DoorDash Data Breach Exposes User Contact Information
A new DoorDash data breach surfaced in late October 2025 and raised fresh concerns about security inside major delivery platforms. DoorDash confirmed an unauthorized party accessed user contact information after a social-engineering attack compromised an employee. The incident adds pressure to a company already criticized for past security failures and increases the risk of future targeted fraud. What Happened During
ClickFix Phishing Campaign Hits Global Hotels with Malware
A new ClickFix phishing campaign is sweeping across the hospitality sector, infecting hotel networks with PureRAT malware. Security researchers have uncovered a large-scale campaign impersonating booking platforms like Booking.com and Expedia to compromise hotel administrators and guests alike. The operation leverages social engineering and malware-as-a-service tools, aiming to seize access to hotel extranets, harvest credentials, and conduct fraudulent financial activities.
GlassWorm Malware Returns on OpenVSX with New Extensions
The GlassWorm malware has resurfaced on the OpenVSX registry, signaling a new wave of supply-chain attacks against developers. Only weeks after its first takedown, researchers from Koi Security have discovered three fresh extensions distributing updated variants of the threat. The new malicious uploads: ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs, collectively gathered over 9,000 downloads before their removal. These packages reuse the same
Gootloader Malware Returns Stronger with New Evasion Tricks
After a seven-month silence, Gootloader malware has made a striking return with an upgraded campaign that blends deception and technical precision. Security researchers report that the attackers now rely on fake legal template sites, advanced evasion tricks, and fresh persistence methods to slip past modern defenses. What once began as a simple loader has evolved into a refined infection chain
Miljödata Data Breach Exposes 1.5 Million Records in Sweden
A large-scale cyberattack has shaken Sweden after the Miljödata data breach exposed sensitive information belonging to about 1.5 million people. The incident, affecting a major municipal software supplier, has prompted national investigations by IMY and CERT-SE. How the Breach Happened Miljödata, one of Sweden’s most widely used IT suppliers for municipalities, revealed in late August 2025 that its systems had
SesameOp Exploits OpenAI Assistants API for Covert Control
Microsoft’s latest threat report has revealed a worrying trend: attackers are now using artificial-intelligence platforms as part of their command-and-control systems. The newly discovered SesameOp backdoor abuses the OpenAI Assistants API to hide its activity inside normal network traffic. Instead of relying on custom servers or shady hosting, the operators turned OpenAI’s trusted cloud service into their covert communications channel.
LinkedIn Phishing Campaign Targets Finance Executives
A new LinkedIn phishing campaign is targeting finance executives with fake invitations to join an exclusive board. The attack uses professional pretexts, trusted cloud platforms, and advanced phishing methods to steal login credentials and bypass multi-factor authentication. How this LinkedIn Phishing Campaign Works The campaign begins with a direct message on LinkedIn inviting the target to join the “Executive Board”
PhantomRaven Malware Targets npm Supply Chain
The PhantomRaven malware campaign has struck the npm ecosystem, compromising 126 open-source packages and putting thousands of developers at risk. Security researchers uncovered that these malicious packages were designed to exfiltrate credentials, tokens, and sensitive data directly from developer environments. This large-scale attack underscores the growing threat of supply-chain compromise in open-source software. How PhantomRaven Malware Works PhantomRaven malware infiltrates
Atroposia Malware: Hackers Exploit Systems with Local Scanner
A new threat known as Atroposia malware is making waves in the cybersecurity world. Researchers have identified it as a highly advanced Remote Access Trojan (RAT) that not only grants attackers full control over compromised systems but also scans them for weaknesses. By embedding a local vulnerability scanner, Atroposia changes how cybercriminals approach exploitation, blending data theft with automated reconnaissance.
MuddyWater Phoenix Backdoor Targets 100+ Government Entities
An Iranian-backed hacking group known as MuddyWater has launched a major cyberespionage campaign across the Middle East and Africa. Using phishing emails sent from a compromised mailbox accessed through NordVPN, the attackers targeted over 100 government organizations and diplomatic missions. The operation delivered version 4 of the group’s custom Phoenix backdoor, which enabled remote access and long-term intelligence gathering. Large-Scale
