Massive surge of NFC relay malware steals Europeans’ credit cards

Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people’s payment card information in the past few months. Contrary to the traditional banking trojans that use overlays to steal banking credentials or remote access tools to perform fraudulent transactions, […]

CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers

On Thursday, CISA warned U.S. government agencies to secure their systems against attacks exploiting a high-severity vulnerability in Broadcom’s VMware Aria Operations and VMware Tools software. Tracked as CVE-2025-41244 and patched one month ago, this vulnerability allows local attackers with non-administrative privileges to a virtual machine (VM) with VMware Tools and managed by Aria Operations […]

Major telecom services provider Ribbon breached by state hackers

Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024. Ribbon provides networking solutions and secure cloud communications services to telecommunications companies and critical infrastructure organizations worldwide. The company has over 3,100 employees in 68 global offices, […]

BPO giant Conduent confirms data breach impacts 10.5 million people

American business services giant Conduent has confirmed that a 2024 data breach has impacted over 10.5 million people, according to notifications filed with the US Attorney General’s offices. Conduent is an American business process outsourcing (BPO) company that provides digital platforms and services for governments and enterprises. The company was spun off from Xerox in 2017 […]

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. The packages were uploaded to npm on July 4, and remained undetected for a long period due to multiple layers of obfuscation that helped escape standard static analysis mechanisms. According to researchers at […]

WordPress security plugin exposes private data to site subscribers

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. The plugin provides malware scanning and protection against brute-force attacks, exploitation of known plugin flaws, and against database injection attempts. Identified as CVE-2025-11705, the […]

Canada says hacktivists breached water and energy facilities

The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions. The authorities issued the warning to raise awareness of the elevated malicious activity targeting internet-exposed Industrial Control Systems (ICS) and the need […]

Microsoft: DNS outage impacts Azure and Microsoft 365 services

Microsoft is suffering an ongoing DNS outage affecting customers worldwide, preventing them from logging into company networks and accessing Microsoft Azure and Microsoft 365 services. According to reports on DownDetector and social networks, this incident began impacting Microsoft’s services almost 1 hour ago and is currently causing server and website connection issues for tens of thousands of […]