Major Security Flaw in Stalkerware Apps Exposes Private Data of Over 2.6 Million Users
A critical vulnerability in popular phone monitoring apps Cocospy and Spyic has leaked sensitive personal data of millions of users, highlighting systemic security failures in surveillance software. The breach exposed private messages, photos, and call logs, while revealing concerning ties to China-based developers.
Hidden Image Tag Malware: New Threat Targets E-commerce Payment Data
Cybercriminals are concealing credit card skimming malware within HTML image tags on e-commerce websites, particularly targeting Magento platforms. This sophisticated technique allows attackers to harvest payment data while evading detection through seemingly innocent code.
Russian Hackers Exploit Microsoft Device Code Authentication to Target M365 Accounts
Security researchers uncover sophisticated Russian threat actors using Microsoft's legitimate Device Code Authentication to compromise M365 accounts of government organizations and NGOs. The attack leverages social engineering and authentic Microsoft domains to bypass traditional security measures.
State-Sponsored Hackers Form Dangerous Alliance with Cybercriminals
Security researchers uncover growing collaboration between nation-state hackers and cybercrime groups, with Russia, China, and Iran sharing tools and infrastructure. This unprecedented partnership makes attacks more sophisticated and harder to trace, combining state-level capabilities with criminal monetization tactics.
Critical Windows Security Update Patches 55 Flaws, Including Two Active Exploits
Microsoft's February 2025 Patch Tuesday addresses 55 security vulnerabilities in Windows systems, with two zero-day flaws already exploited by hackers. The update fixes multiple critical issues including remote code execution and privilege elevation vulnerabilities.
Password Manager Attacks Triple as Cybercriminals Deploy Advanced Malware
New research reveals malware targeting password storage systems now accounts for 25% of all variants, with attacks becoming increasingly sophisticated. Security experts recommend combining password managers with multi-factor authentication while maintaining their value as an essential security tool.
Browser Syncjacking: The New Chrome Extension Attack That Gives Hackers Full Device Control
A dangerous new cyberattack method called 'browser syncjacking' exploits Chrome extensions to give attackers complete control of victims' computers. The attack uses legitimate-looking extensions and Google sync features to steal sensitive data and establish backdoor access.
Vietnamese Hackers Target Supply Chain with Zero-Day Exploits in VeraCore Software
XE Group, a Vietnamese cybercrime organization, has evolved from credit card theft to sophisticated supply chain attacks by exploiting critical zero-day vulnerabilities in VeraCore. The group deployed advanced web shells to maintain persistent unauthorized access to manufacturing and distribution systems since 2020.
Hijacked AWS Storage Buckets Expose Major Organizations to Supply Chain Attacks
Security researchers discovered 150 abandoned AWS S3 storage buckets previously used by major organizations that could be easily re-registered and hijacked. The vulnerability allowed researchers to gain control over storage locations still receiving millions of requests from government agencies and corporations.
Hidden Threat: Security Expert Exposes Dangerous Vulnerability in Modified USB Cables
Cybersecurity researcher Mike Grover demonstrates how a seemingly innocent charging cable can be weaponized to remotely access and control computers from up to 300 feet away. The modified cable can capture keystrokes, implant malware, and execute malicious commands without detection.