Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts. The campaign used “compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code ​ ​…

Cybersecurity researchers have discovered a cybercrime campaign that’s using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef. “The objective is to lure victims into downloading and installing a trojanized PDF editor, which includes an information-stealing malware dubbed TamperedChef,” Truesec researchers Mattias Wåhlén, Nicklas ​ ​ ​Read More

Three federal agencies were parties to a global security advisory this week warning about the extensive threat posed by Chinese nation-state actors targeting network devices. ​ ​ ​Read More

The credit reporting agency said the breach was “limited to specific data elements” and didn’t include credit reports or core credit information. ​ ​ ​Read More

Many familiar faces made Flashpoint’s 2025 midyear ransomware report, as well as new gangs, which are increasingly using AI. ​ ​ ​Read More

One of the most sophisticated supply chain attacks to date caused immense amounts of data to leak to the Web in a matter of hours. ​ ​ ​Read More

The company said the threat actor abused its Claude Code service to “an unprecedented degree,” automating reconnaissance, intrusions, and credential harvesting. ​ ​ ​Read More

“ZipLine” appears to be a sophisticated and carefully planned campaign that has already affected dozens of small, medium, and large organizations across multiple industry sectors. ​ ​ ​Read More

In response to a cyberattack that was first detected on Sunday, the governor shut down in-person services for state offices while restoration efforts are underway. ​ ​ ​Read More

The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites. ​ ​ ​Read More