A significant security breach has come to light, involving the exposure of 183 million email accounts along with their corresponding passwords. This data, reportedly stemming from a malware-driven theft, has been added to the renowned breach-notification platform, Have I Been Pwned, run by cybersecurity expert Troy Hunt. Following its discovery…
Google recently announced that its AI-driven fuzzing tool, OSS-Fuzz, has successfully uncovered 26 vulnerabilities in multiple open-source code repositories. Among these is a medium-severity flaw identified in the widely used OpenSSL cryptographic library. The open-source security team from Google highlighted in a blog post, shared with The Hacker News, that…
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has highlighted the urgent need for government agencies to address known cyber vulnerabilities. In a recent announcement, the agency published a comprehensive catalog containing vulnerabilities identified from major tech companies including Apple, Cisco, Microsoft, and Google. These vulnerabilities are…
In a significant development within the cybersecurity landscape, Conor Brian Fitzpatrick, a 20-year-old who operated the now-defunct BreachForums, has been formally charged with conspiracy to commit access device fraud in the United States. This notable case highlights the growing scrutiny on online platforms facilitating cybercrime. Fitzpatrick, known online as “pompompurin,”…
RomCom Exploits Zero-Day Vulnerabilities in Firefox and Windows A sophisticated cyber operation attributed to the Russia-aligned threat actor known as RomCom has been reported, focusing on the exploitation of two zero-day vulnerabilities—one in Mozilla Firefox and another in Microsoft Windows. These attacks have been designed to deploy RomCom’s proprietary backdoor…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Russian Intelligence Hackers Adapt Strategies to Avoid Detection Chris Riotta (@chrisriotta) • October 21, 2025 A Russian Federal Security Service officer in assault gear. (Image: SGr/Shutterstock) A state-sponsored cyberespionage group from Russia, known for its targeting of policymakers, has swiftly enhanced its…
Recent revelations in cybersecurity highlight the increasing prevalence of long-term breaches, which often go unnoticed until substantial damage is done. A striking example is the incident involving F5, a significant player in the application delivery and security space. On August 9, 2025, F5 announced that unidentified threat actors had infiltrated…
Recent reports reveal a concerning new attack method, identified as “Pixnapping,” that exposes vulnerabilities in Android devices, enabling attackers to surreptitiously acquire crucial information such as two-factor authentication codes, location data, and other sensitive details within a mere 30 seconds. The Pixnapping attack originates from a malicious app that must…
New Android Vulnerability Exposes User Data to Attackers Recent research has unveiled a serious vulnerability affecting Android devices, enabling the covert theft of sensitive information, including two-factor authentication codes and user location histories, all within a mere 30 seconds. This attack, termed “Pixnapping,” was developed by a team of academic…
