Tag: security

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware. LummaStealer, also known as LummaC2, is an infostealer operation running as a malware-as-a-service (MaaS) platform that was disrupted in May 2025 when multiple tech firms and law enforcement authorities seized 2,300 domains and the central command structure supporting the malicious […]

A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node. Residential proxy networks use home user devices to route traffic with the goal of evading blocks and performing various malicious activities such as credential stuffing, phishing, and malware distribution. The new […]

Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer. Volvo Group North America is the Swedish multinational’s operating arm in the United States, Canada, and Mexico. It focuses on manufacturing commercial vehicles and heavy equipment, […]

SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but it did not impact business applications or account data. The company’s Chief Commercial Officer, Derek Curtis, says that the intrusion occurred on January 29, via a single SmarterMail virtual machine (VM) set up by an employee. “Prior to […]

Passwords remain a persistent point of tension between usability and security. Controls designed to strengthen authentication often introduce complexity, which encourages users to rely on familiar patterns rather than genuinely unpredictable credentials. In practice, this frequently results in passwords derived from an organization’s own language. Attackers have long recognized this behavioral pattern and continue to […]

BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary code remotely. Tracked as CVE-2026-1731, this pre-authentication remote code execution vulnerability stems from an OS command injection weakness discovered by Harsh Jaiswal and the Hacktron AI team, and […]

Two Connecticut men face federal charges for allegedly defrauding FanDuel and other online gambling sites of $3 million over several years using the stolen identities of approximately 3,000 victims. 29-year-olds Amitoj Kapoor and Siddharth Lillaney, both of Glastonbury, Connecticut, were arrested Thursday following a 45-count indictment returned by a federal grand jury and were each […]