Connected and Compromised: When IoT Devices Turn Into Threats
Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things’ attack surfaces more dangerous.
-
-
ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories
The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time. Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to…
-
From Exposure to Exploitation: How AI Collapses Your Response Window
We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a “temporary” API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay down during a slower cycle. In…
-
Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users
Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that’s designed to facilitate device takeover (DTO) attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activity is primarily singling out users looking for the online TV applications. “This new threat,…
-
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran’s ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan…
-
More Than 40% of South Africans Were Scammed in 2025
Survey underscores the reality that scammers follow “scalable opportunities and low friction,” rather than rich targets that tend to be better protected.
-
Dell RecoverPoint for Virtual Machines Zero Day Attack
What is the Attack? The attack involves the threat cluster UNC6201 (a suspected China-nexus Advanced Persistent Threat (APT)) actively exploiting a critical zero-day vulnerability in Dell’s RecoverPoint for Virtual Machines platform. The flaw (CVE-2026-22769) stems from hard-coded credentials embedded within the appliance, allowing unauthenticated remote attackers to gain administrative access. Because RecoverPoint is a disaster…
-
Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto
A convincing presale site for phony “Google Coin” features an AI assistant that engages victims with a slick sales pitch, funneling payment to attackers.
-
Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.
-
Threat Intelligence Has a Human-Shaped Blind Spot
How I realized what I was taught to about threat intelligence was missing something crucial.