The Dstat.cc DDoS review platform has recently been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years.

The Canadian Centre for Cyber Security recently announced that at least 20 Canadian government networks have been compromised by Chinese state-sponsored threat actors, who have maintained access over the past four years to steal valuable data.

New research shows that the "FakeCall" Android banking trojan, also known as "Fakecalls," has grown more sophisticated in evasion and espionage.

Cisco Talos researchers have observed threat actors using copyright infringement claims to trick targets and deploy infostealers.

Colorado state election officials recently announced that voting system passwords were mistakenly put on the Colorado Secretary of State's website for several months before being spotted and taken down.

Microsoft warns that Chinese threat actors are using the "Quad7" botnet, built with hacked Small Office/Home Office (SOHO) routers, to steal credentials in password-spray attacks.

Sophos has detailed a years-long battle with Chinese government-backed hacking teams and admitted to using its own custom implants to track the hackers' tools, movements, and tactics.

Since at least September 2024, users in the US, UK, Spain, Australia, and Japan have been targeted by a new phishing kit named "Xiu Gou," which was designed to deploy phishing attacks globally.

Hackers are targeting two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, government, and courtroom settings.

According to researchers at ThreatFabric, "LightSpy," an Apple iOS spyware, now has an improved version with destructive capabilities to prevent the compromised device from booting up.

Researchers at Bitdefender Labs have discovered a malvertising campaign that abuses Meta's advertising platform and hijacks Facebook accounts to distribute the "SYS01stealer" infostealer.

An operation named "EmeraldWhale" has led to the theft of over 15,000 cloud account credentials from thousands of private repositories by scanning for exposed Git configuration files.