA issued a warning stating that Signal had become a primary target of Russian intelligence-linked hackers. Dutch and German security
Signal responds to phishing attacks with new in-app security warnings Read More »
$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets 2026-05-08 at 01:14 By Sinisa Markovic 20-year-old California resident Marlon Ferro, known online as “GothFerrari,” was sentenced to 78 months in prison for his role in a cryptocurrency theft operation tied to more than $250 million in stolen digital assets. Federal prosecutors said
Operation HumanitarianBait: An Infostealer Campaign in Disguise 2026-05-07 at 12:41 By rohansinhacyblecom Executive Summary Cyble Research and Intelligence Labs (CRIL) has uncovered a targeted cyberespionage campaign leveraging social engineering and trusted infrastructure to establish persistent, covert access to victim systems. The attack is delivered via phishing emails containing a malicious LNK file disguised within a
Operation HumanitarianBait: An Infostealer Campaign in Disguise Read More »
DigiCert breached via malicious screensaver file 2026-05-04 at 18:59 By Sinisa Markovic A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and
DigiCert breached via malicious screensaver file Read More »
ShinyHunters claims it stole 1.4 million records from Udemy 2026-04-28 at 22:35 By Sinisa Markovic The ShinyHunters group claims it has breached the Udemy, one of the world’s largest online learning platforms. According to Have I Been Pwned, the leaked dataset contained 1.4 million unique email addresses of customers and instructors, along with names, physical
ShinyHunters claims it stole 1.4 million records from Udemy Read More »
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware 2026-04-27 at 13:55 By Ionut Arghire The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access. The post UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware appeared first on SecurityWeek. This article is an
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware Read More »
With AI’s help, North Korean hackers stumbled into a near-undetectable attack 2026-04-24 at 08:22 By Zeljka Zorz For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing attacks, and much more. Since the advent of LLM-powered AI assistants and tools, less
With AI’s help, North Korean hackers stumbled into a near-undetectable attack Read More »
Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug 2026-04-16 at 13:34 By Mirko Zorz Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy environment. The environment stayed compromised for more
ClickFix campaign delivers Mac malware via fake Apple page 2026-04-10 at 17:22 By Zeljka Zorz Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to “reclaim disk space on your Mac”. The malicious page (Source: Jamf) ClickFix for everybody ClickFix is a
ClickFix campaign delivers Mac malware via fake Apple page Read More »
Social engineering attacks on open source developers are escalating 2026-04-08 at 15:45 By Zeljka Zorz North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the
Social engineering attacks on open source developers are escalating Read More »
EvilTokens ramps up device code phishing targeting Microsoft 365 users 2026-03-31 at 17:56 By Zeljka Zorz Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, a new, specialized phishing toolkit that’s being offered as-a-service via Telegram. What is
EvilTokens ramps up device code phishing targeting Microsoft 365 users Read More »
Professional Networks Under Attack: Vietnam-Linked Actors Deploy PXA Stealer in Global Infostealer Campaign 2026-03-30 at 18:31 By rohansinhacyblecom Executive Summary CRIL has been actively tracking a surge in PXA Stealer activity deployed in a sophisticated, financially motivated threat campaign attributed with high confidence to a Vietnam-based cybercriminal group. The primary targets in this campaign are