What if a locked iPhone or iPad wasn’t as locked down as you thought—just because someone could briefly plug in a cable? That’s the unsettling reality behind CVE‑2025‑24200, an iOS and iPadOS zero‑day that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) says is being actively exploited in the wild. The vulnerability targets Apple’s USB…
What if your payment details and personal information sat exposed for months—while cybercriminals quietly probed, profiled, and prepared follow-up scams? That’s the unsettling scenario flagged by Innovate Cybersecurity in a top news roundup, where a prolonged PayPal data exposure shot to the top of the list. The breach, reportedly enabled by compromised credentials or a…
If a company that builds the world’s networking backbone can have its credentials leaked, what does that say about the rest of us? The alleged Cisco breach—claimed by the Kraken ransomware group and reported to include usernames, NTLM password hashes, and domain credentials—should make every security leader pause. Not because “no one is safe” (we’ve…
If February felt “quiet” on the breach front, think again. Under the surface, adversaries leveled up—weaponizing AI to supercharge phishing, probe cloud blind spots, and slip malware into software pipelines that ship to production. Xage Security’s latest roundup paints a nuanced picture: fewer megabreaches, but faster, smarter attacks with AI in the driver’s seat. The…
If a vulnerability gets publicly disclosed on a Saturday and you feel your weekend slipping away, you’re not alone. Today’s announcement of CVE-2026-2071 has the security community on alert—and for good reason. The disclosure classifies the issue as high severity, and while the technical specifics are still thin, the risk profile implies potential for serious…
If you trust the first search result when you look for a download, this story will make you pause. Security researchers uncovered an SEO poisoning campaign that tricks Chinese‑speaking Windows users into installing malware from slick, convincing lookalike software sites. The twist? The installer often includes the real app too—so everything seems normal while the…
If you’ve been leaning on UEFI Secure Boot as your last line of defense against bootkits, this one will make you sit up. A new ransomware strain dubbed “HybridPetya” doesn’t just echo the infamous Petya/NotPetya playbook—it escalates it. Researchers at ESET say HybridPetya can bypass UEFI Secure Boot using CVE‑2024‑7344, a now-revoked vulnerability in a…
If a single line of code could lock your entire company out of its network, would you know before it detonated? That’s the chilling question at the heart of a real insider-threat case that ended with a four-year prison sentence for software developer Davis Lu. His employer, a global electrical manufacturer, suffered severe disruption when…
What happens when a convincing fake slips into a fast-moving news cycle? Last week, parts of the cybersecurity community learned the hard way. A new Telegram channel, styled to look official, claimed Europol was offering up to $50,000 for tips identifying two alleged Qilin ransomware administrators. Several outlets ran with it. It sounded plausible. It…
What happens when a 22-year-old with the right skills and the wrong incentives can summon multi-terabit floods of traffic at will? According to federal prosecutors, you get “Rapper Bot”—one of the most powerful DDoS-for-hire botnets ever seen—and a staggering number of attacks that battered targets across more than 80 countries. In a case that’s rattled…
