Scattered Lapsus Hunters Target Tech With 40 Malicious Domains
Security researchers uncovered a large phishing operation linked to Scattered Lapsus Hunters, a threat group that registered more than 40 fake domains. These lookalike sites imitate major tech companies and aim to harvest credentials from employees and consumers. The discovery highlights the growing sophistication behind phishing campaigns that exploit brand trust and corporate identity. How the Campaign Works Researchers from
Chrome Malicious Extension Exposed as Part of ClearFake Attack
A new investigation reveals how a Chrome malicious extension disguised as a translation tool infected browsers with injected scripts and aggressive redirects. Researchers identified the extension as CryptoCopilot, which operated as part of the long-running ClearFake malvertising campaign. The incident highlights the growing risk of malicious code entering trusted platforms like the Chrome Web Store. How the Campaign Operated Guardio
GreyNoise IP Scanner Lets Users Check Botnet Exposure
A growing need for simple security tools has pushed GreyNoise Labs to launch a new public scanner that helps users understand how their IP address behaves across the internet. With the GreyNoise IP scanner, anyone can check if their IP appears in datasets linked to botnet activity, mass scanning, or unwanted probing. The tool offers quick insight into possible compromises
OpenAI Breach: Vendor Hack Exposes API Customer Data
A vendor security failure at Mixpanel exposed API customer metadata and pushed OpenAI to reassess its third-party risk controls. The OpenAI breach originated from unauthorized access within Mixpanel’s systems, where attackers extracted analytics data linked to API accounts. OpenAI confirmed that its own infrastructure remained secure, yet the incident demonstrates how external service providers can still create meaningful exposure for
OnSolve CodeRED Cyberattack Hits Emergency Systems
The OnSolve CodeRED cyberattack disrupted emergency alert services across the United States and exposed sensitive user data. CodeRED supports thousands of municipalities, police departments and public-safety agencies. When attackers breached the system, the incident raised serious concerns about the resilience of national emergency-communication infrastructure. Attack Overview Attackers claimed they infiltrated the CodeRED platform on November 1, 2025. They stated they
Malicious Blender Models Deliver Stealc Malware to 3D Artists
Malicious Blender models now threaten 3D artists and developers through weaponized project files that deliver the Stealc infostealer. Attackers use these infected assets to compromise creative pipelines and steal valuable credentials. The campaign shows how threat actors shift toward tools used in digital content creation to reach high-value targets. How the Attack Works Security researchers uncovered infected .blend files that
Iberia data leak exposes supplier-level security weaknesses
Iberia, one of Europe’s largest airlines and the flag carrier of Spain, is dealing with a security incident involving customer information accessed through a compromised vendor system. The Iberia data leak emerged after the supplier reported a breach that exposed limited passenger details, prompting the airline to launch its internal security protocol. The disclosure also revived interest in a separate
BadAudio malware Exposed in APT24 Espionage Campaigns
Google’s latest threat intelligence report reveals how BadAudio malware powered long-running espionage campaigns linked to APT24. Google researchers analysed activity that began in late 2022 and continued through 2025. Their findings show a coordinated effort built on stealth, layered infection chains, and persistent access methods. The investigation highlights how advanced groups improve their tools while avoiding detection for years. APT24’s
PlushDaemon Supply Chain Attacks Reveal Update Security Flaws
A recent investigation reveals how the PlushDaemon supply chain threat actor compromises trusted software updates through DNS manipulation and a multi-stage malware operation. The group redirects update traffic to malicious servers by exploiting vulnerable routers and injecting hidden implants. Their campaign exposes a critical weakness in modern update paths, where many organisations rely on automated downloads without validating the source.
Logitech Data Breach Exposes Private Information
A recent Logitech data breach has raised serious concerns after the company confirmed an extortion attack linked to the Clop ransomware group. Logitech reported that attackers stole internal data by exploiting a third-party zero-day vulnerability. The incident highlights ongoing risks in enterprise systems and underscores growing pressure on global companies to strengthen supply-chain security. How the Attack Began Logitech disclosed
