Ukrainian cyberpolice, in collaboration with U.S. law enforcement, have apprehended an 18-year-old man from Odesa who is believed to be behind an infostealer malware operation. This operation specifically targeted users of an online store based in California, resulting in the theft of approximately 28,000 accounts. The malware was designed to harvest sensitive information from victims, raising concerns about the security of online shopping platforms. This incident serves as a stark reminder of the ongoing risks associated with online transactions and the importance of robust cybersecurity measures for both users and businesses. Authorities are continuing to investigate the scope of the operation and its potential connections to other cybercrimes.
Latest Cybersecurity Threats
Real-time threat intelligence from trusted sources
BleepingComputer
Hackers have successfully bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances, allowing them to gain unauthorized access to networks. They achieved this by brute-forcing VPN credentials, which enabled them to deploy tools commonly used in ransomware attacks. This incident poses a serious risk for organizations relying on SonicWall's VPN technology, as it undermines the security measures intended to protect sensitive data. Companies using these appliances should be vigilant and consider strengthening their security protocols. The exploitation of this vulnerability emphasizes the need for timely patching and updates to prevent similar attacks in the future.
Recent research from Visa has identified AI-driven scams as the fastest growing form of consumer fraud. These scams often involve sophisticated tactics that can trick individuals into making fake payments. Consumers need to be vigilant and look out for five key red flags that may indicate a scam, such as unsolicited requests for payment, pressure to act quickly, and unusual payment methods. The implications of these scams are significant, as they can lead to financial loss and erode trust in digital payment systems. Awareness and education are crucial for consumers to protect themselves from these evolving threats.
A serious vulnerability has been found in the operating system used by certain robotic systems, allowing unauthenticated attackers to execute command injections. This flaw enables attackers to gain remote access, potentially leading to significant disruptions in environments that rely on these robots. Affected organizations need to take immediate action to protect their systems, as the implications of such control could be severe, impacting operations and safety. Users of the affected robotic systems should prioritize applying any available patches to mitigate this risk. The vulnerability underscores the need for ongoing vigilance in securing operational technology environments.
The Grafana data breach occurred due to a failure in rotating a GitHub workflow token after a recent npm supply-chain attack involving TanStack. This oversight allowed unauthorized access to Grafana's systems, potentially exposing sensitive data. The incident raises concerns about the importance of maintaining secure token management practices, especially in the wake of supply-chain vulnerabilities. Companies using Grafana may be at risk if they rely on outdated or improperly managed tokens. This breach serves as a reminder for organizations to regularly review and update their security protocols to prevent similar incidents.
Infosecurity Magazine
A new malware campaign named 'Premium Deception' has been discovered, using 250 fake Android apps to trick users into signing up for paid services without their consent. Researchers found that these apps, which masquerade as legitimate tools and games, charge users covertly, often leading to unexpected fees in their accounts. This campaign affects a wide range of Android users, particularly those who download apps from unofficial sources or third-party app stores. It's a reminder for users to be cautious about app permissions and to download software only from trusted platforms. The incident emphasizes the ongoing risks of mobile malware and the need for better awareness among users about app security.
Infosecurity Magazine
A new malware called Mini Shai-Hulud has targeted hundreds of npm packages within the Alibaba AntV ecosystem, marking a significant wave of supply chain attacks. This worm exploits vulnerabilities in various libraries used by developers, potentially compromising their projects and exposing sensitive data. As the attack affects a wide range of users within the AntV community, it raises concerns about the security of the npm ecosystem as a whole. Developers are urged to review their dependencies and ensure their code is secure against this type of malware. The situation is alarming as it shows how quickly malicious software can spread through popular development tools, putting many at risk.
Digital.ai's recent report reveals that the rise of agentic AI is changing the landscape of mobile app security. Attackers can now target apps just hours after their release, making it difficult for companies to protect their products. This trend affects all industries that rely on mobile applications, as the speed and frequency of these attacks have increased significantly. The report emphasizes the need for developers and security teams to enhance their defenses to keep up with these evolving threats. As attackers become more adept at exploiting vulnerabilities, the implications for user data and app integrity are serious, necessitating immediate action from affected companies.
