Logitech Data Breach Exposes Private Information
A recent Logitech data breach has raised serious concerns after the company confirmed an extortion attack linked to the Clop ransomware group. Logitech reported that attackers stole internal data by exploiting a third-party zero-day vulnerability. The incident highlights ongoing risks in enterprise systems and underscores growing pressure on global companies to strengthen supply-chain security. How the Attack Began Logitech disclosed
DoorDash Data Breach Exposes User Contact Information
A new DoorDash data breach surfaced in late October 2025 and raised fresh concerns about security inside major delivery platforms. DoorDash confirmed an unauthorized party accessed user contact information after a social-engineering attack compromised an employee. The incident adds pressure to a company already criticized for past security failures and increases the risk of future targeted fraud. What Happened During
Malware Takedown Dismantles Major Malware Operations
Malware takedown efforts intensified this week as international law-enforcement agencies dismantled the infrastructure behind Rhadamanthys, VenomRAT, and Elysium. Authorities targeted large networks that controlled infected systems, harvested credentials, and enabled widespread cybercrime activity. Investigators coordinated across several countries and removed key servers, domains, and operational assets. This action delivers a significant blow to three prolific malware ecosystems. Scale of the
Rhadamanthys Infostealer Disruption Shakes Cybercrime Market
The Rhadamanthys infostealer disruption has sent shockwaves through the cybercrime world. In early November 2025, operators and paying "customers" suddenly lost access to their web panels and servers. SSH logins switched to certificate-only mode without warning, leaving hackers locked out of their own tools. This abrupt shutdown may indicate a coordinated law enforcement action, potentially linked to Europe’s ongoing Operation
ChatGPT Suicide Lawsuits: OpenAI Accused of Negligence
A series of ChatGPT suicide lawsuits filed in California claims that OpenAI’s chatbot played a role in several tragic deaths. Families of the victims argue that ChatGPT’s emotionally charged conversations influenced vulnerable users and that the company failed to prevent foreseeable harm. The legal actions raise difficult questions about AI responsibility, product safety, and the emotional power of conversational systems.
ClickFix Phishing Campaign Hits Global Hotels with Malware
A new ClickFix phishing campaign is sweeping across the hospitality sector, infecting hotel networks with PureRAT malware. Security researchers have uncovered a large-scale campaign impersonating booking platforms like Booking.com and Expedia to compromise hotel administrators and guests alike. The operation leverages social engineering and malware-as-a-service tools, aiming to seize access to hotel extranets, harvest credentials, and conduct fraudulent financial activities.
GlassWorm Malware Returns on OpenVSX with New Extensions
The GlassWorm malware has resurfaced on the OpenVSX registry, signaling a new wave of supply-chain attacks against developers. Only weeks after its first takedown, researchers from Koi Security have discovered three fresh extensions distributing updated variants of the threat. The new malicious uploads: ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs, collectively gathered over 9,000 downloads before their removal. These packages reuse the same
Are AI Browsers a Welcome Innovation or a Security Threat?
The next generation of web browsers doesn’t just open pages, it thinks, reads, and acts. AI browsers are emerging as intelligent companions designed to simplify online tasks, summarise information, and automate repetitive work. For many users, they represent the future of web navigation: effortless, conversational, and deeply personalised. But beneath this polished innovation lies an uncomfortable question. When the browser
Vibe-Coded Malware: Fake VS Code Extension Slips Past Review
A so-called vibe-coded malware incident has reignited concerns about Visual Studio Code’s marketplace security. Security researchers discovered an AI-generated test extension called “susvsex”, created by the publisher “suspublisher18.” Despite an honest description revealing its behavior, the extension was approved on November 5, 2025. It demonstrated data-exfiltration and encryption routines, clearly labeled as experimental, yet it still passed Microsoft’s automated review.
Gootloader Malware Returns Stronger with New Evasion Tricks
After a seven-month silence, Gootloader malware has made a striking return with an upgraded campaign that blends deception and technical precision. Security researchers report that the attackers now rely on fake legal template sites, advanced evasion tricks, and fresh persistence methods to slip past modern defenses. What once began as a simple loader has evolved into a refined infection chain
