Over-privileged AI tied to 4.5 times higher incident rates, study finds
Teleport survey data suggests over-privileged AI systems are linked to a 76% incident rate and 4.5 times more security incidents.
Crypto payments linked to human trafficking jump 85%, Chainalysis warns
Chainalysis says crypto payments linked to human trafficking rose 85%, driven by scam compounds and fraud operations using forced labor.
North Korean hackers use deepfake video calls to target crypto firms
North Korean hackers reportedly use stolen Telegram accounts, fake Zoom calls and ClickFix lures to infect crypto firms with infostealers.
Singapore takes down Chinese hackers targeting telco networks
Singapore says Operation Cyber Guardian disrupted China-linked hackers targeting telecom networks, underscoring the espionage risk facing critical com
Malicious GitHub Codespaces commands can trigger remote code execution
Researchers say crafted GitHub Codespaces repos or pull requests can run malicious setup commands and expose code, tokens and secrets.
Pre-disclosure attacks climb as nearly 29% of exploited flaws are hit before public disclosure
VulnCheck says 28.96% of exploited flaws in 2025 were attacked before disclosure, up from 23.6% in 2024.
Microsoft disrupts RedVDS, a subscription service tied to AI-powered phishing and BEC attacks
Microsoft says it disrupted RedVDS, a criminal subscription service linked to AI-assisted phishing, BEC and fraud that cost victims millions.
Beast ransomware server exposure reveals a playbook built to kill backups
An exposed Beast ransomware server suggests the gang systematically targets backups to block recovery and increase extortion pressure.
CISA flags five newly exploited flaws affecting Apple, Craft CMS, and Laravel Livewire
CISA added five actively exploited flaws affecting Apple, Craft CMS, and Laravel Livewire to its KEV Catalog, signaling urgent patching needs.
New Perseus Android banking malware monitors notes apps to steal sensitive data
Perseus, a new Android banking trojan, uses droppers and notes-app monitoring to steal secrets and enable device takeover fraud.
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
CISA says organizations should harden Microsoft Intune after attackers reportedly abused it to wipe systems in the Stryker breach.
Inc ransomware group holds healthcare hostage in Oceania
INC Ransomware’s attacks in Australia, New Zealand, and Tonga show how healthcare outages can quickly become public-safety and privacy crises.