1+ day, 9+ hour ago  (315+ words) The extension exploits growing user frustration over OpenAI's recent move to display advertisements to free-tier ChatGPT users, posing as a solution while secretly operating as spyware. Rather than blocking ads, the extension systematically steals user prompts, chat history, and metadata…...

1+ day, 9+ hour ago  (363+ words) Group-IB, the widespread availability of free hosting platforms allows attackers to build and distribute phishing campaigns with minimal effort, making operations highly scalable. The threat actors distributed phishing emails with varying social engineering narratives to lure victims. Throughout 2024, emails typically…...

1+ day, 16+ hour ago  (412+ words) Between March 26 and 27, 2026, the Computer Emergency Response Team of Ukraine (CERT-UA) thwarted a malicious cyber campaign in which threat actors impersonated the agency to distribute malware. The attackers sent deceptive emails claiming to be from CERT-UA, urging recipients to download…...

1+ day, 14+ hour ago  (437+ words) A newly uncovered phishing campaign is actively targeting organizations in South Korea by abusing GitHub as a Command and Control (C2) server. Discovered by FortiGuard Labs, the attacks rely on heavily obfuscated malicious LNK (shortcut) files to infiltrate systems. While these…...

2+ day, 11+ hour ago  (14+ words) New ZAP PTK Add-On Converts Browser Security Findings into Native ZAP Alerts'cyberpress.org...

5+ day, 12+ hour ago  (377+ words) CyberProof MDR analysts and threat researchers have identified a significant surge in PXA Stealer activity targeting global financial institutions during the first quarter of 2026. These campaigns primarily leverage phishing emails containing malicious URLs that trigger the download of compromised ZIP…...

1+ week, 14+ hour ago  (409+ words) The European Commission has confirmed a cyberattack on its cloud-based infrastructure following the identification of a compromised Amazon Web Services (AWS) account. The Commission emphasized that its internal systems, including sensitive operational networks, were not impacted during the incident. The…...

1+ week, 1+ day ago  (304+ words) The Internet Systems Consortium (ISC) has issued a security advisory for a high-severity vulnerability affecting its Kea DHCP server, a widely used solution for managing IP address allocation in enterprise and ISP environments. The issue is classified as a stack…...

1+ week, 1+ day ago  (331+ words) Hackers linked to the China-nexus group Red Menshen are deploying highly stealthy BPFdoor backdoors inside global telecom networks, enabling long-term espionage operations that are difficult to detect and remove. Telecom networks form the backbone of global connectivity, handling mobile identities,…...

1+ week, 1+ day ago  (308+ words) A large-scale phishing campaign is currently targeting developers directly within GitHub by distributing fake Visual Studio Code security alerts. By tagging large numbers of developers and relying on GitHub's built-in email notification system, the threat actors successfully amplify their reach…...