Latest Cybersecurity Threats

Real-time threat intelligence from trusted sources

The Government Accountability Office (GAO) reported that the Federal Rotational Cyber Workforce program, designed to rotate cybersecurity professionals among federal agencies, has seen minimal participation. Only a handful of personnel received approval to join the initiative, which aims to enhance collaboration and knowledge sharing across government entities. This low engagement raises concerns about the effectiveness of the program in addressing the growing cybersecurity challenges faced by federal agencies. Without a more robust participation rate, the program may struggle to achieve its intended goals of improving cyber defense capabilities and developing a skilled workforce. The findings suggest a need for better incentives or support to encourage agencies to utilize this resource effectively.

Read Original
Actively Exploited

A new malware framework named OkoBot has emerged, capable of deploying over 20 different payloads aimed at stealing sensitive data, particularly cryptocurrency wallet seed phrases and user credentials. The framework is designed to infiltrate systems and extract valuable information from users, making it a significant threat to anyone dealing with cryptocurrencies. As cybercriminals increasingly target digital assets, this development raises alarms for individuals and businesses alike. Users are advised to enhance their security measures and remain vigilant against suspicious activities that may indicate an OkoBot attack. The rise of such tools underscores the ongoing risk of data breaches in the cryptocurrency space.

Read Original

Three Russian nationals have been indicted for allegedly operating bulletproof hosting services that facilitated cyberattacks across 21 states in the U.S. and other countries. The accused individuals, linked to companies Media Land and ML.Cloud, are said to have contributed to cybercrimes that resulted in losses exceeding $62 million. Bulletproof hosting is a type of service that provides web hosting for malicious activities, allowing attackers to evade law enforcement and launch various cyber operations. This indictment underscores the ongoing challenges law enforcement faces in combating cybercrime, particularly when it involves international actors. The case emphasizes the need for continued cooperation among countries to tackle such threats effectively.

Read Original
Actively Exploited

A global phishing campaign has been detected that disguises a Lua loader as a TrueType font file to deploy remote access Trojans (RATs) and information stealers. Attackers are using this method to bypass security measures by making the malicious files appear innocuous. This tactic affects users who may inadvertently open these disguised files, leading to potential data breaches or unauthorized access to systems. The presence of such sophisticated phishing techniques raises concerns about the effectiveness of traditional email security measures. Users need to be vigilant about unexpected email attachments, even if they seem harmless, to avoid falling victim to these types of attacks.

Read Original

23andMe, the genetic testing company, has agreed to pay $18 million to settle a lawsuit filed by a coalition of 43 attorneys general. The lawsuit claimed that 23andMe failed to adequately protect its customers' genetic data, putting sensitive information at risk. This settlement comes as part of a broader push for companies to prioritize data security, especially when handling personal genetic information. Customers who used 23andMe's services are particularly affected, as their genetic data could have been exposed. The situation raises significant concerns about privacy and the responsibilities of companies in safeguarding sensitive health information.

Read Original

Researchers have found that OpenAI's GPT-5.5 can execute a full chain of cyber-attacks with just a single prompt. This testing revealed the model's potential use by hackers, raising concerns about its capabilities in offensive cyber operations. The implications are significant, as it suggests that advanced AI tools could simplify the process of launching attacks, making it accessible even to those with limited technical skills. As such AI models become more capable, the cybersecurity community may need to adapt strategies to address these emerging risks. This situation emphasizes the urgent need for organizations to enhance their defenses against increasingly sophisticated cyber threats.

Read Original

Thalha Jubair and Owen Flowers, members of the hacking group Scattered Spider, have been sentenced to prison in the UK for their involvement in a cyberattack against Transport for London (TfL) in 2024. The attack aimed to disrupt TfL's operations, which are vital for public transport in London. The sentencing serves as a reminder of the legal consequences of cybercrime, especially as public infrastructure continues to be targeted by hackers. This incident raises concerns about the security of essential services and the need for stronger defenses against such attacks. The case highlights the ongoing struggle between law enforcement and cybercriminals as authorities work to protect critical infrastructure from future threats.

Read Original

As artificial intelligence continues to grow, data centers designed to support AI infrastructure are being constructed at a rapid pace. However, these new facilities often lack the security measures needed to protect against emerging threats that traditional data center designs do not account for. This rush to build AI data centers can leave vulnerabilities that attackers might exploit, putting sensitive data and operations at risk. Companies developing AI technologies must prioritize security from the start, rather than trying to retrofit protections after a facility is operational. The implications for businesses and users are significant, as a security breach could lead to data loss or misuse, affecting trust and operations across various sectors.

