Chaos Ransomware Upgrades with Aggressive New C++ Variant
New encryption, wiper, and cryptocurrency-stealing capabilities make the evolving ransomware-as-a-service operation more dangerous than ever.
-
-
From Phishing to Malware: AI Becomes Russia’s New Cyber Weapon in War on Ukraine
Russian hackers’ adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country’s State Service for Special Communications and Information Protection (SSSCIP) said. “Hackers now employ it not only to generate phishing messages, but some of the malware samples we have…
-
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme
Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the
-
Vampire Bot Malware Sinks Fangs Into Job Hunters
The campaign is the latest by BatShadow, one of a growing number of cybercrime groups operating out of Vietnam.
-
Red Hat Hackers Team Up With Scattered Lapsus$ Hunters
Crimson Collective, which recently breached the GitLab instance of Red Hat Consulting, has teamed up with the notorious cybercriminal collective.
-
3 Extortion Gangs Join Forces in Ransomware ‘Cartel’
LockBit, Qilin, and DragonForce also invited other attackers to join their collaboration to share attack information and resources.
-
The State of Ransomware in Healthcare 2025
292 IT and cybersecurity leaders reveal the ransomware realities for healthcare establishments today.
-
Figma MCP Server Opens Orgs to Agentic AI Compromise
Patch now: A bug (CVE-2025-53967) in the popular Web design tool’s option for talking to agentic AI can lead to remote code execution (RCE).
-
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. “Site visitors get injected content that was drive-by malware like fake Cloudflare verification,” Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company
-
China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool
A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead.