Dark Partners Cybercrime Gang Fuels AI and Crypto Heists
A new player has entered the cybercrime arena — and they’re not after just your passwords. The Dark Partners cybercrime gang is behind a sophisticated malware campaign that’s targeting users of AI tools, VPN services, and cryptocurrency platforms. By cloning popular websites like Windscribe, Ledger, and Sora, the gang lures victims into downloading malware disguised as legitimate software. The goal:
DragonForce Ransomware Hits MSPs via SimpleHelp
In a chilling reminder of the risks posed by insecure remote access tools, the ransomware group DragonForce has launched a sophisticated supply chain attack by exploiting critical vulnerabilities in SimpleHelp, a remote monitoring and management (RMM) platform widely used by Managed Service Providers (MSPs). The campaign, first uncovered by researchers at Group-IB, reveals how three recently discovered vulnerabilities in SimpleHelp
PumaBot Botnet Compromises Linux IoT Devices
A newly discovered botnet called PumaBot is making rounds in the cybersecurity world. Designed to infiltrate Linux-based systems, this malware takes a focused and stealthy approach, specifically targeting Internet of Things (IoT) devices and surveillance systems through brute-force SSH attacks. Here’s a closer look at how PumaBot operates, what sets it apart from other botnets, and how you can protect
LexisNexis Data Breach Exposes Tons of Personal Information
One of the largest U.S. data brokers has confirmed a security breach that compromised names, Social Security numbers, and other sensitive data. LexisNexis Risk Solutions, a major player in the data brokerage industry, has disclosed a significant data breach. It exposed the personal information of more than 364,000 individuals. The breach occurred on December 25, 2024, and was only discovered
AyySSHush Botnet Hacks ASUS Routers to Add SSH Backdoor
The newly discovered AyySSHush botnet campaign has silently compromised over 9,000 ASUS routers, installing a persistent SSH backdoor using a series of sophisticated and stealthy techniques. The campaign highlights a growing threat to home and small office routers, leveraging legitimate features to maintain control, all without deploying traditional malware. Security researchers at GreyNoise uncovered the campaign in mid-March 2025, but
Coca Cola Data Breach Leaks Employee Info
In May 2025, Coca-Cola suffered a data breach - and not one, but two within days! These breaches exposed sensitive employee information and millions of internal Salesforce records, highlighting critical vulnerabilities in Coca-Cola’s security ecosystem. This incident serves as a stark reminder of the growing threat of sophisticated cybercriminals targeting multinational corporations. Everest Ransomware Targets Employee Information The first major
Adidas Data Breach Confirmed, Customer Info Leaked
Adidas has disclosed a data breach that exposed personal details of customers after a cyberattack targeted one of its external service providers. The incident, which occurred in May 2025, affected individuals who had previously contacted the company’s customer support. What Information Was Leaked? The breach involved unauthorized access to non-sensitive personal information. According to Adidas, the exposed data includes full
Major Data Leak Exposed Passwords – Over 184 Million Affected
A major data leak exposed millions of passwords, including Facebook, Instagtam, Snapchat and Roblox credentials. The staggering database containing over 184 million login credentials from popular platforms was recently discovered, completely unprotected. This alarming security breach has put millions of users at risk of account takeover, identity theft, and other cyberattacks. The exposed data included plaintext usernames and passwords, suggesting
Aisuru Botnet Launches Devastating DDoS Attack
A recent attack on KrebsOnSecurity has set a new benchmark for the scale and speed of digital warfare. Central to this unprecedented 6.3 Tbps distributed denial-of-service (DDoS) attack is Aisuru, a recently discovered botnet powered by compromised Internet of Things (IoT) gadgets. Unlike traditional attacks, this one lasted less than a minute, packed enough power to cripple most online infrastructures.
BadSuccessor Vulnerability: A New Threat in Windows Server 2025
A newly discovered vulnerability in Windows Server 2025, dubbed "BadSuccessor", is raising serious alarms in the cybersecurity community. The flaw targets a recently introduced feature called delegated Managed Service Accounts (dMSAs). It allows attackers to escalate privileges and impersonate virtually any user in Active Directory. This includes highly privileged accounts. Discovered by researchers at Akamai, this unpatched vulnerability affects environments
