A new Android malicious software called PhantomCard is targeting bank customers in Brazil by stealing credit and debit card data using NFC (near-field communication). The malware copies card info from a victim’s phone and sends it to criminals, who can then make fake payments.

PhantomCard spreads through fake Google Play pages offering a “card protection” app called Proteção Cartões, tricking users with fake positive reviews. When...

Zoom and Xerox have released important software updates to fix serious security problems that could let hackers break into computers or take control of them remotely.

What Happened with Zoom?

Zoom found a major flaw in some of its Windows apps that could allow a hacker to gain more control over a computer than they should. The issue was discovered by Zoom’s own security team and has now been fixed in the latest update.

The problem affects several Zoom...

A group called VexTrio Viper made fake apps that looked helpful—like phone cleaners, dating apps, or spam blockers—but were actually scams. These apps were found on both the Apple and Google app stores and were downloaded millions of times.

Once installed, they charged users secretly, showed endless ads, and collected personal info. Some users had a hard time...

Cybersecurity experts have uncovered a scam where fake cryptocurrency trading apps are being used to spread a dangerous malware called JSCEAL. This malware steals login info, crypto wallet data, and more.

Hackers post fake ads on Facebook using stolen or fake accounts. These ads lead victims to fake websites that look like real services (like TradingView), tricking them into downloading harmful apps.

The malware is hidden in parts—some in the website’s code, others in...

On July 22, 2025, CISA added two major Microsoft SharePoint flaws — CVE-2025-49704 (remote code execution) and CVE-2025-49706 (authentication bypass) — to its Known Exploited Vulnerabilities list after confirming active use in attacks. Federal agencies were ordered to patch by July 23. Microsoft reported that Chinese hacker groups, Linen Typhoon and Violet Typhoon, have been taking advantage of these bugs since early July using a method called “ToolShell,” which also involves...

Google has released an important update for its Chrome browser after discovering a serious security flaw that hackers are already using in real-world attacks.

The issue, found in Chrome’s graphics system, could allow attackers to break out of the browser's security protections just by getting someone to visit a harmful website. This kind of security issue is dangerous because it doesn’t require users to click or download anything — simply opening the page could put their device at...

Cybersecurity experts warn about a growing scam called TOAD (Telephone-Oriented Attack Delivery). Attackers send fake emails that appear to be from trusted brands like Microsoft, DocuSign, PayPal, or Norton. These emails often contain PDFs with QR codes or phone numbers.

Victims are tricked into calling these numbers, where scammers pose as support agents to steal personal information or install malware.

Scammers make these...

Microsoft has announced that it will officially end support for saved passwords in its Authenticator app starting August 1, 2025. Additionally, the app’s autofill feature will stop working in July 2025, marking a significant step in the company’s move toward a passwordless future.

This change is part of a broader effort to improve security and simplify the user experience. Microsoft is shifting its focus to stronger authentication methods like...

Cybersecurity experts have uncovered a global hacking campaign where attackers secretly steal passwords by planting hidden code in Microsoft Exchange email login pages.

The attacks have hit at least 65 organizations across 26 countries, including government offices, banks, schools, and tech companies. Once users enter their login details, the stolen information is either stored on the server or sent directly to the hackers using tools like...

Cybersecurity experts have discovered a new hacker group called Water Curse that uses fake GitHub repositories to spread multi-stage malicious software. Disguised as security or developer tools, the malicious software steals sensitive data like passwords, browser info, and session tokens, and gives hackers remote access to infected systems. It uses Visual Basic Script and PowerShell to run hidden scripts, install malicious apps, and gather system data while avoiding...