In a surprising series of events, Google recently advised users of competing email services to consider switching to Gmail due to reliability and service stability concerns. The messaging emphasized that users could avoid potential service interruptions by moving their communication and data to Gmail’s ecosystem.
Read More
The cybersecurity landscape has entered an inflection point. Where traditional ransomware once involved attacker-coded payloads and direct encryption demands, modern campaigns are now increasingly driven by artificial intelligence: self-learning, adaptive, tailored, and increasingly difficult to detect or defend against. According to recent research, as much as 80 % of ransomware attacks now utilise artificial intelligence.
Read More
A sophisticated new malware campaign is targeting WordPress sites with an ingenious obfuscation technique that’s proving difficult to detect—and it’s already hit over 30,000 sites in a single month.
Read More
A sophisticated malware distribution campaign has transformed YouTube into an unexpected threat vector, leveraging over 3,000 compromised videos to deliver information-stealing malware to unsuspecting users. This operation, designated as the “YouTube Ghost Network” by Check Point Research, represents a paradigm shift in how threat actors exploit trusted platforms to achieve large-scale compromise.
Read More
The rise of AI-powered browsers has introduced a new frontier in web security—one where traditional defenses fall short and attackers have found innovative ways to exploit artificial intelligence itself. Recent research has uncovered critical vulnerabilities in agentic AI browsers, particularly Perplexity’s Comet browser, revealing how malicious actors can manipulate these tools through sophisticated prompt injection techniques.
Read More
A coordinated cyberattack has successfully compromised more than 250 Adobe Commerce and Magento Open Source e-commerce stores within a 24-hour period, exploiting a recently disclosed critical vulnerability. E-commerce security firm Sansec has issued an urgent warning as threat actors actively leverage CVE-2025-54236, also known as “SessionReaper,” to hijack customer accounts and deploy malicious backdoors across vulnerable platforms.
Read More
On October 18, 2025, the official Xubuntu website experienced a significant security breach that transformed legitimate download links into malware distribution channels. Attackers replaced torrent files with a malicious Windows executable designed to steal cryptocurrency through clipboard hijacking. This incident represents a concerning trend in supply chain attacks targeting open-source software communities, particularly during a period when users are migrating from end-of-life Windows 10 systems.
Read More
A new attack technique is quietly becoming one of the most prevalent cybersecurity threats of 2025. Known as ClickFix, FileFix, or fake CAPTCHA attacks, this social engineering method has seen explosive growth, with some studies reporting increases of up to 517% in just six months. Major organizations including Kettering Health, DaVita, and the City of St. Paul have all fallen victim to these increasingly sophisticated attacks.
Read More
Compromised PHP sites often hide webshells – small scripts that give attackers remote command execution, file management, database access, and persistence. This guide walks you through how webshells stick around, IOCs to scan for, concrete commands/YARA patterns to detect them, and a step-by-step cleanup methodology you can follow (or hand to your incident responder).
Read More