North Korean threat group Kimsuky has deployed a sophisticated new backdoor called HTTPTroy against South Korean targets. The malware uses layered encryption and memory-resident techniques to avoid detection. Here’s what makes this threat different and why defenders should pay attention.
AI-generated hurricane images are spreading dangerous misinformation during real disasters. One viral photo showed birds that would be larger than football fields if the image were real. Experts warn this is making crisis communication much harder.
A fake AI image of Hurricane Melissa went viral showing birds that would be larger than football fields flying at impossible altitudes. The image spread across multiple platforms with help from coordinated bot farms, highlighting the growing problem of AI misinformation during disasters.
The Consumer Financial Protection Bureau’s cybersecurity program has been deemed “not effective” by federal auditors. The agency’s security maturity dropped dramatically while 35 systems operated without proper authorization. Staff cuts and contractor terminations have crippled the agency’s security
As millions face Windows 10’s end of support, malicious actors are creating fake versions of popular bypass tools. The Flyoobe developer warns users to only download from official sources. The situation highlights the desperation many feel about Microsoft’s hardware requirements.
Bugcrowd has acquired Mayhem Security, bringing automated vulnerability testing into its crowdsourced security platform. The deal brings 11 employees from Mayhem, which previously raised $36 million in funding.
One of Ethereum’s leading DeFi protocols lost over $120 million in a sophisticated cyber attack. The hack exploited “rounding down precision loss” in Balancer’s calculations, allowing attackers to manipulate token prices through crafted parameters.
DragonForce has emerged as a new ransomware threat using Conti’s leaked source code. The group has shifted to a cartel model and is actively recruiting affiliates while conducting coordinated attacks. Security researchers warn this represents a significant evolution in ransomware operations.
A senior cybersecurity executive’s theft of $35 million worth of zero-day exploits reveals systemic failures in how Western defense contractors protect their most sensitive digital weapons. The case exposes how trusted insiders can bypass even the most sophisticated security measures.
U.S. prosecutors have charged cybersecurity professionals who specialized in ransomware negotiation with conducting their own attacks. The case reveals deep vulnerabilities in the incident response ecosystem.
