Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software. Read More …

Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds

The relentless battle against online fraud is a constant evolution, a digital chase where security teams and malicious actors continually adapt. The increasing sophistication of attacks is blurring the lines between legitimate user behavior and impersonation attempts. The campaign we Read More …

Russia: Damage from phone scammers in Russia exceeded $2.1 bln in 2024

More than 640,000 cases of remote fraud were reported in Russia in 2024, while the damage they caused exceeded 170 billion rubles ($2.1 bln), the Public Relations Center of the Federal Security Service (FSB), reported. According to the FSB, “the Read More …

Cyber Criminal Proxy Services Exploiting End of Life Routers

The Federal Bureau of Investigation (FBI) is issuing this announcement to inform individuals and businesses about proxy services taking advantage of end of life routers that are susceptible to vulnerabilities. When a hardware device is end of life, the manufacturer Read More …

Lampion Is Back With ClickFix Lures

Unit 42 researchers recently uncovered a highly focused malicious campaign targeting dozens of Portuguese organizations, particularly in the government, finance and transportation sectors. This campaign was orchestrated by the threat actors behind Lampion malware, an infostealer that focuses on sensitive Read More …

Hundreds of top ecommerce sites under attack following Magento supply chain flaw

Hundreds of ecommerce websites, including at least one major player, behemoth, have been compromised after poisoned Magento extensions woke up from a six-year slumber. Cybersecurity researchers Sansec discovered the supply chain attack after one of its clients was targeted, ultimately Read More …