Operation Talent, led by Germany’s BKA and supported by international partners, successfully shut down the prominent cybercrime forums Cracked.io and Nulled.to, seizing critical infrastructure and arresting key individuals involved in the illegal activities.
Security researchers have identified a novel attack method called “browser syncjacking,” which allows malicious browser extensions to take complete control of a user’s browser and device with minimal user interaction by exploiting permissions typically granted to extensions.
Chinese generative AI platform DeepSeek suffered a significant security breach due to an exposed backend database, leaking sensitive information including user chat histories and API keys to the internet.
New York Blood Center Enterprises is facing significant service disruptions due to a ransomware attack, exacerbating existing blood supply shortages and prompting urgent calls for donations.
In 2024, Google significantly improved security for the Android ecosystem by blocking over 2.36 million risky apps and implementing AI-assisted reviews, while introducing new fraud prevention strategies to protect users from malicious applications and unauthorized data access.
Cybercriminals are increasingly using legitimate HTTP client tools, such as Axios and Node-fetch, to execute account takeover attacks on Microsoft 365 environments, achieving notable success rates and leveraging sophisticated techniques to bypass security measures.
The 2025 API ThreatStats Report by Wallarm reveals a staggering 1,205% increase in AI-driven API vulnerabilities, with nearly all AI-related flaws linked to insecure APIs, emphasizing the urgent need for enhanced security measures.
In 2024, threat actors reduced the average breakout time to 48 minutes, with a notable 142% increase in initial access broker listings and a concerning reliance on valid credentials for network infiltration.
Ransomware attacks in 2023 have increasingly focused on backup systems, resulting in over $1 billion in cryptocurrency extorted from victims, highlighting the urgent need for advanced data protection strategies.
Cybercriminals are increasingly targeting government websites, particularly those with .gov domains, using tactics such as open redirects to conduct phishing campaigns and distribute malware globally.
