Latest news as of 9/23/2025, 1:04:29 PM
Dark Reading
Until businesses begin to account for uncontrolled variables in their threat models, attackers will continue to exploit the weakest link in the chain.
The Register
Remy Ra St Felix led a vicious international crime ring A violent home invader and gunpoint cryptocurrency thief will now spend more than 50 years behind bars after being found guilty of assaulting a witness.…
Bleeping Computer
Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI). [...]
The Hacker News
Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that's targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine by Check Point Research. "Instead of sending unsolicited phishing emails, attackers initiate contact through a company's public 'Contact Us' form, tricking
Check Point Research
Key findings: Introduction Check Point Research (CPR) has been closely monitoring the activity of a highly persistent and sophisticated threat actor who leverages social engineering tactics to gain the trust of targeted U.S.-based organizations. While analyzing the phishing lures used by the actors, we repeatedly noticed an intriguing pattern: in every case, it was the victim who […] The post appeared first on . ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies Check Point Research
Graham Cluley
A 26-year-old hacker, who breached websites in North America, Yemen, and Israel, and stole the details of millions of people has been sent to prison.
Graham Cluley
A suspected hacker, believed to be the mastermind behind an organised campaign of attacks that stole millions of dollars worth of stocks from celebrities, including BTS singer Jung Kook, has been extradited to South Korea. Read more in my article on the Hot for Security blog.
The Hacker News
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale cybercrime campaign, first detected in August 2025, has been codenamed ShadowCaptcha by the Israel National
The Register
Crims raided third-party systems and lifted personal data, including license numbers and partial SSNs US insurance giant Farmers Insurance says more than a million customers had personal data nicked after a third-party vendor was compromised.…
The Hacker News
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. "A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment," Zimperium zLabs researcher Vishnu Pratapagiri