Category: News

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called “VENOM” are targeting credentials of C-suite executives across multiple industries. The operation has been active since at least last November and appears to target specific individuals who serve as CEOs, CFOs, or VPs at their companies. VENOM also seems to be closed access, as it […]

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. macOS users will benefit from this security feature in a future Chrome release that has yet to be announced. The new protection has been announced in 2024, and it works by cryptographically […]

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. The developer says that only the Pro version 3.5.1.35 of the plugin is affected and recommends switching immediately to the latest version, currently 3.5.1.36, or 3.5.1.34 and earlier. Apart from installing backdoors in […]

The Figure breach exposed 967,200 email records without a single exploit. Understanding what that enables — and why your MFA cannot contain it — is an architectural problem, not a user education problem. In February 2026, TechRepublic reported that Figure, a financial services company, exposed nearly 967,200 email records in a newly disclosed data breach. […]

Cyberattacks rarely come out of nowhere—threat actors often leave behind signals long before an intrusion begins. On Thursday, April 30, 2026 at 2:00 PM ET, BleepingComputer will host a live webinar titled “From noise to signal: What threat actors are targeting next” with Tammy Harper, Threat Intelligence Researcher at RansomLook. The webinar explores how security teams […]

Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. Eurail is a Netherlands-based company that sells Interrail and Eurail passes for multi-country train travel across Europe, passes that are also available to young Europeans […]

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate card details and billing data. The campaign was discovered by eCommerce security company Sansec, whose researchers believe […]

A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. According to the Google Threat Intelligence Group, dozens of corporate entities have been targeted through this method to exfiltrate sensitive data for extortion. Austin Larsen, GTIG principal threat analyst, says that UNC6783 typically relies on social engineering and phishing […]

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. Script Editor is a built-in macOS application for writing and running scripts, primarily AppleScript and JXA, that can execute local scripts and shell commands. It […]