Cybercrime
-
CISA says Windows SMB privilege-escalation bug CVE-2025-33073 is being exploited
CISA warned that threat actors are actively exploiting CVE-2025-33073, a high-severity SMB privilege-escalation bug affecting Windows Server, Windows 10 and Windows 11 up to 24H2. Microsoft patched the flaw in June 2025 and attributed discovery to multiple researchers, while CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog and set a Nov. 10 deadline…
-
Researchers find 131 Chrome extensions cloned to automate WhatsApp spam in Brazil
Researchers say 131 rebranded Chrome extensions, sharing a common codebase, were used to automate bulk WhatsApp Web messaging aimed at Brazilian users, a campaign that appears designed to evade platform anti-spam controls and contravene Chrome Web Store rules.
-
Lawsuit says Deel orchestrated long-running espionage against competitor Rippling
Rippling filed a lawsuit on March 17, 2025, alleging that Deel directed a months-long corporate espionage campaign through a cultivated employee who searched Rippling systems thousands of times to capture sales, customer and recruiting information, and that top Deel executives were implicated.
-
Foreign intruders accessed Kansas City weapons plant IT via SharePoint flaws, source says
A source familiar with an August response says a foreign actor exploited unpatched Microsoft SharePoint flaws to access the Kansas City National Security Campus IT network. Investigations are ongoing, attribution is disputed between Chinese-linked groups and possible Russian actors, and experts warn the incident highlights gaps between IT and operational technology security.
-
Europol: SIMCARTEL takedown leads to seven arrests, thousands of SIM cards seized
European authorities dismantled a network called SIMCARTEL that used SIM boxes to facilitate phishing and other frauds, seizing thousands of SIM cards, making seven arrests and tracing the operation to millions of created accounts, officials said.
-
Microsoft revokes more than 200 certificates used in fake Teams ransomware campaign
Microsoft said it revoked over 200 code signing certificates used by a group tracked as Vanilla Tempest to sign fake Microsoft Teams installers that delivered the Oyster backdoor and Rhysida ransomware; the company said it detected the activity in late September 2025 and has updated protections to flag the malicious signatures.
-
Have I Been Pwned reports 17.6 million addresses affected in Prosper data breach
Prosper, a peer-to-peer lending marketplace, disclosed a breach detected on Sept. 2. Data breach service Have I Been Pwned reported 17.6 million unique email addresses were exposed and said the stolen records include Social Security numbers and other personal data. Prosper said it has not found evidence of account or fund access and is investigating…
-
Sotheby’s reports July breach that exposed Social Security numbers and financial data
Sotheby’s said a July 24 cyber intrusion stole an unspecified amount of data, including Social Security numbers and financial account information; a filing with the Maine attorney general confirmed two Maine residents were affected and the company is offering 12 months of TransUnion monitoring.
-
Google says North Korean hackers used smart-contract “EtherHiding” to deliver malware
Google Threat Intelligence Group says a North Korean actor known as UNC5342 used an “EtherHiding” smart-contract technique to host and deliver JavaScript malware via fake job interviews, enabling stealthy payload updates and theft of credentials and cryptocurrency.
-
German authorities seize 1,406 fraudulent crypto trading domains in Operation Heracles
German authorities seized 1,406 fraudulent cryptocurrency trading domains on Oct. 3, 2025 under Operation Heracles, BaFin said, recording about 866,000 access attempts in ten days and warning that professional-looking sites, call centres and possibly AI were used to target German-speaking victims.
