Latest news as of 7/29/2025, 4:05:03 PM
The Hacker News
The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. "The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News. "This removes many opportunities for browsers or security
The Register
Bank accounts, personal details all hoovered up in the attack Nova Scotia Power on Friday confirmed it had been hit by a ransomware attack that began earlier this spring and disrupted certain IT systems, and admitted the crooks leaked data belonging to an unspecified number of its roughly 500,000 customers online. The stolen info may have included billing details and, for those on autopay, bank account numbers.…
Bleeping Computer
The decentralized exchange Cetus Protocol announced that hackers have stolen $223 million in cryptocurrency and is offering a deal to stop all legal action if the funds are returned. [...]
Bleeping Computer
60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. [...]
Dark Reading
Encryption, collaboration, and AI can help organizations build up essential protection against ransomware.
The Register
Cyberbaddies are coming for your M365 creds, US infosec agency warns The Cybersecurity and Infrastructure Security Agency (CISA) is warning that SaaS companies are under fire from criminals on the prowl for cloud apps with weak security.…
Bleeping Computer
The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. [...]
Dark Reading
The key to navigating this new GenAI landscape is a balanced approach — one that fosters transparency, strengthens regulatory frameworks, and embraces privacy-enhancing technologies.
Dark Reading
Three zero-days could have allowed an attacker to completely compromise the Concerto application and the host system running it.
Dark Reading
Three zero-days allow an attacker to completely compromise the Concerto application and the host system running it. The vendor has yet to address the issues after being notified three months ago.