Fake Ad Blocker Extension Triggers ClickFix Attacks
Researchers have uncovered a fake ad blocker extension that deliberately crashes web browsers to manipulate users into executing malicious commands. Instead of exploiting software vulnerabilities, the campaign relies entirely on social engineering, using confusion and urgency to push victims into completing the attack themselves. This approach makes the threat particularly effective, even against users who consider themselves security-aware. By combining
Grubhub Crypto Scam Targets Users With Fake Email Promises
Cybercriminals are exploiting trust in well-known brands to push a new cryptocurrency scam that promises unrealistic profits. The Grubhub crypto scam uses fake promotional emails that claim users can receive a tenfold return by sending cryptocurrency to a provided wallet address. The campaign relies on urgency, familiarity, and false legitimacy to convince victims to act quickly. Unlike typical phishing emails
Interpol Ransomware Crackdown Breaks Criminal Infrastructure
An unprecedented Interpol ransomware crackdown has delivered a major blow to global cybercrime operations. Coordinated across dozens of countries, the operation led to hundreds of arrests, the dismantling of criminal infrastructure, and the successful decryption of multiple ransomware strains. The effort highlights how international cooperation has become a central weapon against ransomware threats that increasingly target governments, healthcare providers, and
700Credit Data Breach Exposes 58 Million Dealership Customers
A large-scale 700Credit data breach has quietly exposed sensitive personal information linked to tens of millions of vehicle dealership customers in the United States. While the incident did not originate inside dealership networks, it still carries serious consequences for consumers whose data passed through a trusted third-party platform. The breach highlights a familiar but persistent problem. As businesses outsource critical
PayPal Subscription Scam Abuses Legitimate Billing Emails
A PayPal subscription scam is circulating that does not rely on fake domains, malicious links, or compromised accounts. Instead, it abuses a legitimate PayPal feature to deliver fraudulent messages directly from PayPal’s own email infrastructure. The result is a scam that bypasses many traditional warning signs and places users at risk through trust rather than technical deception. Security researchers warn
Cloudflare Outage Brings Major Sites Offline Again
A major Cloudflare outage disrupted large parts of the internet on December 5. This created widespread 500 errors across many websites and services. It marked the second incident of instability, which raised concerns about Cloudflare’s reliability during rapid security updates. Many users woke on December 5 to find familiar websites returning 500 Internal Server Errors. Cloudflare confirmed that its Web
Streaming Piracy Shutdown: Photocall Service Terminated
Streaming piracy shutdown efforts intensified this week as investigators confirmed the closure of Photocall, a popular illegal IPTV platform with millions of yearly visits. The case demonstrates how modern anti-piracy campaigns now target high-traffic services that distribute live sports, entertainment channels, and premium TV content without authorization. Photocall’s termination also reflects growing collaboration between industry groups and law-enforcement partners who
Cloudflare Outage Disrupts Global Services on November 18
A huge Cloudflare outage on November 18 caused widespread disruption across major online platforms. Cloudflare provides essential DNS, CDN, and security services to a large portion of the internet. When its traffic-handling systems failed yesterday, thousands of services across the globe faced broken functionality, connection errors, and complete downtime. The outage highlighted how deeply modern platforms depend on Cloudflare’s infrastructure
Rhadamanthys Infostealer Disruption Shakes Cybercrime Market
The Rhadamanthys infostealer disruption has sent shockwaves through the cybercrime world. In early November 2025, operators and paying "customers" suddenly lost access to their web panels and servers. SSH logins switched to certificate-only mode without warning, leaving hackers locked out of their own tools. This abrupt shutdown may indicate a coordinated law enforcement action, potentially linked to Europe’s ongoing Operation
Vibe-Coded Malware: Fake VS Code Extension Slips Past Review
A so-called vibe-coded malware incident has reignited concerns about Visual Studio Code’s marketplace security. Security researchers discovered an AI-generated test extension called “susvsex”, created by the publisher “suspublisher18.” Despite an honest description revealing its behavior, the extension was approved on November 5, 2025. It demonstrated data-exfiltration and encryption routines, clearly labeled as experimental, yet it still passed Microsoft’s automated review.
