• Hackers target Microsoft Entra accounts via device code vishing, exploiting OAuth 2.0 flow. • Attack uses legitimate OAuth client IDs, bypassing phishing sites and standard login
• Credential‑stealing Chrome extensions discovered; Malwarebytes Labs offers detection and removal guide. • Fake online shops target Winter Olympics 2026 fans, phishing for payment
• CVE-2024-54529: type confusion in CoreAudio’s com.apple.audio.audiohald Mach service, causing crashes. • Exploitation involved manipulating Mach messages to fetch wrong HALS_Obje
• CVE-2025-8088: critical path traversal flaw in WinRAR allows arbitrary file writes via ADS. • Exploited by state-backed actors from Russia, China and financially motivated groups
• CTA founded in 2014, uniting Palo Alto, Fortinet, McAfee, and Symantec for shared threat intelligence. • Shifted industry from proprietary intel to collaborative defense, raising
• Reconnaissance is often ignored, yet it’s essential for protecting networks. • Know your environment: attackers excel at mapping assets, from Windows 7 machines to smart fridges.
• KONNI leverages AI to auto-generate PowerShell backdoor scripts, streamlining malware development. • AI models produce obfuscated code, enhancing stealth against signature-based
• Pwn2Own Automotive 2026 returns to Tokyo, featuring record 73 entries. • Competition spans real‑world automotive components, testing IVI and Level‑2 EV chargers. • Random draw se
• AI is accelerating threat sophistication, enabling attackers to craft more convincing phishing campaigns. • Machine‑learning models are used to generate polymorphic malware that
• Russian GRU’s 85th GTsSS unit 26165 targets Western logistics and tech firms. • Campaign focuses on coordination, transport, delivery of foreign aid to Ukraine. • Uses known TTPs
• Fast flux hides malicious server locations by rapidly changing DNS records. • Enables cybercriminals and nation-state actors to evade detection and maintain C2. • Resilient, high
• Malware increasingly hides in legitimate app store listings, exploiting user trust for widespread infection. • Supply‑chain attacks target third‑party libraries, enabling attacke
• Commercial software proliferation expands attack surface, increasing vulnerability exposure across enterprises. • Open-source components in commercial stacks introduce hidden bac
• AI accelerates threat detection, enabling faster identification of malicious activity. • Adversarial AI allows attackers to craft evasive malware that bypasses traditional defens
• Universities face rising ransomware attacks targeting research data and student records. • Phishing campaigns exploit faculty credentials to gain network access. • Supply‑chain v
• Ransomware remains the top threat, targeting critical UK business data. • Phishing campaigns exploit remote working, increasing credential theft. • Supply‑chain attacks grow, com
• Sports organisations increasingly targeted by ransomware, phishing, and credential‑stealing attacks. • High‑profile events like the Olympics and World Cup attract sophisticated t
• US sanctions in May 2020 targeted Russian cyber actors and infrastructure. • NCSC identified increased threat actor activity following sanction announcements. • Sanctions disrupt
• BGP is critical for inter-ISP routing, requiring strict policy enforcement to prevent leaks and hijacks. • Implement prefix filtering and route origin validation to ensure only l
• Over 1,200 cyber incidents reported across 30 countries, highlighting rising ransomware activity. • Ransomware attacks surged 35%, with CryptoLocker variants targeting healthcare