Read Original

Cybersecurity experts have identified a new malware named TELEPUZ that has been spreading since late April 2026 through compromised websites using ClickFix lures. This modular malware is designed to steal data and execute commands on infected systems. Researchers from Elastic Security Labs note that while the number of command-and-control domains associated with TELEPUZ is currently limited, its capabilities raise significant concerns for users and organizations. The lightweight nature of the malware makes it particularly dangerous, as it can easily evade detection. Users visiting infected sites are at risk, making it crucial for individuals and companies to remain vigilant about their online activities and security practices.

Read Original

A new piece of malware known as ClickLock Stealer is targeting macOS users by forcing them to input their login passwords. This infostealer operates by running a command in the Terminal that creates a fake system dialog asking for the password. If the victim cancels this request, the malware repeatedly kills various applications—including Finder and Terminal—every 210 milliseconds until the password is provided. Once the victim logs in again, the malware installs two LaunchAgents, allowing it to operate silently in the background. This type of attack is particularly concerning as it manipulates user behavior to extract sensitive information, highlighting the need for users to be cautious about unexpected prompts and commands.

Read Original

Two prominent members of the Scattered Spider cybercrime group have been sentenced to five and a half years in prison for their involvement in a cyberattack on Transport for London (TfL) in 2024. The attack targeted TfL's computer systems, resulting in significant disruptions to services and potential data breaches. This incident not only affected daily commuters but raised concerns about the security of critical infrastructure in the UK. The sentencing serves as a warning to other cybercriminals, emphasizing that law enforcement is actively pursuing those who compromise public services. The case illustrates the ongoing threat posed by organized cybercrime groups and the importance of robust cybersecurity measures for public transport systems.

Read Original

Rockwell Automation has identified several vulnerabilities in its CompactLogix, ControlLogix, Compact GuardLogix, and GuardLogix products that could allow attackers to cause a denial-of-service (DoS) condition. The affected versions include various models of CompactLogix and ControlLogix controllers, specifically those running versions V35.015 or lower for the 5370 and 5570 series, and V34.012 or V35.011 for the 5380, 5480, and 5580 series. If exploited, these vulnerabilities could lead to the devices entering a non-recoverable fault state, disrupting operations in critical manufacturing sectors. Users are urged to update their systems to the latest versions to mitigate these risks, as the vulnerabilities have a high severity rating (CVSS score of 8.6).

Read Original
Critical
Siemens SICAM 8

All CISA Advisories

Siemens has identified multiple vulnerabilities in its SICAM 8 product line, which could lead to denial of service and other security risks. The affected products include the CPCI85 Central Processing/Communication and SICORE Base system versions prior to 26.20.0. These vulnerabilities could allow attackers to disrupt services, install malicious firmware, or gain unauthorized access to critical system functions. Siemens has released updates for the affected products and strongly advises users to upgrade to the latest versions to mitigate these risks. This is particularly important for operators in critical infrastructure sectors like energy and manufacturing, where such vulnerabilities could have serious implications.

Read Original
Critical
Rockwell Automation Flex 5000 Adapter

All CISA Advisories

Rockwell Automation has reported a vulnerability in its Flex 5000 Adapter, specifically version 6.011, that could lead to a denial-of-service (DoS) condition. This issue arises from improper handling of specific CIP packets, which can cause the adapter to become unresponsive, necessitating a power cycle to restore functionality. The vulnerability is classified as CVE-2026-12659 and has a CVSS score of 7.5, indicating a high severity level. Users are advised to upgrade to version 6.012 to mitigate this risk. For those unable to update, Rockwell Automation recommends following its security best practices to safeguard their systems. This vulnerability is particularly concerning for sectors involved in critical manufacturing and information technology, affecting organizations globally.

Read Original
Critical
SALTO ProAccess Space

All CISA Advisories

A vulnerability in SALTO ProAccess Space has been identified, allowing authenticated attackers to escalate their privileges and access areas outside their designated partitions. This flaw affects versions below 6.13 and requires valid operator credentials and the partition feature to be enabled. Organizations using this system should urgently upgrade to version 6.13 to mitigate the risk. The vulnerability, designated as CVE-2026-11889, poses a significant threat as it could allow unauthorized access to spaces managed by the system, particularly in sectors such as commercial facilities and critical manufacturing. Users are advised to enhance their security by limiting operator account permissions and considering operational adjustments, such as disabling partitioning if possible.

Read Original
Page 1 of 270Next