Israel Enters ‘Stage 3’ of Cyber Wars With Iran Proxies
While Israel and Iranian proxies fight it out IRL, their conflict in cyberspace has developed in parallel. These days attacks have decelerated, but advanced in sophistication.
-
-
Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign
Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration. “This tactic ensures that only valid card data is sent to the attackers, making the operation more efficient and potentially harder to detect,” Jscrambler researchers…
-
Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation
In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material (CSAM). “A total of 1.8 million users worldwide logged on to the platform between April 2022 and March 2025,” Europol said in a statement. “On March 11, 2025, the server, which contained around…
-
DPRK ‘IT Workers’ Pivot to Europe for Employment Scams
By using fake references and building connections with recruiters, some North Korean nationals are landing six-figure jobs that replenish DPRK coffers.
-
SolarWinds Adds Incident Management Tool From Squadcast
The IT service management and observability tools company acquired Squadcast last month and is adding the automated incident response platform to the SolarWinds portfolio.
-
In Salt Typhoon’s Wake, Congress Mulls Potential Options
While the House Committee on Government Reform was looking for retaliatory options, cybersecurity experts pointed them toward building better defenses.
-
New PCI DSS Rules Say Merchants on Hook for Compliance, Not Providers
Merchants and retailers will now face penalties for not being compliant with PCI DSS 4.0.1, and the increased security standards make it clear they cannot transfer compliance responsibility to third-party service providers.
-
How an Interdiction Mindset Can Help Win War on Cyberattacks
The US military and law enforcement learned to outthink insurgents. It’s time for cybersecurity to learn to outsmart and outmaneuver threat actors with the same framework.
-
Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse
Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. “The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull…
-
Gootloader Malware Resurfaces in Google Ads for Legal Docs
Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising.