Latest stories — Page 9

Meet Avalon: The Swiss-Army Malware That Ends in Ransomware
A newly documented toolkit called Avalon steals passwords, spreads across networks, and locks up files — all from one phishing email.

Google and FBI cut off NetNut, a two-million-device botnet hidden inside smart TVs
The residential proxy service let hundreds of criminal and spy groups route attacks through ordinary homes.

Fake Rollup Helper Packages on npm Traced to North Korean Hackers
Two look-alike JavaScript packages copied a popular developer tool line-for-line, then quietly opened a back door onto the machines of anyone who installed them.

81 Million Login Attempts: A Massive Password Spray Attack Hit Microsoft 365 Users
Criminals hammered Microsoft accounts with automated login attempts for two weeks. At least 78 accounts were broken into — and many victims had multi-factor authentication switched on, just not set up correctly.

Three Quick Hits: Canadian Hacker Jailed, Open-Source Flaws Dropped, ATM Jackpotters Sentenced
A week's worth of security stories that deserve a second look — from an Anonymous-linked arrest in Canada to cash-machine criminals facing US prison time.

New Phishing Kit 'ARToken' Exposes Full Microsoft 365 Takeover Playbook
Cisco Talos researchers found more than 80 hidden commands inside a phishing service tied to the EvilTokens platform — including tools to steal Microsoft 365 logins, read mailboxes, and quietly hide their tracks.

Adobe Is Doubling Its Patch Releases — Here's Why That Matters
Starting in July, Adobe will push security fixes twice a month instead of once. Blame faster vulnerability discovery, AI-assisted research, and a threat pace that monthly updates can no longer keep up with.

Armored Likho: the newly-named hacking crew hitting power grids and government offices
Russian security firm Kaspersky says the group mixes espionage against big institutions with money-driven attacks on ordinary people.

New Chinese AI Models Challenge Cyber Defenses
Recent advances in Chinese AI models reveal vulnerabilities at a rapid pace, posing a challenge to cybersecurity defenses.

Citrix NetScaler Vulnerability Sparks Exploitation Attempts
Citrix patches a high-severity flaw in NetScaler appliances as exploitation attempts are reported within 24 hours.

An AI Agent Ran a Ransomware Attack by Itself. Here's What That Means.
Criminals used an AI tool called Langflow to let a machine plan and carry out a multi-step ransomware intrusion without a human guiding every move — a shift that could make attacks faster and cheaper to run at scale.

A Spyware Investigator Got Spied On: Pegasus Hit an EU Lawmaker Probing Pegasus
Forensic analysis of Stelios Kouloglou's phone shows repeated Pegasus infections while he sat on the European Parliament's own spyware inquiry.

ShinyHunters Breach Hits Medtronic: 3.8 Million Patients' Medical Records Stolen
The extortion group ShinyHunters broke into the medical device maker's systems in April 2026, walking away with names, Social Security numbers, and sensitive health details belonging to nearly four million people.

PamStealer: Fake Maccy App Hides Mac Password-Grabbing Script
Researchers say the AppleScript malware poses as a popular clipboard tool, tricks users into typing their Mac password, then quietly ships browser data and crypto wallets to its operators.

Popular AI Coding Tool Cursor Has Flaws That Could Let Attackers Run Code on Your Computer
Security researchers found two vulnerabilities in the Cursor AI code editor that could allow an attacker to silently take control of a developer's machine — no click required.

OpenAI's New AI Model Faces Unprecedented Government Scrutiny
OpenAI limits release of GPT-5.6 Sol to Trump-approved partners amid cybersecurity concerns.

Google and FBI Shut Down NetNut, a Criminal Anonymity Network Built on Millions of Hijacked Home Devices
NetNut rented out access to infected home and business routers so criminals and foreign spies could hide their tracks. A joint operation has disrupted it.

American Tech Is Quietly Powering the Global Scam Machine
A joint investigation by AP and FRONTLINE found that tools built by US companies are helping criminals run fraud operations at industrial scale — and most victims never see it coming.

Cisco Spends Around $400 Million to Plug a Growing Security Blind Spot: AI Agents
Two rapid-fire acquisitions — Astrix Security and WideField Security — are Cisco's answer to a question most companies haven't thought to ask: who's watching the bots?

Anthropic's Fable 5 AI Is Back Online After a Three-Week Government Ban
The U.S. Commerce Department lifted its export restrictions on Anthropic's Fable 5 model Tuesday, after weeks of closed-door negotiations over whether the AI could be weaponised by bad actors.

Five Eyes spy agencies warn AI will outpace cybersecurity defences within months
The intelligence alliance that links the US, UK, Australia, Canada and New Zealand says AI-powered attacks are arriving faster than most organisations can adapt — and breaches are now a question of when, not if.