ESET has reported that the Webworm APT group, also known as Space Pirates and UAT-8302, has shifted its focus from Asian targets to European government organizations in 2025. The group has been active since at least 2022 and is believed to be aligned with China. Its recent targets include government entities in Belgium, Italy, Poland, Serbia, and Spain, as well as a local university in South Africa. This expansion into Europe raises concerns about the potential for increased cyber espionage and data breaches affecting national security and government operations. Organizations in the affected regions need to bolster their cybersecurity measures to defend against these sophisticated attacks.
According to the 2026 Verizon Data Breach Investigations Report (DBIR), vulnerability exploitation has surpassed stolen credentials as the main method attackers use to gain initial access to networks. This marks a significant shift, as it's the first time in nearly two decades that credential theft has not held the top position in the report. The findings are based on real-world data and reflect the evolving tactics used by cybercriminals. Companies should be aware that their defenses may need to adapt to this change, focusing more on identifying and patching vulnerabilities in their systems. The report serves as a crucial reminder for organizations to prioritize vulnerability management in their cybersecurity strategies.
1Password has partnered with OpenAI to address concerns about AI coding agents potentially leaking sensitive credentials. The collaboration aims to implement a just-in-time credential model for OpenAI Codex, which ensures that credentials are not stored persistently within prompts, code repositories, or the model's context. This approach is crucial as it prevents unauthorized access to sensitive information that could occur if AI agents retain these secrets. By focusing on this model, 1Password and OpenAI are promoting safer coding practices and reducing the risk of credential exposure in AI-assisted development environments. This initiative is particularly important as more developers turn to AI tools for coding assistance, making it essential to safeguard against possible leaks.
According to Verizon's latest Data Breach Investigations Report (DBIR), mobile phishing is on the rise, surpassing email as the preferred method for cyber attackers. This shift is largely due to improved defenses against email phishing, prompting attackers to increasingly use texts and phone calls to trick users into revealing sensitive information. Businesses are encouraged to enhance their security measures, particularly by training employees to recognize these types of attacks and implementing stronger verification processes. This trend is concerning because mobile phishing can catch users off guard, making it easier for attackers to succeed. Companies need to act quickly to protect themselves and their customers from these evolving threats.
Anthropic has quietly addressed a vulnerability in its AI model, Claude, which allowed for a bypass of its code sandbox. A researcher discovered that this flaw could be combined with a prompt injection attack to potentially exfiltrate sensitive data. While the company has patched the issue, the implications of such vulnerabilities are significant, as they could enable malicious actors to extract information from AI models. This incident serves as a reminder for organizations using AI technologies to stay vigilant and ensure their systems are secure against similar threats. Users of Claude should be aware of this patch and consider reviewing their security practices to mitigate risks from potential exploits.
BleepingComputer
Drupal is set to release a core security update today to address a significant vulnerability that could be exploited by attackers shortly after its announcement. The organization has cautioned that malicious actors are likely to create exploits within hours of the update going public. This means that any websites or applications running on affected versions of Drupal could be at risk if they do not update promptly. Users of Drupal should prioritize applying this critical update to protect their systems from potential attacks. The announcement underscores the need for vigilance in maintaining the security of web applications, particularly those built on widely used platforms like Drupal.
Hackread – Cybersecurity News, Data Breaches, AI and More
According to the Verizon Data Breach Investigations Report (DBIR) for 2026, software vulnerabilities have surpassed stolen passwords as the leading cause of cyberattacks. The report highlights that attackers are increasingly using artificial intelligence to exploit these vulnerabilities, often within hours of their discovery. This shift in tactics poses a significant risk to organizations, as it allows hackers to bypass security measures more efficiently. Companies need to prioritize patching software vulnerabilities and implementing robust security practices to defend against such rapid exploitation. The findings serve as a wake-up call for businesses to reassess their cybersecurity strategies in an environment where AI is being weaponized by cybercriminals.