BADBOX 2.0: How Your TV Could Be a Botnet Node
Imagine buying a brand-new smart TV or streaming box, still sealed in its packaging. Only to find out later that it was already compromised by hackers before it ever reached your hands. That’s the chilling reality behind BADBOX 2.0, a global botnet campaign that has turned over a million consumer devices into unwitting cyber weapons. The FBI is sounding the
ViLE Members Sentenced for Breaching DEA Portal and Doxxing
In a chilling reminder of how digital tools can be weaponized for harassment and extortion, two members of the cybercrime group "ViLE" have been sentenced to federal prison after breaching a U.S. law enforcement portal and using stolen data to terrorize victims. Sagar Steven Singh, a 21-year-old from Rhode Island who operated under the alias “Weep,” and Nicholas Ceraolo, a
Play Ransomware Breaches 900 Victims Worldwide, FBI Confirms
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) have issued a joint advisory revealing that the Play ransomware group (also known as Playcrypt) has compromised over 900 organizations globally as of May 2025. This marks a sharp increase from the 300 known victims in October 2023, underscoring the escalating threat posed by the group.
Victoria’s Secret Cyberattack Shuts Down the Company Website
At the end of May 2025, Victoria’s Secret experienced a major cyberattack that forced the company to take its U.S. website offline. The sudden shutdown disrupted online shopping for millions of customers and caused ripple effects across its retail operations. Although the company has not shared specific details about the nature of the attack, the disruption suggests it may have
TikTok Videos Spread Malware via ClickFix Attacks
TikTok, the go-to platform for viral dances, life hacks, and bite-sized entertainment, has now entered the radar of cybersecurity experts for a far more sinister reason. A recent report from Trend Micro reveals that cybercriminals are using TikTok videos to spread infostealer malware in a new and deceptive tactic known as "ClickFix." What Is ClickFix? ClickFix is a social engineering
Operation Endgame: Europol Strikes a Blow to Ransomware
In a coordinated international crackdown, Europol, alongside law enforcement agencies from around the globe, has executed a sweeping operation that disrupted some of the world's most notorious ransomware operations. “Operation Endgame”, this large-scale effort resulted in the takedown of 300 servers, the neutralization of 650 domains, and the seizure of €3.5 million in cryptocurrency between May 19 and May 22,
Aisuru Botnet Launches Devastating DDoS Attack
A recent attack on KrebsOnSecurity has set a new benchmark for the scale and speed of digital warfare. Central to this unprecedented 6.3 Tbps distributed denial-of-service (DDoS) attack is Aisuru, a recently discovered botnet powered by compromised Internet of Things (IoT) gadgets. Unlike traditional attacks, this one lasted less than a minute, packed enough power to cripple most online infrastructures.
BadSuccessor Vulnerability: A New Threat in Windows Server 2025
A newly discovered vulnerability in Windows Server 2025, dubbed "BadSuccessor", is raising serious alarms in the cybersecurity community. The flaw targets a recently introduced feature called delegated Managed Service Accounts (dMSAs). It allows attackers to escalate privileges and impersonate virtually any user in Active Directory. This includes highly privileged accounts. Discovered by researchers at Akamai, this unpatched vulnerability affects environments
Malicious Chrome Extensions Are Stealing Your Data
In a new and alarming cybersecurity report, over 100 malicious Google Chrome extensions have been discovered impersonating trusted tools like Fortinet VPN, YouTube downloaders, and AI services. These deceptive extensions were designed not only to lure users with familiar branding, but also to steal sensitive browser data and inject remote scripts. This poses a major threat to anyone using the
Lumma Stealer Disrupted After Infecting 10 Million Devices
In a major win for global cybersecurity, a widespread malware campaign known as Lumma Stealer (LummaC2) has been successfully disrupted after compromising an estimated 10 million systems worldwide. This malicious software, designed to harvest sensitive personal and financial data, had quickly become a tool of choice for cybercriminals across the globe. The takedown marks one of the most significant actions
