Cybercrime
-
Canada warns of hacktivist breaches at water, energy and farm facilities
The Canadian Centre for Cyber Security warned that hacktivists have repeatedly breached internet-exposed industrial control systems at water, oil and agricultural sites, altering control settings and prompting guidance to remove direct internet exposure, use multifactor VPNs, and report incidents through the Cyber Centre.
-
UK data watchdog fines sole trader £200,000 over nearly 1m spam texts targeting people in debt
The Information Commissioner’s Office fined Bharat Singh Chand £200,000 after finding he sent 966,449 unsolicited texts about debt and energy grants from hundreds of numbers; the ICO said the messages lacked sender identification, prompted calls from a firm calling itself The Debt Relief Team, generated more than 19,000 complaints and that Chand has appealed the…
-
Researchers find 10 typosquatted npm packages delivering cross‑platform credential stealer
Researchers reported a set of 10 typosquatted npm packages, uploaded on July 4, 2025 and downloaded over 9,900 times, that deploy an obfuscated, multi-stage information stealer which harvests credentials from browsers and system keyrings on Windows, Linux and macOS.
-
Dentsu says Merkle subsidiary suffered data breach exposing staff and client information
Dentsu disclosed that U.S. subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data, systems were taken offline, data were stolen and impacted individuals are being notified while an investigation continues.
-
CISA says two Dassault DELMIA Apriso flaws are being actively exploited
CISA warned that two vulnerabilities in Dassault Systèmes’ DELMIA Apriso are being actively exploited. The flaws, CVE-2025-6205 and CVE-2025-6204, were patched by the vendor in August and have been added to CISA’s KEV catalog; U.S. federal agencies must remediate under BOD 22-01 by Nov. 18.
-
Herodotus Android malware uses human-like typing delays to evade detection
Threat Fabric has identified Herodotus, an Android malware-as-a-service that uses randomized typing delays to mimic human input and evade timing-based detection, and is being distributed via SMS to users in Italy and Brazil.
-
Google denies reports that 183 million Gmail accounts were breached
Google said reports that 183 million Gmail accounts were breached are false; the dataset cited appears to be an aggregation of infostealer-sourced credentials shared with Have I Been Pwned, and users are advised to enable two-step verification, use passkeys and change exposed passwords.
-
SideWinder adopts ClickOnce-based infection chain in South Asia espionage campaign
Researchers say the SideWinder group used a new ClickOnce‑based infection chain alongside Word exploits in spear‑phishing waves from March to September 2025 to deliver ModuleInstaller and the StealerBot implant against diplomatic and government targets in South Asia.
-
Kaspersky links Chrome zero-day campaign to Italian spyware firm Memento Labs
Kaspersky detailed Operation ForumTroll, a campaign that used a Chrome sandbox escape (CVE-2025-2783) to deliver modular spyware LeetAgent and a second implant called Dante, which researchers attribute with high confidence to Memento Labs, a firm formed from assets of the former Hacking Team.
-
Researchers warn ‘CoPhish’ uses Microsoft Copilot Studio agents to harvest OAuth tokens
Datadog Security Labs disclosed “CoPhish,” a phishing method that uses Microsoft Copilot Studio agents and legitimate Microsoft-hosted demo pages to deliver fraudulent OAuth consent flows and harvest session tokens; Microsoft says it will address the issue in a future update and both vendors recommend tightening admin privileges and consent policies.
