Cybercrime
-
FBI warns Kimsuky used malicious QR codes in 2025 quishing campaigns
An FBI flash alert warned that North Korea linked group Kimsuky used malicious QR codes in 2025 spear phishing to target think tanks, academia, and government entities. The attacks aimed to steal session tokens and bypass multi factor authentication.
-
China-linked UAT-7290 targets telcos in South Asia and expands into Southeastern Europe
A China-linked cluster called UAT-7290 has targeted telecommunications providers in South Asia and moved into Southeastern Europe. The group performs deep reconnaissance and deploys modular malware that can turn edge devices into relay nodes.
-
Black Cat uses SEO poisoning to distribute backdoor, compromises about 277,800 hosts in China
A CNCERT/CC and ThreatBook technical analysis links the Black Cat gang to an SEO poisoning campaign that pushed fake software downloads and implanted a backdoor, compromising about 277,800 hosts in China between December 7 and 20, 2025.
-
ownCloud urges users to enable MFA after credential theft reports
ownCloud urged users to enable multi-factor authentication after attackers used credentials stolen by infostealer malware to access self-hosted file sharing instances. The advisory recommends MFA, password resets, session invalidation, and log review.
-
Phishing actors spoof internal addresses by abusing complex email routing, Microsoft warns
Microsoft warned that phishing actors exploit complex mail routing and misconfigured spoof protections to send emails appearing internal, and that more than 13 million messages tied to the Tycoon 2FA kit were blocked in October 2025.
-
Two Chrome extensions exfiltrated ChatGPT and DeepSeek conversations from 900,000 users
A technical analysis by OX Security found two malicious Chrome extensions that collected ChatGPT and DeepSeek conversations and tab URLs from about 900,000 users and sent the data to external servers on a regular schedule.
-
PHALT#BLYX campaign uses fake Booking emails and BSoD lures to deliver DCRat
PHALT#BLYX used fake Booking.com reservation emails and a bogus blue screen lure in late December 2025 to deliver the DCRat remote access trojan to European hospitality systems.
-
Cyber incident forces two day closure at Warwickshire school
A cyber incident shut down IT at Higham Lane School in Nuneaton, cutting phones, email and servers and forcing a two day closure. Recovery work involves a Department for Education response team and trust IT experts.
-
Internet outage in Caracas coincided with U.S. cyber effects as forces entered Venezuela
NetBlocks reported a loss of internet connectivity in Caracas during early Saturday power cuts as U.S. Cyber Command and Space Command layered cyber effects to create a pathway for U.S. forces entering Venezuela. PDVSA said no facilities were damaged.
-
AI agents flagged as new insider threat in 2026 by Palo Alto report
A Palo Alto Networks predictions report warns AI agents are a new insider threat in 2026 as Gartner forecasts 40 percent of enterprise apps will adopt task specific agents. The report highlights privilege risk, prompt injection and defensive uses.
