Cybersecurity experts have uncovered a global hacking campaign where attackers secretly steal passwords by planting hidden code in Microsoft Exchange email login pages.

The attacks have hit at least 65 organizations across 26 countries, including government offices, banks, schools, and tech companies. Once users enter their login details, the stolen information is either stored on the server or sent directly to the hackers using tools like...

Cybersecurity experts have discovered a new hacker group called Water Curse that uses fake GitHub repositories to spread multi-stage malicious software. Disguised as security or developer tools, the malicious software steals sensitive data like passwords, browser info, and session tokens, and gives hackers remote access to infected systems. It uses Visual Basic Script and PowerShell to run hidden scripts, install malicious apps, and gather system data while avoiding...

Why DNS Security Matters

While firewalls and antivirus tools get most of the attention, DNS is a critical — and often overlooked — layer of cybersecurity. As the system that connects users to websites, apps, and online services, DNS is essential to internet functionality. But because it wasn’t built with security in mind, it's become a prime target for attackers.

Common threats like DNS spoofing, hijacking, and tunneling can redirect users, steal data, or shut...

A Man-in-the-Middle (MiTM) attack places a hacker between your browser and a real website, often using malicious software to spy on or change your data.

A Browser-in-the-Middle (BiTM) attack is trickier. You think you're using your own browser, but you're actually interacting with a browser controlled by a hacker. They can watch, record, and manipulate everything you do online.

How BiTM Attacks Work

1. Phishing – You click a fake link...

   ---

   June 4, 2025 17:38 (3 weeks, 5 days ago) |  0 | 2 minutes read

The Latrodectus malicious software now uses a trick called ClickFix to spread and run in a computer’s memory, making it hard to detect. It downloads other harmful software like ransomware and was first reported in April 2024. A big cleanup operation in May 2025 shut down many servers linked to it. Recent attacks trick users into running commands that secretly install malicious software without saving files. It often hides inside real apps like NVIDIA installers. Experts suggest turning off...

Cybercriminals are using fake Facebook pages and ads to impersonate Kling AI, a popular AI tool for creating images and videos. These ads lead users to fake websites like klingaimedia[.]com, which claim to offer AI services but instead trick visitors into downloading malicious software. The malicious files are hidden in ZIP archives and install a remote access trojan (RAT) that allows attackers to control the victim’s device and steal sensitive information such as passwords and...

Hackers are tricking people into downloading a virus called Noodlophile by using fake AI tools. They create fake websites and promote them on social media.

These fake sites offer AI tools for video and image editing. When users upload content, they’re told to download a file. But instead of the expected results, they download a malicious ZIP file.

The file installs Noodlophile, which can:

• Steal...

  ---

  May 15, 2025 00:05 (on 5/15/25) |  0 | 1 minute read

A company that stores backups online recently found out that a very skilled group of hackers, likely supported by a government, broke into its system by using a hidden problem that no one knew about before. Even though the system was broken into, there’s no evidence that customer information was looked at or taken, and the company kept running normally.

The company first heard something was wrong in February 2025, and they shared what they knew in March 2025. The hackers used a...

WhatsApp is rolling out a new feature called Private Processing that lets users take advantage of AI tools — like summarizing unread messages or getting writing suggestions — without giving up their privacy.

The company, owned by Meta, says the new feature keeps your messages secure by processing them in a protected space that even WhatsApp and Meta can’t access. This means you can use helpful AI features without worrying that your chats are being read or...

Microsoft has uncovered a malware campaign that uses fake cryptocurrency apps to spread malicious software. Since October 2024, attackers have been tricking users into downloading what looks like Binance or TradingView installers. These fake apps use Node.js and PowerShell to steal system data and send it to hackers.

The malware avoids detection by disabling Defender scans, stealing sensitive data like browser info, and staying active through scheduled tasks. Some versions use a...