Bill Toulas

Device code phishing attacks have skyrocketed this year, with a 37x increase. Users of IoT and streaming devices are particularly at risk. New phishing kits like EvilTokens are making these attacks easier for cybercriminals. Stay alert and protect your accounts.

A new study reveals that residential proxies evade IP reputation checks in 78% of cases, complicating cybersecurity efforts. This issue affects many organizations, making them vulnerable to attacks. Experts recommend focusing on behavioral patterns for better defense strategies.

New vulnerabilities in Progress ShareFile could allow hackers to execute code without authentication. Thousands of businesses are at risk. Immediate patching is essential to secure systems.

A new Android malware named NoVoice has infected over 2.3 million devices via Google Play. This malware targets WhatsApp data, posing serious security risks. Users must take immediate action to secure their devices and data.

A critical vulnerability in GIGABYTE Control Center allows remote attackers to write files and execute code. Users must upgrade to the latest version to protect their systems. This flaw poses significant risks for both individuals and organizations.

A new malware named RoadK1ll is enabling attackers to pivot within breached networks. This stealthy implant uses WebSocket connections to extend control over compromised systems. Organizations must enhance their defenses to mitigate this growing threat.

A vulnerability in the Smart Slider 3 plugin threatens over 500,000 WordPress sites, allowing unauthorized file access. Site owners must update their plugins immediately to mitigate risks.

AFC Ajax has reported a hack exposing fan data and enabling ticket hijacking. Hundreds of fans are affected, raising concerns about data security. The club is taking steps to enhance its systems and protect user information.

A new phishing campaign is targeting TikTok for Business accounts, risking sensitive data and security. Users should be vigilant against suspicious links and verify domains before entering credentials. Protect your accounts by using passkeys and reporting any suspicious activity.

Threat actors are exploiting Bubble's app builder to create phishing sites targeting Microsoft accounts. This method bypasses security checks, putting user credentials at risk. Stay vigilant against suspicious links and enable MFA for added protection.

Torg Grabber malware is stealing sensitive data from over 700 crypto wallets. This poses significant risks to users' financial security. Stay informed and protect your assets.

PTC has alerted users about a critical vulnerability in Windchill and FlexPLM that could allow hackers to execute remote code. Companies are urged to take immediate action to mitigate risks. The German police are actively warning affected organizations to prevent potential exploitation.

Infinite Campus is warning of a data breach after ShinyHunters claimed to have stolen sensitive information. This incident affects numerous K-12 districts across the U.S. and raises concerns about data security in education. The company is taking steps to secure its systems and inform affected parties.

Mazda reported a security breach exposing employee and partner data. The incident involved unauthorized access to a warehouse management system. Affected individuals are advised to stay alert for potential phishing scams.

Police have dismantled 373,000 fake CSAM sites in a major operation. Thousands of users were tricked into paying for non-existent content. This crackdown highlights the urgent need to combat online child exploitation.

Navia disclosed a data breach affecting 2.7 million individuals, exposing sensitive information. The company is offering credit monitoring to those impacted, highlighting the risks of identity theft.

A new vulnerability called 'PolyShell' threatens Magento e-stores by allowing unauthorized remote code execution. This flaw affects all versions of Magento Open Source and Adobe Commerce. Immediate action is required to secure these platforms from potential attacks.

A new Android malware named Perseus is stealing sensitive information from user notes. It primarily targets financial institutions and crypto services in Turkey and Italy. Users should avoid sideloading apps and ensure their devices are secure.

Aura confirmed a data breach exposing 900,000 customer records. Names and emails were compromised, raising identity theft concerns. Aura is notifying affected individuals and working with experts.

Nordstrom's email system was compromised to send out fraudulent cryptocurrency scam emails. Customers received these deceptive messages, leading some to send money. The retailer is investigating the breach and advises customers to ignore the scam.

A new font-rendering attack has been uncovered, allowing malicious commands to bypass AI assistants. This poses serious risks to users who trust these tools. Stay alert and verify commands before executing them.

Betterleaks has launched as a new open-source secrets scanner, replacing Gitleaks. It helps developers find sensitive information in their code. This tool is crucial for preventing data leaks and securing applications.

What Happened This week, the AppsFlyer Web SDK was hijacked in a serious supply-chain attack. Malicious code was injected into the SDK, which is widely used for marketing analytics by over 15,000 businesses globally. The compromised code was designed to intercept cryptocurrency wallet addresses entered by users on various websites. Instead of sending funds to the intended wallet, the

Poland's nuclear research center thwarted a cyberattack aimed at its IT systems. While no damage occurred, the incident raises concerns about national security. Authorities are investigating the potential involvement of Iranian hackers amidst rising cyber threats.